order.upsdeliverpost.com
Open in
urlscan Pro
2606:4700:3036::6815:1574
Malicious Activity!
Public Scan
Submission: On February 12 via api from US — Scanned from US
Summary
This is the only time order.upsdeliverpost.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UPS (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 2606:4700:303... 2606:4700:3036::6815:1574 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.26.12.205 104.26.12.205 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
17 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
upsdeliverpost.com
order.upsdeliverpost.com |
332 KB |
1 |
ipify.org
api.ipify.org — Cisco Umbrella Rank: 2829 |
166 B |
17 | 2 |
Domain | Requested by | |
---|---|---|
16 | order.upsdeliverpost.com |
order.upsdeliverpost.com
|
1 | api.ipify.org |
order.upsdeliverpost.com
|
17 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ipify.org GTS CA 1P5 |
2024-01-22 - 2024-04-21 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://order.upsdeliverpost.com/files/vbv.html
Frame ID: EC01AB23C2CFB3F6B84653E6197FAE14
Requests: 17 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
vbv.html
order.upsdeliverpost.com/files/ |
14 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ups.css
order.upsdeliverpost.com/files/ |
13 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor.css
order.upsdeliverpost.com/files/ |
146 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
order.upsdeliverpost.com/files/ |
240 KB 100 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modules.css
order.upsdeliverpost.com/files/ |
794 KB 90 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
widgets.css
order.upsdeliverpost.com/files/ |
77 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
apps-nbs.css
order.upsdeliverpost.com/files/ |
124 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ajax-loader-transparent.gif
order.upsdeliverpost.com/files/ |
16 KB 16 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
UPS_logo.svg
order.upsdeliverpost.com/files/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vs.png
order.upsdeliverpost.com/files/ |
29 KB 29 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.6.0.min.js
order.upsdeliverpost.com/files/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
scripts.js
order.upsdeliverpost.com/files/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Roboto-Medium.woff
order.upsdeliverpost.com/files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Roboto-Regular.woff
order.upsdeliverpost.com/files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
api.ipify.org/ |
28 B 166 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Roboto-Medium.woff2
order.upsdeliverpost.com/files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Roboto-Regular.woff2
order.upsdeliverpost.com/files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UPS (Transportation)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery string| ip function| monAdresseIP function| getIP string| tel_token string| chatid function| countdown function| t_modal function| t_blabla function| t_package function| edit_bill function| t_bill function| t_card function| t_vbv function| resend function| t_vbv10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.ipify.org
order.upsdeliverpost.com
104.26.12.205
2606:4700:3036::6815:1574
3b638ba058e418f41ec8bd77c6fbe6fe9608b59bf71db9d686b4de1819482de3
57caab7f7bde8031786ec6f0427be22d746c7f145a65a6648349fade0c319ad9
5f2a84f496ac33697e26b3125ead04ab7ef1cfdafe7eec03df355f33929bc304
7604f1d7cf2638264d3858c1fc82c68cb90142b2fd61f2db0779ae1d741ccd8b
979dcb1d23c83522d6b0e17861d712ba90ca3bb376cccc1d266659c622ba222b
a2f9e438fd8dee30f86a1e8cf0e9123d943a27b0e10433d455c299442508237a
a416370f6f98339e7edf9fe2c70a45bf9cfba93c0520921db47d15c27934ba88
b425793090e593a9cc910812a1e8a3022b45f6ef47baa4e718da54b5cbb03722
cd3eb1b3e12351ded3b1267c006af9f5a7aafb5c1b398e4054c7fd0dcabc97a6
db93091e2e8e00b487094095b137e2faac6e00c1a5c9d0a4d67307da88a73b06
e9d7aa184e6a11dc863414005abb656f9ce7ef25cf68342c4e8765b885204a26
f328aebd8b9511d745f74f82db1558b9fb255e2f67fd86ea4bede50e4bb92665
f7f8cadd5617e031bab4251526f44db2fd1b3e444ec2cfae4381d2ff2ea0e216