upside.wpdevcloud.com Open in urlscan Pro
2607:1b00:93b2:e42c::268c  Malicious Activity! Public Scan

Submitted URL: https://2ly.link/1zFM4/
Effective URL: https://upside.wpdevcloud.com/id78398939276-972.html
Submission: On September 02 via manual from SE — Scanned from SE

Summary

This website contacted 4 IPs in 3 countries across 6 domains to perform 17 HTTP transactions. The main IP is 2607:1b00:93b2:e42c::268c, located in United States and belongs to CLOUDACCESS-NETWORK, US. The main domain is upside.wpdevcloud.com.
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on September 27th 2023. Valid for: a year.
This is the only time upside.wpdevcloud.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UPS (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 1 35.226.132.161 396982 (GOOGLE-CL...)
1 1 172.64.152.44 13335 (CLOUDFLAR...)
5 2607:1b00:93b... 54456 (CLOUDACCE...)
7 2a02:26f0:350... 20940 (AKAMAI-ASN1)
4 104.17.25.14 13335 (CLOUDFLAR...)
17 4
Apex Domain
Subdomains
Transfer
7 ups.com
www.ups.com — Cisco Umbrella Rank: 14527
167 KB
5 wpdevcloud.com
upside.wpdevcloud.com
36 KB
4 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 336
123 KB
1 myclickfunnels.com
upsexpressfr.myclickfunnels.com
2 KB
1 2ly.link
2ly.link
528 B
0 ipify.org Failed
api.ipify.org Failed
17 6
Domain Requested by
7 www.ups.com upside.wpdevcloud.com
5 upside.wpdevcloud.com upside.wpdevcloud.com
4 cdnjs.cloudflare.com upside.wpdevcloud.com
cdnjs.cloudflare.com
1 upsexpressfr.myclickfunnels.com 1 redirects
1 2ly.link 1 redirects
0 api.ipify.org Failed upside.wpdevcloud.com
17 6
Subject Issuer Validity Valid
*.wpdevcloud.com
RapidSSL TLS RSA CA G1
2023-09-27 -
2024-10-27
a year crt.sh
www.ups.com
COMODO ECC Organization Validation Secure Server CA
2024-03-14 -
2025-03-14
a year crt.sh
cdnjs.cloudflare.com
WE1
2024-07-31 -
2024-10-29
3 months crt.sh

This page contains 1 frames:

Primary Page: https://upside.wpdevcloud.com/id78398939276-972.html
Frame ID: 1ED14ABD71863432B80414065991DA6B
Requests: 18 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://2ly.link/1zFM4/ HTTP 302
    https://upsexpressfr.myclickfunnels.com/admin HTTP 302
    https://upside.wpdevcloud.com/id78398939276-972.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

94 %
HTTPS

40 %
IPv6

6
Domains

6
Subdomains

4
IPs

3
Countries

358 kB
Transfer

1508 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://2ly.link/1zFM4/ HTTP 302
    https://upsexpressfr.myclickfunnels.com/admin HTTP 302
    https://upside.wpdevcloud.com/id78398939276-972.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request id78398939276-972.html
upside.wpdevcloud.com/
Redirect Chain
  • https://2ly.link/1zFM4/
  • https://upsexpressfr.myclickfunnels.com/admin
  • https://upside.wpdevcloud.com/id78398939276-972.html
87 KB
14 KB
Document
General
Full URL
https://upside.wpdevcloud.com/id78398939276-972.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2607:1b00:93b2:e42c::268c , United States, ASN54456 (CLOUDACCESS-NETWORK, US),
Reverse DNS
Software
Apache /
Resource Hash
f50b1f0cb83223e0e730a5d55d392fed9048ccd85fda72d47be6f47f99d48594

