upscustoms.com Open in urlscan Pro
185.253.54.178 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/moQqTA99I3
Effective URL:
https://upscustoms.com/login
Submission: On October 07 via manual (October 7th 2023, 4:03:17 pm UTC) from SI — Scanned from DE

Summary HTTP 42 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 8 domains to perform 42 HTTP transactions. The main IP is 185.253.54.178, located in Paris, France and belongs to HOLYCLOUD HOLYCLOUD, FR. The main domain is upscustoms.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on October 7th 2023. Valid for: 3 months.

This is the only time upscustoms.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UPS (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1 3	185.253.54.178 185.253.54.178	198831 (HOLYCLOUD...) (HOLYCLOUD HOLYCLOUD)
4	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:7aaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700:303... 2606:4700:3034::ac43:c16d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2a02:26f0:480... 2a02:26f0:480:4a4::353a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6812:1734	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:e2:... 2606:4700:e2::ac40:8309	13335 (CLOUDFLAR...) (CLOUDFLARENET)
42	11

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.253.54.178 (Paris, France) 1 redirects

ASN198831 (HOLYCLOUD HOLYCLOUD, FR)

upscustoms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7aaf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3034::ac43:c16d (United States)

ASN13335 (CLOUDFLARENET, US)

api.kopra.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:26f0:480:4a4::353a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

www.ups.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:e2::ac40:8309 (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	ups.com www.ups.com — Cisco Umbrella Rank: 11203	238 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	431 KB
5	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1848 ka-f.fontawesome.com — Cisco Umbrella Rank: 3656	34 KB
4	google.com www.google.com — Cisco Umbrella Rank: 2	54 KB
3	upscustoms.com 1 redirects upscustoms.com	11 KB
2	kopra.cloud api.kopra.cloud	371 B
1	unpkg.com unpkg.com — Cisco Umbrella Rank: 1102	10 KB
1	t.co t.co — Cisco Umbrella Rank: 614	613 B
42	8

	Domain	Requested by
11	www.ups.com	upscustoms.com
4	ka-f.fontawesome.com	kit.fontawesome.com
4	www.gstatic.com	www.google.com www.gstatic.com
4	www.google.com	upscustoms.com www.gstatic.com www.google.com
3	upscustoms.com	1 redirects t.co upscustoms.com
2	api.kopra.cloud	unpkg.com
2	fonts.gstatic.com	www.google.com
1	kit.fontawesome.com	upscustoms.com
1	unpkg.com	upscustoms.com
1	t.co
42	10

This site contains links to these domains. Also see Links.

Domain
www.ups.com
www.partnerhub.ups.com

Subject Issuer	Validity	Valid
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
upscustoms.com ZeroSSL RSA Domain Secure Site CA	`2023-10-07` - `2024-01-05`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
kopra.cloud GTS CA 1P5	`2023-09-18` - `2023-12-17`	3 months	crt.sh
www.ups.com COMODO ECC Organization Validation Secure Server CA	`2023-08-30` - `2024-08-29`	a year	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-22` - `2023-12-23`	a year	crt.sh
ka-f.fontawesome.com GTS CA 1P5	`2023-09-10` - `2023-12-09`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://upscustoms.com/login
Frame ID: 523D34CEB540E98E824A9AD77135D448
Requests: 34 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeMLxooAAAAADCdbX9M7L3A4H7qwnJ2x-_xSCXI&co=aHR0cHM6Ly91cHNjdXN0b21zLmNvbTo0NDM.&hl=de&v=lLirU0na9roYU3wDDisGJEVT&size=invisible&cb=bv0e9vniqnw6
Frame ID: E834367AD075894DD64E20CFE32B307F
Requests: 8 HTTP requests in this frame

Frame: https://www.ups.com/nuance/nuance-chat.html?IFRAME&nuance-frame-ac=0
Frame ID: 589707C79E7EE3A17EA6620174BB223A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

UPS

Page URL History Show full URLs

https://t.co/moQqTA99I3 Page URL
http://upscustoms.com/ HTTP 302
https://upscustoms.com/ Page URL
https://upscustoms.com/login Page URL

Detected technologies

Laravel (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Axios (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

42
Requests

76 %
HTTPS

80 %
IPv6

8
Domains

10
Subdomains

11
IPs

3
Countries

782 kB
Transfer

1980 kB
Size

4
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ups.com/ship?loc=en_IE
Title: Ein Angebot einholen

Search URL Search Domain Scan URL

URL: https://www.ups.com/mychoicebusiness?loc=en_IE&reasonCode=-1
Title: Jetzt planen

Search URL Search Domain Scan URL

URL: https://www.partnerhub.ups.com/upspartnerhub/s/?language=fr&country=France&loc=fr_FR&WT.mc_id=BA_ORG_FR
Title: Partner werdenOuvrir le lien dans une nouvelle fenêtre

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/moQqTA99I3 Page URL
http://upscustoms.com/ HTTP 302
https://upscustoms.com/ Page URL
https://upscustoms.com/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://upscustoms.com/ HTTP 302
https://upscustoms.com/

