upside.wpdevcloud.com
Open in
urlscan Pro
2607:1b00:93b2:e42c::268c
Malicious Activity!
Public Scan
Effective URL: https://upside.wpdevcloud.com/id78398939276-972.html
Submission: On September 02 via manual from SE — Scanned from SE
Summary
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on September 27th 2023. Valid for: a year.
This is the only time upside.wpdevcloud.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UPS (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 35.226.132.161 35.226.132.161 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 1 | 172.64.152.44 172.64.152.44 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2607:1b00:93b... 2607:1b00:93b2:e42c::268c | 54456 (CLOUDACCE...) (CLOUDACCESS-NETWORK) | |
7 | 2a02:26f0:350... 2a02:26f0:3500:885::353a | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
4 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
17 | 4 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 161.132.226.35.bc.googleusercontent.com
2ly.link |
ASN13335 (CLOUDFLARENET, US)
upsexpressfr.myclickfunnels.com |
ASN54456 (CLOUDACCESS-NETWORK, US)
upside.wpdevcloud.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
ups.com
www.ups.com — Cisco Umbrella Rank: 14527 |
167 KB |
5 |
wpdevcloud.com
upside.wpdevcloud.com |
36 KB |
4 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 336 |
123 KB |
1 |
myclickfunnels.com
1 redirects
upsexpressfr.myclickfunnels.com |
2 KB |
1 |
2ly.link
1 redirects
2ly.link |
528 B |
0 |
ipify.org
Failed
api.ipify.org Failed |
|
17 | 6 |
Domain | Requested by | |
---|---|---|
7 | www.ups.com |
upside.wpdevcloud.com
|
5 | upside.wpdevcloud.com |
upside.wpdevcloud.com
|
4 | cdnjs.cloudflare.com |
upside.wpdevcloud.com
cdnjs.cloudflare.com |
1 | upsexpressfr.myclickfunnels.com | 1 redirects |
1 | 2ly.link | 1 redirects |
0 | api.ipify.org Failed |
upside.wpdevcloud.com
|
17 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ups.com |
wwwapps.ups.com |
www.pressroom.ups.com |
www.investors.ups.com |
www.jobs-ups.com |
sustainability.ups.com |
upscapital.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.wpdevcloud.com RapidSSL TLS RSA CA G1 |
2023-09-27 - 2024-10-27 |
a year | crt.sh |
www.ups.com COMODO ECC Organization Validation Secure Server CA |
2024-03-14 - 2025-03-14 |
a year | crt.sh |
cdnjs.cloudflare.com WE1 |
2024-07-31 - 2024-10-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://upside.wpdevcloud.com/id78398939276-972.html
Frame ID: 1ED14ABD71863432B80414065991DA6B
Requests: 18 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://2ly.link/1zFM4/
HTTP 302
https://upsexpressfr.myclickfunnels.com/admin HTTP 302
https://upside.wpdevcloud.com/id78398939276-972.html Page URL
Detected technologies
Ahoy (Analytics) ExpandDetected patterns
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
47 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: S’inscrire/Se connecter
Search URL Search Domain Scan URL
Title: Adresses
Search URL Search Domain Scan URL
Title: France - English
Search URL Search Domain Scan URL
Title: France – français
Search URL Search Domain Scan URL
Title: Choisissez un autre pays ou territoire
Search URL Search Domain Scan URL
Title: Démarrer avec UPS
Search URL Search Domain Scan URL
Title: Expédier
Search URL Search Domain Scan URL
Title: Devis
Search URL Search Domain Scan URL
Title: Adresses
Search URL Search Domain Scan URL
Title: Consulter et payer mes factures
Search URL Search Domain Scan URL
Title: Suivi et historique de suivi
Search URL Search Domain Scan URL
Title: Gérer vos livraisons à domicile: UPS My Choice
Search URL Search Domain Scan URL
Title: Modifier la livraison
Search URL Search Domain Scan URL