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
14222
Content-Type
text/html; charset=UTF-8
Date
Mon, 02 Sep 2024 12:08:07 GMT
Keep-Alive
timeout=60
Last-Modified
Sun, 01 Sep 2024 18:36:36 GMT
Server
Apache
Vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache='set-cookie'
cf-cache-status
DYNAMIC
cf-ray
8bcd622e0f545f0a-ARN
content-security-policy
frame-ancestors 'self' *.marketing.ai *.myclickfunnels.com;
content-type
text/html; charset=utf-8
date
Mon, 02 Sep 2024 12:08:07 GMT
location
https://upside.wpdevcloud.com/id78398939276-972.html
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin, Accept-Encoding
x-cf-header
2.0
x-clickfunnels-version
v5.18.7
x-content-type-options
nosniff
x-download-options
noopen
x-permitted-cross-domain-policies
none
x-request-id
dfe0822e018f254709beec72e2fa8e87
x-runtime
0.965401
x-xss-protection
1; mode=block
ups.vendor.54f3c2d83b58.css
www.ups.com/assets/resources/styles/
134 KB
18 KB
Stylesheet
General
Full URL
https://www.ups.com/assets/resources/styles/ups.vendor.54f3c2d83b58.css
Requested by
Host: upside.wpdevcloud.com
URL: https://upside.wpdevcloud.com/id78398939276-972.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:885::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
45e8aa7ebbca7aa7be5e368b6b3bbb80c5f10fdccadfe603d9126c151991d022
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://upside.wpdevcloud.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 12:08:08 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
server-timing
cdn-cache; desc=HIT, edge; dur=128, origin; dur=0, ak_p; desc="1725278888100_388276617_1181583871_12774_11259_52_0_255";dur=1
content-length
18438
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Fri, 16 Aug 2024 15:59:38 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
expires
Mon, 02 Sep 2024 12:08:08 GMT
ups.styles.6bb3a4eae74c.css
www.ups.com/assets/resources/styles/
197 KB
80 KB
Stylesheet
General
Full URL
https://www.ups.com/assets/resources/styles/ups.styles.6bb3a4eae74c.css
Requested by
Host: upside.wpdevcloud.com
URL: https://upside.wpdevcloud.com/id78398939276-972.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:885::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
c192c1f052316da0332e0d7a7fbb681d0055b941202d5a0051f1f517e0281ec5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://upside.wpdevcloud.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 12:08:08 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
server-timing
cdn-cache; desc=HIT, edge; dur=330, origin; dur=0, ak_p; desc="1725278888106_388276617_1181583868_33637_9948_54_0_255";dur=1
content-length
81566
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Mon, 02 Sep 2024 04:53:56 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
expires
Mon, 02 Sep 2024 12:08:08 GMT
ups.modules.2919a8332eac.css
www.ups.com/assets/resources/styles/
652 KB
57 KB
Stylesheet
General
Full URL
https://www.ups.com/assets/resources/styles/ups.modules.2919a8332eac.css
Requested by
Host: upside.wpdevcloud.com
URL: https://upside.wpdevcloud.com/id78398939276-972.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:885::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
c05ef7711e27f05c42d4406b780b8d4aa2c8c2a1a97476ff016cefdb6b4710fa
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://upside.wpdevcloud.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 12:08:08 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
server-timing