42 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 moQqTA99I3
t.co/ 256 B
613 B 208ms
166ms Document
text/html 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/moQqTA99I3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	referrer always;
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 187
content-security-policy: referrer always;
content-type: text/html; charset=utf-8
date: Sat, 07 Oct 2023 16:03:10 GMT
expires: Sat, 07 Oct 2023 16:08:10 GMT
perf: 7626143928
referrer-policy: unsafe-url
server: tsa_o
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 1ae7d33b291b60f428238db4b86f1d2683558bcb308a7f18ee45b351cb04cea4
x-response-time: 146
x-transaction-id: 91d5e10ddf240eaf
x-xss-protection: 0

GET
H/1.1

200
OK

/ Show response
upscustoms.com/
Redirect Chain

http://upscustoms.com/
https://upscustoms.com/

2 KB
2 KB

591ms
525ms

Document
text/html

185.253.54.178
HOLYCLOUD HOLYCLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://upscustoms.com/

Requested by

Host: t.co
URL: https://t.co/moQqTA99I3

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.253.54.178 Paris, France, ASN198831 (HOLYCLOUD HOLYCLOUD, FR),

Reverse DNS

Software

nginx/1.14.2 / Express

Resource Hash

3df92efdd3e535ec5bb76f6f4b977f299fdeea9f0f8b40dd240409d459d8c939

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://t.co/moQqTA99I3
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

X-Powered-By: Express
cache-control: no-cache, private
connection: close
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 07 Oct 2023 16:03:11 GMT
server: nginx/1.14.2
transfer-encoding: chunked
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

Connection: keep-alive
Content-Length: 88
Content-Type: text/html; charset=utf-8
Date: Sat, 07 Oct 2023 16:03:10 GMT
Keep-Alive: timeout=5
Location: https://upscustoms.com
Vary: Accept
X-Powered-By: Express

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 80ms
31ms Script
text/javascript 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LeMLxooAAAAADCdbX9M7L3A4H7qwnJ2x-_xSCXI

Requested by

Host: upscustoms.com
URL: https://upscustoms.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4c020214445af03fcf0997fe8770d6cec8e6b5b26ecf7f8dd069e645abcd4077

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://upscustoms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 16:03:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Sat, 07 Oct 2023 16:03:11 GMT

GET
H2 200 axios.min.js Show response
unpkg.com/axios@1.1.2/dist/ 26 KB
10 KB 77ms
32ms Script
application/javascript 2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/axios@1.1.2/dist/axios.min.js

Requested by

Host: upscustoms.com
URL: https://upscustoms.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ffb6e270a7bbb1ea1b797965ae85e35760b38b98744478a4151ddee79a31d215

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://upscustoms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 16:03:11 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 20732
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01GERZ40A35MNS1GBCVKAGZWRR-fra
server: cloudflare
etag: W/"67d4-ae22gWc+WteU0z+fBbiwjqlAwTs"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 81275f6cd8131cbb-FRA

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/ 466 KB
187 KB 74ms
22ms Script
text/javascript 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LeMLxooAAAAADCdbX9M7L3A4H7qwnJ2x-_xSCXI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e57ecbca07885a20fc56dbae51642fe0e95b58c96dba6ea1c5cbb15417b9a0df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://upscustoms.com/
Origin: https://upscustoms.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 17:40:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80583
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 190978
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 04:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 05 Oct 2024 17:40:08 GMT

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame E834 58 KB
33 KB 44ms
43ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeMLxooAAAAADCdbX9M7L3A4H7qwnJ2x-_xSCXI&co=aHR0cHM6Ly91cHNjdXN0b21zLmNvbTo0NDM.&hl=de&v=lLirU0na9roYU3wDDisGJEVT&size=invisible&cb=bv0e9vniqnw6

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__de.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2a4efb50cc97ea42999bd5eba568ccc0559003d8fd5797177ed51e4574bfc99c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-c_xl2D33c5IoXzhi3tGPfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://upscustoms.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-c_xl2D33c5IoXzhi3tGPfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 07 Oct 2023 16:03:11 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/ Frame E834 55 KB
24 KB 67ms
22ms Stylesheet
text/css 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeMLxooAAAAADCdbX9M7L3A4H7qwnJ2x-_xSCXI&co=aHR0cHM6Ly91cHNjdXN0b21zLmNvbTo0NDM.&hl=de&v=lLirU0na9roYU3wDDisGJEVT&size=invisible&cb=bv0e9vniqnw6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 12:19:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13405
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 04:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 06 Oct 2024 12:19:46 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/ Frame E834 466 KB
187 KB 79ms
35ms Script
text/javascript 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e57ecbca07885a20fc56dbae51642fe0e95b58c96dba6ea1c5cbb15417b9a0df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 17:40:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80583
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 190978
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 04:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 05 Oct 2024 17:40:08 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame E834 2 KB
2 KB 23ms
22ms Image
image/png 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 00:18:29 GMT
x-content-type-options: nosniff
age: 143083
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Fri, 13 Oct 2023 00:18:29 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E834 15 KB
16 KB 76ms
22ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 02:58:03 GMT
x-content-type-options: nosniff
age: 47109
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 06 Oct 2024 02:58:03 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E834 15 KB
15 KB 81ms
27ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 18:06:30 GMT
x-content-type-options: nosniff
age: 165402
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Oct 2024 18:06:30 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame E834 102 B
135 B 32ms
32ms Other
text/javascript 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=lLirU0na9roYU3wDDisGJEVT

