vps-af487256.vps.ovh.ca Open in urlscan Pro
51.79.50.179  Malicious Activity! Public Scan

11 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
5 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request 2step.html Show response vps-af487256.vps.ovh.ca/https.ssl-secured.ups.com/ca-en/track/	34 KB 5 KB	371ms 11ms	Document text/html	51.79.50.179 OVH
General Check archive.org Show headers Download Go to Full URL http://vps-af487256.vps.ovh.ca/https.ssl-secured.ups.com/ca-en/track/2step.html Protocol HTTP/1.1 Server 51.79.50.179 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS vps-af487256.vps.ovh.ca Software Apache/2.4.41 (Ubuntu) / Resource Hash 78ff55102e813f8e1155ba375da9280d594f6b2c51b5291a7b0ff043fb11fcde Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Encoding gzip Content-Length 4633 Content-Type text/html Date Mon, 27 Feb 2023 06:42:25 GMT ETag "882f-5ed6efff53a00-gzip" Keep-Alive timeout=5, max=100 Last-Modified Mon, 14 Nov 2022 14:24:40 GMT Server Apache/2.4.41 (Ubuntu) Vary Accept-Encoding
GET H/1.1	200 OK	main.css vps-af487256.vps.ovh.ca/https.ssl-secured.ups.com/ca-en/track/css/	497 KB 236 KB	12ms 12ms	Stylesheet text/css	51.79.50.179 OVH
General Check archive.org Show headers Download Go to Full URL http://vps-af487256.vps.ovh.ca/https.ssl-secured.ups.com/ca-en/track/css/main.css Requested by Host: vps-af487256.vps.ovh.ca URL: http://vps-af487256.vps.ovh.ca/https.ssl-secured.ups.com/ca-en/track/2step.html Protocol HTTP/1.1 Server 51.79.50.179 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS vps-af487256.vps.ovh.ca Software Apache/2.4.41 (Ubuntu) / Resource Hash 6beecf79479f090e28669cc195dc541bfe43bc53b1cd6d7db5b50f9ab946ec39 Request headers accept-language en-CA,en;q=0.9 Referer http://vps-af487256.vps.ovh.ca/https.ssl-secured.ups.com/ca-en/track/2step.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Mon, 27 Feb 2023 06:42:25 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 14:48:32 GMT Server Apache/2.4.41 (Ubuntu) ETag "7c47e-5ed6f554fd000-gzip" Vary Accept-Encoding Transfer-Encoding chunked Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99
GET H2	200	UPS_logo.svg www.ups.com/assets/resources/images/	2 KB 1 KB	927ms 33ms	Image image/svg+xml	173.223.57.246 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.ups.com/assets/resources/images/UPS_logo.svg Requested by Host: vps-af487256.vps.ovh.ca URL: http://vps-af487256.vps.ovh.ca/https.ssl-secured.ups.com/ca-en/track/2step.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 173.223.57.246 Secaucus, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a173-223-57-246.deploy.static.akamaitechnologies.com Software Akamai Resource Optimizer / Resource Hash a416370f6f98339e7edf9fe2c70a45bf9cfba93c0520921db47d15c27934ba88 Security Headers Name Value Strict-Transport-Security max-age=31536000 ; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-CA,en;q=0.9 Referer http://vps-af487256.vps.ovh.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Mon, 27 Feb 2023 06:42:26 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000 ; includeSubDomains server-timing cdn-cache; desc=HIT, edge; dur=2, ak_p; desc="465966_388993447_2619535712_169_10994_19_0";dur=1 content-length 1086 x-xss-protection 1; mode=block pragma no-cache referrer-policy same-origin last-modified Tue, 24 Jan 2023 04:54:15 GMT server Akamai Resource Optimizer vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml cache-control no-cache="Set-Cookie" accept-ranges bytes expires Mon, 27 Feb 2023 06:42:26 GMT
GET DATA	200 OK	truncated /	111 KB 111 KB		Font font/opentype
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a07a7545cfe70795ffa6e2daa6e8bd2a05c4ba6e17604b1c678db51d57d83938 Request headers Referer http://vps-af487256.vps.ovh.ca/ Origin http://vps-af487256.vps.ovh.ca accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type font/opentype
GET DATA	200 OK	truncated /	111 KB 111 KB		Font font/opentype
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 26d4a2020d4bdec85c051b739a55a8fa95546c222c2e3de9305f003fccd6d2f2 Request headers Referer http://vps-af487256.vps.ovh.ca/ Origin http://vps-af487256.vps.ovh.ca accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type font/opentype
GET DATA	200 OK	truncated /	75 KB 75 KB		Font application/x-font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe Request headers Referer http://vps-af487256.vps.ovh.ca/ Origin http://vps-af487256.vps.ovh.ca accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type application/x-font-woff2
GET DATA	200 OK	truncated /	37 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96 Request headers accept-language en-CA,en;q=0.9 Referer http://vps-af487256.vps.ovh.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	42 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers accept-language en-CA,en;q=0.9 Referer http://vps-af487256.vps.ovh.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/gif

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UPS (Transportation)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

vps-af487256.vps.ovh.ca
www.ups.com
173.223.57.246
51.79.50.179
26d4a2020d4bdec85c051b739a55a8fa95546c222c2e3de9305f003fccd6d2f2
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
6beecf79479f090e28669cc195dc541bfe43bc53b1cd6d7db5b50f9ab946ec39
78ff55102e813f8e1155ba375da9280d594f6b2c51b5291a7b0ff043fb11fcde
a07a7545cfe70795ffa6e2daa6e8bd2a05c4ba6e17604b1c678db51d57d83938
a416370f6f98339e7edf9fe2c70a45bf9cfba93c0520921db47d15c27934ba88
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629