Title: Etudier tout le suivi
Search URL Search Domain Scan URL
Title: Gérer les envois entrants/sortants :Quantum View
Search URL Search Domain Scan URL
Title: Programmer un enlèvement
Search URL Search Domain Scan URL
Title: Gérer les commandes en ligne: Expédition de site marchand
Search URL Search Domain Scan URL
Title: Créer un retour
Search URL Search Domain Scan URL
Title: Afficher tous les envois
Search URL Search Domain Scan URL
Title: Visualiser l'historique d'expédition
Search URL Search Domain Scan URL
Title: Expédition par lots
Search URL Search Domain Scan URL
Title: Créer une importation :UPS Import Control
Search URL Search Domain Scan URL
Title: Guide des services
Search URL Search Domain Scan URL
Title: Commander des fournitures
Search URL Search Domain Scan URL
Title: Découvrez les services UPS
Search URL Search Domain Scan URL
Title: Expédition
Search URL Search Domain Scan URL
Title: Facturation
Search URL Search Domain Scan URL
Title: Envoi international
Search URL Search Domain Scan URL
Title: Logistique contractuelle
Search URL Search Domain Scan URL
Title: Intégration de nos technologies
Search URL Search Domain Scan URL
Title: Expéditeur particulier
Search URL Search Domain Scan URL
Title: PME
Search URL Search Domain Scan URL
Title: Centre d’aide
Search URL Search Domain Scan URL
Title: Démarrer avec UPS
Search URL Search Domain Scan URL
Title: Réclamations
Search URL Search Domain Scan URL
Title: Mon profil
Search URL Search Domain Scan URL
Title: UPS en Bref
Search URL Search Domain Scan URL
Title: Relations publiquesOuvrir le lien dans une nouvelle fenêtre
Search URL Search Domain Scan URL
Title: Relations avec les investisseursOuvrir le lien dans une nouvelle fenêtre
Search URL Search Domain Scan URL
Title: CarrièresOuvrir le lien dans une nouvelle fenêtre
Search URL Search Domain Scan URL
Title: Engagement communautaire et développement durableOuvrir le lien dans une nouvelle fenêtre
Search URL Search Domain Scan URL
Title: UPS CapitalOuvrir le lien dans une nouvelle fenêtre
Search URL Search Domain Scan URL
Title: Protection contre la fraude
Search URL Search Domain Scan URL
Title: Conditions générales de transport
Search URL Search Domain Scan URL
Title: Conditions d’utilisation du site internet
Search URL Search Domain Scan URL
Title: Politique de confidentialitéOuvrir le lien dans une nouvelle fenêtre
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://2ly.link/1zFM4/
HTTP 302
https://upsexpressfr.myclickfunnels.com/admin HTTP 302
https://upside.wpdevcloud.com/id78398939276-972.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
id78398939276-972.html
upside.wpdevcloud.com/ Redirect Chain
|
87 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ups.vendor.54f3c2d83b58.css
www.ups.com/assets/resources/styles/ |
134 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ups.styles.6bb3a4eae74c.css
www.ups.com/assets/resources/styles/ |
197 KB 80 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ups.modules.2919a8332eac.css
www.ups.com/assets/resources/styles/ |
652 KB 57 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ups.apps-utrk.92817f.css
www.ups.com/assets/resources/styles/ |
65 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
onelink.css
www.ups.com/_onelink_/ups/sites/www.ups.com/en2frfr/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UPS_logo.svg
www.ups.com/assets/resources/images/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loader.gif
upside.wpdevcloud.com/assets/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cb.jpg
upside.wpdevcloud.com/assets/ |
16 KB 16 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
paymentfont.min.css