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fc8116624ca13ea4125db423b0f4bf7cd676ec017003da5be04f40b83e1b2cb6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeMLxooAAAAADCdbX9M7L3A4H7qwnJ2x-_xSCXI&co=aHR0cHM6Ly91cHNjdXN0b21zLmNvbTo0NDM.&hl=de&v=lLirU0na9roYU3wDDisGJEVT&size=invisible&cb=bv0e9vniqnw6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 16:03:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Sat, 07 Oct 2023 16:03:12 GMT

POST
H3 200 reload Show response
www.google.com/recaptcha/api2/ Frame E834 34 KB
20 KB 81ms
81ms XHR
application/json 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6LeMLxooAAAAADCdbX9M7L3A4H7qwnJ2x-_xSCXI

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0ce1835f47fbc3df2593c58797fc03831e65f73a2f48c34f783cb0f8eaa69bc7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeMLxooAAAAADCdbX9M7L3A4H7qwnJ2x-_xSCXI&co=aHR0cHM6Ly91cHNjdXN0b21zLmNvbTo0NDM.&hl=de&v=lLirU0na9roYU3wDDisGJEVT&size=invisible&cb=bv0e9vniqnw6
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Sat, 07 Oct 2023 16:03:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Sat, 07 Oct 2023 16:03:12 GMT

POST
H2 200 scoring
api.kopra.cloud/client/ 36 B
371 B 371ms
371ms XHR
application/json 2606:4700:3034::ac43:c16d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.kopra.cloud/client/scoring
Requested by: Host: unpkg.com
URL: https://unpkg.com/axios@1.1.2/dist/axios.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:c16d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: application/json, text/plain, */*
Referer: https://upscustoms.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MTQzMTgzLCJpYXQiOjE2OTY2OTQ1OTEsImV4cCI6MTc4MzA5NDU5MX0.HIHZxbutlB94GOptzFVcFaOPLrCk_usXvvqOIOmWW2I
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 07 Oct 2023 16:03:12 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"24-4x6QRCBkG+YNwH/AacJ03RzUIO0"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zRlhIIFOePNgwne5r4IiQInF30%2F4oO2aneL9cFITCeqHslkkila%2BXsV33%2BzjEJSbn0N1VYtakCyXKMxrux5miqkOpAN61wczXcNa4J0HuHiNp2nKw59rodzmltu1Il1%2BNoNBThF01yKOe1Tvm98%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cf-ray: 81275f739d145d86-FRA
alt-svc: h3=":443"; ma=86400
content-length: 36

OPTIONS
H2 204 scoring
api.kopra.cloud/client/ Frame 0
0 170ms
54ms Preflight 2606:4700:3034::ac43:c16d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.kopra.cloud/client/scoring
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:c16d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://upscustoms.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-headers: authorization,content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 81275f734c9c5d86-FRA
content-length: 0
date: Sat, 07 Oct 2023 16:03:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kMhMl0%2FZOZRqAtSGcy%2B2v2LzsGRJW7jr0RHDJ%2BC98K2CKI98239HiJkXjlcGxxSDql0iNLPPhCLhFiJhHgoH61EroiYj4Z1P5xJCXT7m2xfelAqezzDByZ9bLnBk9CA5H6GpyHY1B8LydF3rbC0%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Access-Control-Request-Headers
x-powered-by: Express

GET
H/1.1 200
OK Primary Request login Show response
upscustoms.com/ 30 KB
8 KB 508ms
448ms Document
text/html 185.253.54.178
HOLYCLOUD HOLYCLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://upscustoms.com/login

Requested by

Host: upscustoms.com
URL: https://upscustoms.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.253.54.178 Paris, France, ASN198831 (HOLYCLOUD HOLYCLOUD, FR),

Reverse DNS

Software

nginx/1.14.2 / Express

Resource Hash

1d3c12d0ec230dc95e5a0d12e024bb2996b0fe66470da56f97127b71bf042c58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://upscustoms.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

X-Powered-By: Express
cache-control: no-cache, private
connection: close
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 07 Oct 2023 16:03:13 GMT
server: nginx/1.14.2
transfer-encoding: chunked
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

GET
H2 200 ae0fc40a90ceb2cb6785ea730fd896f2d0453d5260d Show response
www.ups.com/assets/ 149 KB
53 KB 291ms
89ms Script
application/javascript 2a02:26f0:480:4a4::353a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ups.com/assets/ae0fc40a90ceb2cb6785ea730fd896f2d0453d5260d