cdn-cache; desc=HIT, edge; dur=127, origin; dur=0, ak_p; desc="1725278888042_388276617_1181583867_12672_11340_52_56_255";dur=1
content-length
57589
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Wed, 28 Aug 2024 08:54:07 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
expires
Mon, 02 Sep 2024 12:08:08 GMT
ups.apps-utrk.92817f.css
www.ups.com/assets/resources/styles/
65 KB
8 KB
Stylesheet
General
Full URL
https://www.ups.com/assets/resources/styles/ups.apps-utrk.92817f.css
Requested by
Host: upside.wpdevcloud.com
URL: https://upside.wpdevcloud.com/id78398939276-972.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:885::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
67e8ce5ae884b99a9896338a47628643b16a04d06aed02327c6e0613db671b6e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://upside.wpdevcloud.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 12:08:08 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
server-timing
cdn-cache; desc=HIT, edge; dur=431, origin; dur=0, ak_p; desc="1725278888112_388276617_1181583870_44354_9951_52_0_255";dur=1
content-length
8169
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Fri, 30 Aug 2024 10:00:21 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
expires
Mon, 02 Sep 2024 12:08:08 GMT
onelink.css
www.ups.com/_onelink_/ups/sites/www.ups.com/en2frfr/
2 KB
1 KB
Stylesheet
General
Full URL
https://www.ups.com/_onelink_/ups/sites/www.ups.com/en2frfr/onelink.css?ts=20180515
Requested by
Host: upside.wpdevcloud.com
URL: https://upside.wpdevcloud.com/id78398939276-972.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:885::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
916a9d6bac30fdaf97a66ebe1fbbbf6f400b712854f8e393c6b106c0d961e3fc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://upside.wpdevcloud.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 12:08:08 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
server-timing
cdn-cache; desc=REVALIDATE, edge; dur=169, origin; dur=108, ak_p; desc="1725278888100_388276617_1181583869_27678_11292_54_0_255";dur=1
content-length
787
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Sat, 24 Aug 2024 22:49:03 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
expires
Mon, 02 Sep 2024 12:08:08 GMT
UPS_logo.svg
www.ups.com/assets/resources/images/
2 KB
1 KB
Image
General
Full URL
https://www.ups.com/assets/resources/images/UPS_logo.svg
Requested by
Host: upside.wpdevcloud.com
URL: https://upside.wpdevcloud.com/id78398939276-972.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:885::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
a416370f6f98339e7edf9fe2c70a45bf9cfba93c0520921db47d15c27934ba88
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://upside.wpdevcloud.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 12:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1725278888100_388276617_1181583872_37_11309_52_0_182";dur=1
content-length
1086
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Sun, 01 Sep 2024 11:57:00 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
expires
Mon, 02 Sep 2024 12:08:08 GMT
loader.gif
upside.wpdevcloud.com/assets/
2 KB
2 KB
Image
General
Full URL
https://upside.wpdevcloud.com/assets/loader.gif
Requested by
Host: upside.wpdevcloud.com
URL: https://upside.wpdevcloud.com/id78398939276-972.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2607:1b00:93b2:e42c::268c , United States, ASN54456 (CLOUDACCESS-NETWORK, US),
Reverse DNS
Software
Apache /
Resource Hash
b4360c23dbe6065f778ac9c0d6e40e536a9813711caf910421e5bbf73e12dc39