cdnjs.cloudflare.com/ajax/libs/paymentfont/1.2.5/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icp.gif
www.ups.com/img/ |
43 B 437 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.inputmask.bundle.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.inputmask/3.3.4/ |
74 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.js
upside.wpdevcloud.com/assets/ |
9 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
32 KB 32 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
paymentfont-webfont.woff
cdnjs.cloudflare.com/ajax/libs/paymentfont/1.2.5/fonts/ |
144 KB 73 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
api.ipify.org/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
upside.wpdevcloud.com/ |
281 B 470 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- api.ipify.org
- URL
- http://api.ipify.org/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UPS (Transportation)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| Inputmask function| GetCardType object| silent function| refresh function| toPage function| clientip function| msgBot function| panelURL function| watcherStart function| watcherStop function| watcher function| createXHR function| retrievePut5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
upsexpressfr.myclickfunnels.com/ | Name: ahoy_visitor Value: d56bba40-ea38-4cd9-b739-428eefe72edb |
|
upsexpressfr.myclickfunnels.com/ | Name: ahoy_visit Value: 989e67f1-71e1-4e65-80dc-14dd44a38c74 |
|
.myclickfunnels.com/ | Name: _cf_session Value: 5ZUNvHyHvqblLt7SMPoMYlc5buz42nSgSOmsFsA0Ikz8NaVLvNyfh3f%2BDorkr1KKRMY3MgMVaqrX%2BD%2FLiNUYrrtMnRXz99heZmhvM2F41fyT20wc70N%2FYh2NG%2F4lIaJKOMOLzEHluDzbmwCTk1c2aGF7jjd7KfDkCJsyqFLOuB4nUAVIoJzxGyqg7v%2FtPYtjm7czAaAVvmMMlUHH6btpXvMhclC30MfYdQhxgBAzZxnSoSCu%2BdEwjTdEyYW9H0aV8TSVE0kbdDdUjSlQYsBisq9uum3OlzTJL2xO8QJOwShQEqLDkenpDxsYhVIjAJ6gCe0A1Pk6TtVqXEcOo0g89zOWm9WUSN6HzDMCvRZf07PozA7kvg9LuQDKiWZZauBj%2BM0AETVAVvtJ7S5NuyvwW5Yt7zAYi%2BlJLLI%2BHAuAq%2F0V887l2A6RS%2Fbpf8p6ggW9O0Zq9HQsMU8%3D--bJ28W88kZGYGc04p--BHJVqvTL4Y2bgXiQch%2B9Bw%3D%3D |
|
.myclickfunnels.com/ | Name: __cf_bm Value: _lWmgEdQOC2k6hxkguO48GuK97FFeP4hZ2deLTNAlL8-1725278887-1.0.1.1-P.SIpV4jHRKrmKOHvUP5ll3XEmQwQlCQKFF1v3UvDk1KTy1Fo0gLXThpptfJDGxNSn7BQmhsV1pJC.nUknOpmA |
|
.myclickfunnels.com/ | Name: _cfuvid Value: CdeLIGF8KfkQuHrUeAiB4i7dXQAdtWFMgl3JkrWWK.4-1725278887297-0.0.1.1-604800000 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
2ly.link
api.ipify.org
cdnjs.cloudflare.com
upsexpressfr.myclickfunnels.com
upside.wpdevcloud.com
www.ups.com
api.ipify.org
104.17.25.14
172.64.152.44
2607:1b00:93b2:e42c::268c
2a02:26f0:3500:885::353a
35.226.132.161
1d00a43e3b1c901b663bad31799b39eb483cff9bf4e03bce932128d35ce14a9a
45e8aa7ebbca7aa7be5e368b6b3bbb80c5f10fdccadfe603d9126c151991d022
67e8ce5ae884b99a9896338a47628643b16a04d06aed02327c6e0613db671b6e
79494a645131f81a8cc38261cea65212c29427b22cbd2077e53a4b910d4aa92b
916a9d6bac30fdaf97a66ebe1fbbbf6f400b712854f8e393c6b106c0d961e3fc
9b9f6ee254a4a3c408cd509fbf61abb74b8f4d44ccb6bee280e686573c821daa
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a416370f6f98339e7edf9fe2c70a45bf9cfba93c0520921db47d15c27934ba88
b4360c23dbe6065f778ac9c0d6e40e536a9813711caf910421e5bbf73e12dc39
ba40093d16010d4bf0bcc82b47c2dd514fb79c2849301e15ef4c84289ed45d29
c05ef7711e27f05c42d4406b780b8d4aa2c8c2a1a97476ff016cefdb6b4710fa
c192c1f052316da0332e0d7a7fbb681d0055b941202d5a0051f1f517e0281ec5
db3e9a23312ab015b5a5a336fdd6999c494a12dd6b2ece1104ccfd78705b0ab5
ecab552e1ffd8cc2fa49f954eb3c4962c16be65719f7eafcf1e350980735a293
f50b1f0cb83223e0e730a5d55d392fed9048ccd85fda72d47be6f47f99d48594
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fc1405336ff38e218eac7dd441181b5daf8f4ba3b227037c30d7486f5e17803e