Requested by

Host: upscustoms.com
URL: https://upscustoms.com/login

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:4a4::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8874030f8132baeca256f5df6e3b5661eb47683e8448f5617f6b83d86a352b6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://upscustoms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 16:03:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains
content-md5: 71Fgycj/e3m95+ZE4T/3zg==
server-timing: edge; dur=4, origin; dur=57, cdn-cache; desc=MISS, ak_p; desc="1696694593667_1551582760_281445394_6077_6977_19_0_219";dur=1
content-length: 54072
x-xss-protection: 1; mode=block
last-modified: Thu, 28 Sep 2023 19:15:09 GMT
etag: 0x8DBC0573BBB1F1E
vary: Accept-Encoding
access-control-allow-methods: GET, POST, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=600
x-frame-options: SAMEORIGIN
timing-allow-origin: *
expires: Sat, 07 Oct 2023 16:13:13 GMT

GET Roboto-Light.ttf
www.ups.com/assets/resources/webcontent/styles/fonts/ 0
0

GET Roboto-Regular.woff
www.ups.com/assets/resources/webcontent/styles/fonts/ 0
0

GET Roboto-Regular.woff2
www.ups.com/assets/resources/webcontent/styles/fonts/ 0
0

GET Roboto-Regular.ttf
www.ups.com/assets/resources/webcontent/styles/fonts/ 0
0

GET Roboto-Medium.woff
www.ups.com/assets/resources/webcontent/styles/fonts/ 0
0

GET Roboto-Medium.woff2
www.ups.com/assets/resources/webcontent/styles/fonts/ 0
0

GET Roboto-Medium.ttf
www.ups.com/assets/resources/webcontent/styles/fonts/ 0
0

GET Roboto-Bold.woff
www.ups.com/assets/resources/webcontent/styles/fonts/ 0
0

GET Roboto-Bold.woff2
www.ups.com/assets/resources/webcontent/styles/fonts/ 0
0

GET Roboto-Bold.ttf
www.ups.com/assets/resources/webcontent/styles/fonts/ 0
0

GET
H2 200 ups.vendor.161a0d161a0d.css
www.ups.com/assets/resources/webcontent/styles/ 108 KB
13 KB 274ms
74ms Stylesheet
text/css 2a02:26f0:480:4a4::353a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ups.com/assets/resources/webcontent/styles/ups.vendor.161a0d161a0d.css

Requested by

Host: upscustoms.com
URL: https://upscustoms.com/login

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:4a4::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Resource Optimizer /

Resource Hash

5b3e11b240f440e96161637812cba67f43632ed86ebe3d2308a7ee8e71fdf60b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://upscustoms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 16:03:13 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains
server-timing: cdn-cache; desc=HIT, edge; dur=7, ak_p; desc="1696694593639_1551582760_281445390_4673_14449_19_0_255";dur=1
content-length: 12686
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
last-modified: Fri, 06 Oct 2023 03:17:51 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
expires: Sat, 07 Oct 2023 16:03:13 GMT

GET
H2 200 ups.styles.b112d13750ec.css
www.ups.com/assets/resources/webcontent/styles/ 272 KB
35 KB 238ms
39ms Stylesheet
text/css 2a02:26f0:480:4a4::353a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ups.com/assets/resources/webcontent/styles/ups.styles.b112d13750ec.css

Requested by

Host: upscustoms.com
URL: https://upscustoms.com/login

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:4a4::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Resource Optimizer /

Resource Hash

f451530350ec58738762de87c5b9e0b9b7c99f72f8d9baa4715dd386a8e94373

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://upscustoms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 16:03:13 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains
server-timing: cdn-cache; desc=HIT, edge; dur=3, ak_p; desc="1696694593667_1551582760_281445391_406_11584_19_23_255";dur=1
content-length: 35424
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
last-modified: Thu, 05 Oct 2023 20:58:43 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
expires: Sat, 07 Oct 2023 16:03:13 GMT

GET
H2 200 onelink.css
www.ups.com/_onelink_/ups/sites/www.ups.com/ 1 KB
882 B 234ms
35ms Stylesheet
text/css 2a02:26f0:480:4a4::353a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ups.com/_onelink_/ups/sites/www.ups.com/onelink.css?ts=20211109

Requested by

Host: upscustoms.com
URL: https://upscustoms.com/login

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:4a4::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Resource Optimizer /

Resource Hash

843684ac43f8ad8e30187146aaa283842534c69de24775e0612c3c313fe844c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://upscustoms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 16:03:13 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1696694593667_1551582760_281445392_126_11528_19_0_255";dur=1
content-length: 450
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
last-modified: Fri, 06 Oct 2023 09:59:08 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
expires: Sat, 07 Oct 2023 16:03:13 GMT

GET
H2 200 onelink.css
www.ups.com/_onelink_/ups/sites/www.ups.com/en2frfr/ 2 KB
1 KB 234ms
35ms Stylesheet
text/css 2a02:26f0:480:4a4::353a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ups.com/_onelink_/ups/sites/www.ups.com/en2frfr/onelink.css?ts=20210305

Requested by

Host: upscustoms.com
URL: https://upscustoms.com/login

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:4a4::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Resource Optimizer /

Resource Hash

916a9d6bac30fdaf97a66ebe1fbbbf6f400b712854f8e393c6b106c0d961e3fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://upscustoms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 16:03:13 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1696694593667_1551582760_281445393_130_11663_19_0_255";dur=1
content-length: 787
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
last-modified: Fri, 06 Oct 2023 19:28:24 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
expires: Sat, 07 Oct 2023 16:03:13 GMT