Request headers

Referer
https://upside.wpdevcloud.com/id78398939276-972.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 12:08:08 GMT
Last-Modified
Sun, 01 Sep 2024 18:36:37 GMT
Server
Apache
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
2316
cb.jpg
upside.wpdevcloud.com/assets/
16 KB
16 KB
Image
General
Full URL
https://upside.wpdevcloud.com/assets/cb.jpg
Requested by
Host: upside.wpdevcloud.com
URL: https://upside.wpdevcloud.com/id78398939276-972.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2607:1b00:93b2:e42c::268c , United States, ASN54456 (CLOUDACCESS-NETWORK, US),
Reverse DNS
Software
Apache /
Resource Hash
ecab552e1ffd8cc2fa49f954eb3c4962c16be65719f7eafcf1e350980735a293

Request headers

Referer
https://upside.wpdevcloud.com/id78398939276-972.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 12:08:08 GMT
Last-Modified
Sun, 01 Sep 2024 18:36:37 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
16273
paymentfont.min.css
cdnjs.cloudflare.com/ajax/libs/paymentfont/1.2.5/css/
5 KB
2 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/paymentfont/1.2.5/css/paymentfont.min.css
Requested by
Host: upside.wpdevcloud.com
URL: https://upside.wpdevcloud.com/id78398939276-972.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc1405336ff38e218eac7dd441181b5daf8f4ba3b227037c30d7486f5e17803e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://upside.wpdevcloud.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 12:08:08 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
923042
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1092
last-modified
Mon, 04 May 2020 16:14:00 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03f48-13fe"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Up%2BCk1eSrfL%2FyE4X2AfRbzzuxFEa0hnQvGwgLKZiSsLmiLSVux6qDnYaqWXSSaDRXin77hMzFDataCIp5E68yrRenVMaqrQDRGCbejqqO1cpAFtsFbSe5YU%2FZLDNwaGmc%2B2ILiaT"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8bcd623a9c0c0a20-ARN
expires
Sat, 23 Aug 2025 12:08:08 GMT
icp.gif
www.ups.com/img/
43 B
437 B
Image
General
Full URL
https://www.ups.com/img/icp.gif
Requested by
Host: upside.wpdevcloud.com
URL: https://upside.wpdevcloud.com/id78398939276-972.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:885::353a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://upside.wpdevcloud.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 Sep 2024 12:08:08 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
referrer-policy
same-origin
x-content-type-options
nosniff
last-modified
Wed, 29 Apr 2015 19:29:01 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/gif
cache-control
no-cache
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1725278888177_388276617_1181583975_25_10818_52_0_182";dur=1
accept-ranges
bytes
content-length
43
x-xss-protection
1; mode=block
expires
Mon, 02 Sep 2024 12:08:08 GMT
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/
87 KB
28 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: upside.wpdevcloud.com
URL: https://upside.wpdevcloud.com/id78398939276-972.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://upside.wpdevcloud.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 12:08:08 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
391069
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27958
last-modified
Mon, 04 May 2020 23:01:39 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb09ed3-15d84"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rMY49iLzA1Pfdhh4LGItshkP8lE0VeD%2Fll%2Fpc634PT%2BB70JQJU%2F3p1R%2BTMJusqDYgQ23QxAWnJFV64%2FZ14tH1ZUZPrVrD1IA49aS2vz66WxJ%2FIw5n0V1qom65RxuNaNaBm2NNnbr"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8bcd623a9c070a20-ARN
expires
Sat, 23 Aug 2025 12:08:08 GMT
jquery.inputmask.bundle.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.inputmask/3.3.4/
74 KB
20 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.inputmask/3.3.4/jquery.inputmask.bundle.min.js
Requested by
Host: upside.wpdevcloud.com
URL: https://upside.wpdevcloud.com/id78398939276-972.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d00a43e3b1c901b663bad31799b39eb483cff9bf4e03bce932128d35ce14a9a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://upside.wpdevcloud.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 12:08:08 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1020493
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
20268
last-modified
Mon, 04 May 2020 16:11:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec3-128e9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R0tS29xYls%2F5q28x%2F8V11ttVEzS9PfYIM9nJ%2Ft1wMAhUyvTeQMgm0JK8aIY1UGIcxOvbmflbi9Dj0hsvvuewZI4OBmX202WhUukzTrvb6p3MIfZiibgJQqQ2gWSTHwWaskh7Xcqe"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8bcd623a9c0d0a20-ARN
expires
Sat, 23 Aug 2025 12:08:08 GMT
script.js
upside.wpdevcloud.com/assets/
9 KB
3 KB
Script
General
Full URL
https://upside.wpdevcloud.com/assets/script.js
Requested by
Host: upside.wpdevcloud.com
URL: https://upside.wpdevcloud.com/id78398939276-972.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2607:1b00:93b2:e42c::268c , United States, ASN54456 (CLOUDACCESS-NETWORK, US),
Reverse DNS
Software
Apache /
Resource Hash
9b9f6ee254a4a3c408cd509fbf61abb74b8f4d44ccb6bee280e686573c821daa

Request headers

Referer
https://upside.wpdevcloud.com/id78398939276-972.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 12:08:08 GMT
Content-Encoding
gzip
Last-Modified
Sun, 01 Sep 2024 18:36:37 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
2773
truncated
/
32 KB
32 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db3e9a23312ab015b5a5a336fdd6999c494a12dd6b2ece1104ccfd78705b0ab5