GET
H2 200 ups-logo.svg
www.ups.com/assets/resources/webcontent/images/ 2 KB
1 KB 47ms
47ms Image
image/svg+xml 2a02:26f0:480:4a4::353a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ups.com/assets/resources/webcontent/images/ups-logo.svg

Requested by

Host: upscustoms.com
URL: https://upscustoms.com/login

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:4a4::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Resource Optimizer /

Resource Hash

9f5ae3f644595dc6c5aa69ae618a108102bb62e1a38a50b89fd7af1b8ffe5eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://upscustoms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 16:03:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains
server-timing: cdn-cache; desc=HIT, edge; dur=7, ak_p; desc="1696694593703_1551582760_281445446_799_12870_20_0_146";dur=1
content-length: 997
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
last-modified: Fri, 06 Oct 2023 00:40:39 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
expires: Sat, 07 Oct 2023 16:03:13 GMT

GET
H2 200 363d4a4d7b.js Show response
kit.fontawesome.com/ 11 KB
5 KB 85ms
38ms Script
text/javascript 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kit.fontawesome.com/363d4a4d7b.js
Requested by: Host: upscustoms.com
URL: https://upscustoms.com/login
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3008d2866c8c133e45e8ed6594c23334d816f246b496ab6309d35a35a124fcbb

Request headers

Referer: https://upscustoms.com/
Origin: https://upscustoms.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 16:03:13 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 40
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
content-type: text/javascript
cache-control: max-age=60, public, stale-while-revalidate=30
cf-ray: 81275f7978ce1973-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: F4vcwtsQ3Jbgq-VdpsDB

GET
H2 200 icp.gif
www.ups.com/img/ 43 B
432 B 42ms
42ms Image
image/gif 2a02:26f0:480:4a4::353a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ups.com/img/icp.gif

Requested by

Host: upscustoms.com
URL: https://upscustoms.com/login

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:4a4::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://upscustoms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Oct 2023 16:03:13 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Wed, 29 Apr 2015 19:29:01 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache
server-timing: cdn-cache; desc=HIT, edge; dur=3, ak_p; desc="1696694593703_1551582760_281445447_314_13059_19_0_146";dur=1
accept-ranges: bytes
content-length: 43
x-xss-protection: 1; mode=block
expires: Sat, 07 Oct 2023 16:03:13 GMT

GET
H2 200 free.min.css Show response
ka-f.fontawesome.com/releases/v6.4.2/css/ 100 KB
23 KB 81ms
35ms Fetch
text/css 2606:4700:e2::ac40:8309
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.4.2/css/free.min.css?token=363d4a4d7b
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/363d4a4d7b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8309 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e0821588462d15b0ff8e911760fc041332c162e2e30ab4b1071bcc8eb6c8223

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://upscustoms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 16:03:13 GMT
via: 1.1 a4af9b42c2ec29f616825af32712c204.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C2
age: 3626
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 01 Aug 2023 19:07:56 GMT
server: cloudflare
etag: W/"ae737a19e46fd502ba9cbe9e33213861"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T1N42DDodcvieWe6N2FcayKx3eZL6Rfcg9W3XdCkXSqBbMc0fbEQXVZd3A6oJfcvUqJk76D2wMQTmDuv2OpH%2FJ3A5nZNsURF2x82HwNa1yHmMCLJP651KIyJJzxTu5lzEwITwaMQw5nNVODzIWnzcrIPzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 81275f7b4aae9bf5-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: 5-taIpE4H_bJIN5JZINnb3WOggwOTfdNrJuBI2j9gzXFHIp-nwCERQ==

GET
H2 200 free-v4-shims.min.css Show response
ka-f.fontawesome.com/releases/v6.4.2/css/ 27 KB
5 KB 82ms
36ms Fetch
text/css 2606:4700:e2::ac40:8309
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-shims.min.css?token=363d4a4d7b
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/363d4a4d7b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8309 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 236e285339a2a692e9491d356489cdf83513cfb1add049a0620123d644e47554

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://upscustoms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 16:03:13 GMT
via: 1.1 dca6db3c8f31f3cd48bb06d78a8be624.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C2
age: 3626
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 01 Aug 2023 19:07:56 GMT
server: cloudflare
etag: W/"da06df503ced6ee507b5fb4fa0999f74"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WU5BhfkFNEQDrR36mTWq%2F3%2Bcy3lyfhwJHceorWyknUsrKOuMGM6XBP5LknvAHa%2FOFTBfIHC2V03TsfpEdgroXr9h0SYxkJv556Lpb07BX8giJyWxODrQoWa%2Bu2YzSwUjSWq7NrWzjgo1vqui5%2Fnjbt4cVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 81275f7b4aaf9bf5-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: QWwXZk6kbjTWGRuHh5hN5W4hniYt0Rr5P8kIirqlFnZBBQpR8697ew==

GET
H2 200 free-v5-font-face.min.css Show response
ka-f.fontawesome.com/releases/v6.4.2/css/ 823 B
1 KB 74ms
29ms Fetch
text/css 2606:4700:e2::ac40:8309
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v5-font-face.min.css?token=363d4a4d7b
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/363d4a4d7b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8309 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e81443469aa4b967191ce19b7474eb223746a2b8d5dc42d3786da84d99dfad9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://upscustoms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 16:03:13 GMT
via: 1.1 d8670b0c6b76371fb58f730881dfe504.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C2
age: 3626
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 01 Aug 2023 19:07:56 GMT
server: cloudflare
etag: W/"dbf296002d53e56d340b105d9d764940"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HjQHYYV9n0yzGc8sXfnu8iYLmzRqOtT6Q3%2FJrZpN%2Bgo22niIU11zssf011KnREExT9o9bscdfJytLd%2FF8MbFNytz%2BitxBpdUV2OnvLTqjt%2FOHDg7pEvjY1m%2FVcxvt9w2J9dlbwh5QuBbsU1Byq%2Bc5ecu0A%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 81275f7b4ab09bf5-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: QAmVnNOC3ef1KQ54wMi-dyqMjjTxuMN7EnjnGS9xe1q-nUNqk-1TZA==

GET
H2 200 free-v4-font-face.min.css Show response
ka-f.fontawesome.com/releases/v6.4.2/css/ 2 KB
1 KB 75ms
30ms Fetch
text/css 2606:4700:e2::ac40:8309
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-font-face.min.css?token=363d4a4d7b
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/363d4a4d7b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8309 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c58c4804370b9c347d517491c450416ca371fb1403aceaa1d6f751403b07c48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://upscustoms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 16:03:13 GMT
via: 1.1 fdc45b521af7652438141328494a79d2.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C2
age: 3626
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 01 Aug 2023 19:07:56 GMT
server: cloudflare
etag: W/"9b853b50f37dd0ca770ce0f294d427df"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zc1P9VqdyEqz8UnnoksrYbDTwBUju4Pgyg19%2Bmd00KaOyHaETnTK9eOVYjwCMhsVtTxIHWMdUtystuzeilXxrT5F8ToEfNt59zKJqEKnuXdGtmgDVCjc7kLOGM3Ao%2FXSFQ0RLrZz7PLJGHDkkXPNoguaqg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 81275f7b4ab19bf5-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: B6VbUtmaNDdIE3s81mYVBztub81yRCXOV_8ACaQwBMZqDzeE7MFfrA==

GET
DATA 200
OK truncated
/ 3 KB
3 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 65256e1e0467ba0e94c23dbaccb2493162f7d17e4737f08d25628dcaa8197dd5

Request headers

Referer
Origin: https://upscustoms.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 nuance-chat.html
www.ups.com/nuance/ Frame 5897 0
0 535ms
533ms Document
text/html 2a02:26f0:480:4a4::353a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ups.com/nuance/nuance-chat.html?IFRAME&nuance-frame-ac=0

Requested by

Host: upscustoms.com
URL: https://upscustoms.com/login

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:4a4::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://upscustoms.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: no-store, no-cache
content-encoding: gzip
content-length: 1778
content-type: text/html
date: Sat, 07 Oct 2023 16:03:14 GMT
link: <https://www.ups.com/assets/resources/styles/fonts/Roboto-Regular.woff>;rel="preload";as="font";type="font/woff";crossorigin <https://tags.tiqcdn.com>;rel="preconnect"
pragma: no-cache
referrer-policy: same-origin
server: Apache
server-timing: ak_p; desc="1696694593782_1551582760_281445622_49391_15149_19_0_255";dur=1
strict-transport-security: max-age=31536000 ; includeSubDomains
vary: Accept-Encoding
x-akam-sw-version: 0.5.0
x-akamai-transformed: 9l 236 0 pmb=mNONE,1mTOE,1
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 476 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4bee6952e3c65ca306993ac329e88cd15ae16205a3562085177910f666820232

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 JTBD-EU-G-1186934692-Q123.webp
www.ups.com/assets/resources/webcontent/images/ 25 KB
27 KB 421ms
420ms Image
image/webp 2a02:26f0:480:4a4::353a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ups.com/assets/resources/webcontent/images/JTBD-EU-G-1186934692-Q123.webp

Requested by

Host: upscustoms.com
URL: https://upscustoms.com/login

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:4a4::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

c54e37d5bb20d0c85098ae1798bf53038e0620e8b2c64f45d67cd16a52d3e560

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://upscustoms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 16:03:14 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Fri, 14 Apr 2023 15:22:32 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: no-cache="Set-Cookie"
server-timing: cdn-cache; desc=MISS, edge; dur=322, origin; dur=61, ak_p; desc="1696694593813_1551582760_281445693_38453_12479_24_0_146";dur=1
accept-ranges: bytes
content-length: 26072
x-xss-protection: 1; mode=block
expires: Sun, 08 Oct 2023 16:03:14 GMT

GET
H2 200 Fast-Shipping-G-594460706-Q123.webp
www.ups.com/assets/resources/webcontent/images/ 63 KB
65 KB 220ms
219ms Image
image/webp 2a02:26f0:480:4a4::353a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ups.com/assets/resources/webcontent/images/Fast-Shipping-G-594460706-Q123.webp

Requested by

Host: upscustoms.com
URL: https://upscustoms.com/login

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:4a4::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

567d5139c0bf8938cb902bac8c5a24e0720088a18483ec907caa233c62483cfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://upscustoms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 16:03:14 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Fri, 14 Apr 2023 15:20:43 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: no-cache="Set-Cookie"
server-timing: cdn-cache; desc=MISS, edge; dur=111, origin; dur=72, ak_p; desc="1696694593813_1551582760_281445694_18408_12418_20_0_219";dur=1
accept-ranges: bytes
content-length: 64972
x-xss-protection: 1; mode=block
expires: Sun, 08 Oct 2023 16:03:13 GMT

GET
H2 200 Virtual%20Consultation-G-1370087897-Q123.webp
www.ups.com/assets/resources/webcontent/images/ 41 KB
42 KB 431ms
431ms Image
image/webp 2a02:26f0:480:4a4::353a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ups.com/assets/resources/webcontent/images/Virtual%20Consultation-G-1370087897-Q123.webp

Requested by

Host: upscustoms.com
URL: https://upscustoms.com/login

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:4a4::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

a4c5ac314b9dbed2de790284ac067900ca53873f37d0135a868fbed893d47091

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://upscustoms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 16:03:14 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Fri, 14 Apr 2023 15:20:43 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: no-cache="Set-Cookie"
server-timing: cdn-cache; desc=MISS, edge; dur=361, origin; dur=34, ak_p; desc="1696694593813_1551582760_281445695_39620_12407_24_0_146";dur=1
accept-ranges: bytes
content-length: 41650
x-xss-protection: 1; mode=block
expires: Sun, 08 Oct 2023 16:03:14 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.ups.com
URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Light.ttf

Domain: www.ups.com
URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Regular.woff

Domain: www.ups.com
URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Regular.woff2

Domain: www.ups.com
URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Regular.ttf

Domain: www.ups.com
URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Medium.woff

Domain: www.ups.com
URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Medium.woff2

Domain: www.ups.com
URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Medium.ttf

Domain: www.ups.com
URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Bold.woff

Domain: www.ups.com
URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Bold.woff2

Domain: www.ups.com
URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Bold.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UPS (Transportation)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| FontAwesomeKitConfig

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 19:37:26	Name: _GRECAPTCHA Value: 09ABIyMg7rbwMy3-Vjz7qXUOYnEolXpsF7HT_UijZP-7NpWEoZSoGeJAwHC02tkLLtpAILftousp14b_8r9Z90p_U
.t.co/	1970-01-21 00:48:28	Name: muc Value: c46bfc1c-a52d-4bb1-b3a8-b43ca1f0765e
upscustoms.com/	1970-01-20 15:18:21	Name: XSRF-TOKEN Value: eyJpdiI6ImhLbkxXOFZOWHB1cmJTUE5jQTJ4NGc9PSIsInZhbHVlIjoiQ1RVZzEwaVFLcGI1UVhSZHZGTUh1RDgzazhjUjBmaEQ0aFBwSmphcWptcDl5NFFnSENBVlA5SmM2ekpoaGtadUgwdkQxRjVYTFpKbWc5OEFkUXExSmZORjhyTmltWWptb0FWYkdZemhCRWVlRHNobS85NE9jOTBIakRiQTIydy8iLCJtYWMiOiIwNzI2NTBkZWI3NTEzODAyZWMyOWIwYWM3OWJlOTQyMGJjMGFlOTBiNGNjMTc5ZWJmODIzYWZmMTgwNGIyMmIxIiwidGFnIjoiIn0%3D
upscustoms.com/	1970-01-20 15:18:21	Name: laravel_session Value: eyJpdiI6ImMxT1M0S0M0RFpyTkZBRVRIcFE2V2c9PSIsInZhbHVlIjoiRThsOE1LSFF5Y3VjVDRid1F3alZVNDc1c09IcVc2YTB3bXM0UWpkc0pFem9haDBSOW1hL3Zzb3F4TXI5ZWpSR1JYWjZRMFdUMlZDN0JVREl4WEtFWFNDcjNCUmVqUmJmUUlNcmdxTWpzSWdWZWNKQ0psQlJqTFMwK0ZmRnNvRVQiLCJtYWMiOiJkNzFjYzhkYzhhZmVkZWQ1Mzk4MTkxMjI2OGRhNzY4Yzg3N2Q2ZmMyYzVjNzdlMWYwMjVlOGFkMDVlZThmOWE0IiwidGFnIjoiIn0%3D

24 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://t.co/moQqTA99I3 Message: Unrecognized Content-Security-Policy directive 'referrer'.
javascript	error	URL: https://unpkg.com/axios@1.1.2/dist/axios.min.js Message: Refused to set unsafe header "Referer"
rendering	warning	URL: https://upscustoms.com/login(Line 20) Message: Error parsing a meta element's content: ';' is not a valid key-value pair separator. Please use ',' instead.
javascript	error	URL: https://upscustoms.com/login(Line 36) Message: Access to font at 'https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Light.ttf' from origin 'https://upscustoms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Light.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://upscustoms.com/login(Line 431) Message: Access to font at 'https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Regular.woff' from origin 'https://upscustoms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://upscustoms.com/login(Line 431) Message: Access to font at 'https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Regular.woff2' from origin 'https://upscustoms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Regular.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://upscustoms.com/login(Line 431) Message: Access to font at 'https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Regular.ttf' from origin 'https://upscustoms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Regular.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://upscustoms.com/login(Line 434) Message: Access to font at 'https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Medium.woff' from origin 'https://upscustoms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Medium.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://upscustoms.com/login(Line 434) Message: Access to font at 'https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Bold.woff' from origin 'https://upscustoms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://upscustoms.com/login(Line 434) Message: Access to font at 'https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Bold.woff2' from origin 'https://upscustoms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Bold.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://upscustoms.com/login Message: Access to font at 'https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Bold.ttf' from origin 'https://upscustoms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://upscustoms.com/login Message: Access to font at 'https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Medium.woff2' from origin 'https://upscustoms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Medium.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://upscustoms.com/login Message: Access to font at 'https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Medium.ttf' from origin 'https://upscustoms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.ups.com/assets/resources/webcontent/styles/fonts/Roboto-Medium.ttf Message: Failed to load resource: net::ERR_FAILED
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.ups.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	referrer always;
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.kopra.cloud
fonts.gstatic.com
ka-f.fontawesome.com
kit.fontawesome.com
t.co
unpkg.com
upscustoms.com
www.google.com
www.gstatic.com
www.ups.com
www.ups.com
104.244.42.69
185.253.54.178
2606:4700:3034::ac43:c16d
2606:4700::6810:7aaf
2606:4700::6812:1734
2606:4700:e2::ac40:8309
2a00:1450:4001:806::2003
2a00:1450:4001:82a::2003
2a00:1450:4001:831::2004
2a02:26f0:480:4a4::353a
0ce1835f47fbc3df2593c58797fc03831e65f73a2f48c34f783cb0f8eaa69bc7
0e81443469aa4b967191ce19b7474eb223746a2b8d5dc42d3786da84d99dfad9
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1d3c12d0ec230dc95e5a0d12e024bb2996b0fe66470da56f97127b71bf042c58
236e285339a2a692e9491d356489cdf83513cfb1add049a0620123d644e47554
2a4efb50cc97ea42999bd5eba568ccc0559003d8fd5797177ed51e4574bfc99c
3008d2866c8c133e45e8ed6594c23334d816f246b496ab6309d35a35a124fcbb
3df92efdd3e535ec5bb76f6f4b977f299fdeea9f0f8b40dd240409d459d8c939
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
4bee6952e3c65ca306993ac329e88cd15ae16205a3562085177910f666820232
4c020214445af03fcf0997fe8770d6cec8e6b5b26ecf7f8dd069e645abcd4077
567d5139c0bf8938cb902bac8c5a24e0720088a18483ec907caa233c62483cfa
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5b3e11b240f440e96161637812cba67f43632ed86ebe3d2308a7ee8e71fdf60b
5e0821588462d15b0ff8e911760fc041332c162e2e30ab4b1071bcc8eb6c8223
65256e1e0467ba0e94c23dbaccb2493162f7d17e4737f08d25628dcaa8197dd5
6c58c4804370b9c347d517491c450416ca371fb1403aceaa1d6f751403b07c48
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
843684ac43f8ad8e30187146aaa283842534c69de24775e0612c3c313fe844c2
8874030f8132baeca256f5df6e3b5661eb47683e8448f5617f6b83d86a352b6e
916a9d6bac30fdaf97a66ebe1fbbbf6f400b712854f8e393c6b106c0d961e3fc
9f5ae3f644595dc6c5aa69ae618a108102bb62e1a38a50b89fd7af1b8ffe5eae
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a4c5ac314b9dbed2de790284ac067900ca53873f37d0135a868fbed893d47091
c54e37d5bb20d0c85098ae1798bf53038e0620e8b2c64f45d67cd16a52d3e560
e57ecbca07885a20fc56dbae51642fe0e95b58c96dba6ea1c5cbb15417b9a0df
f451530350ec58738762de87c5b9e0b9b7c99f72f8d9baa4715dd386a8e94373
fc8116624ca13ea4125db423b0f4bf7cd676ec017003da5be04f40b83e1b2cb6
ffb6e270a7bbb1ea1b797965ae85e35760b38b98744478a4151ddee79a31d215

upscustoms.com Open in urlscan Pro 185.253.54.178 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

42 Requests

76 %HTTPS

80 %IPv6

8 Domains

10 Subdomains

11 IPs

3 Countries

782 kBTransfer

1980 kBSize

4 Cookies

3 Outgoing links

Page URL History

Redirected requests

42 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

upscustoms.com Open in urlscan Pro
185.253.54.178 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

42
Requests

76 %
HTTPS

80 %
IPv6

8
Domains

10
Subdomains

11
IPs

3
Countries

782 kB
Transfer

1980 kB
Size

4
Cookies

42 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!