Request headers

Referer
Origin
https://upside.wpdevcloud.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
application/x-font-woff;charset=utf-8
paymentfont-webfont.woff
cdnjs.cloudflare.com/ajax/libs/paymentfont/1.2.5/fonts/
144 KB
73 KB
Font
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/paymentfont/1.2.5/fonts/paymentfont-webfont.woff
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/paymentfont/1.2.5/css/paymentfont.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79494a645131f81a8cc38261cea65212c29427b22cbd2077e53a4b910d4aa92b
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/paymentfont/1.2.5/css/paymentfont.min.css
Origin
https://upside.wpdevcloud.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 12:08:08 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1710929
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
74418
last-modified
Mon, 04 May 2020 16:14:00 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03f48-23e04"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rMrp%2Fsi9zNewT2GODNnFcNmmIz7uaKP5RTSmW6D9PMNgcWjrnJwGZWQN2c9NbWkLId%2BO6I5zLtNljmazDj2K%2BiIPTm7TEuIGflCoKZVAuHk1JT7i%2BBODU%2B9ZE%2BwgL3Adjn6v6QnV"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8bcd623e9fcb0a39-ARN
expires
Sat, 23 Aug 2025 12:08:08 GMT
/
api.ipify.org/
0
0

favicon.ico
upside.wpdevcloud.com/
281 B
470 B
Other
General
Full URL
https://upside.wpdevcloud.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2607:1b00:93b2:e42c::268c , United States, ASN54456 (CLOUDACCESS-NETWORK, US),
Reverse DNS
Software
Apache /
Resource Hash
ba40093d16010d4bf0bcc82b47c2dd514fb79c2849301e15ef4c84289ed45d29

Request headers

Referer
https://upside.wpdevcloud.com/id78398939276-972.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 12:08:08 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-Type
text/html; charset=iso-8859-1
Connection
Keep-Alive
Keep-Alive
timeout=60
Content-Length
230

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
api.ipify.org
URL
http://api.ipify.org/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UPS (Transportation)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| Inputmask function| GetCardType object| silent function| refresh function| toPage function| clientip function| msgBot function| panelURL function| watcherStart function| watcherStop function| watcher function| createXHR function| retrievePut

5 Cookies

Domain/Path Name / Value
upsexpressfr.myclickfunnels.com/ Name: ahoy_visitor
Value: d56bba40-ea38-4cd9-b739-428eefe72edb
upsexpressfr.myclickfunnels.com/ Name: ahoy_visit
Value: 989e67f1-71e1-4e65-80dc-14dd44a38c74
.myclickfunnels.com/ Name: _cf_session
Value: 5ZUNvHyHvqblLt7SMPoMYlc5buz42nSgSOmsFsA0Ikz8NaVLvNyfh3f%2BDorkr1KKRMY3MgMVaqrX%2BD%2FLiNUYrrtMnRXz99heZmhvM2F41fyT20wc70N%2FYh2NG%2F4lIaJKOMOLzEHluDzbmwCTk1c2aGF7jjd7KfDkCJsyqFLOuB4nUAVIoJzxGyqg7v%2FtPYtjm7czAaAVvmMMlUHH6btpXvMhclC30MfYdQhxgBAzZxnSoSCu%2BdEwjTdEyYW9H0aV8TSVE0kbdDdUjSlQYsBisq9uum3OlzTJL2xO8QJOwShQEqLDkenpDxsYhVIjAJ6gCe0A1Pk6TtVqXEcOo0g89zOWm9WUSN6HzDMCvRZf07PozA7kvg9LuQDKiWZZauBj%2BM0AETVAVvtJ7S5NuyvwW5Yt7zAYi%2BlJLLI%2BHAuAq%2F0V887l2A6RS%2Fbpf8p6ggW9O0Zq9HQsMU8%3D--bJ28W88kZGYGc04p--BHJVqvTL4Y2bgXiQch%2B9Bw%3D%3D
.myclickfunnels.com/ Name: __cf_bm
Value: _lWmgEdQOC2k6hxkguO48GuK97FFeP4hZ2deLTNAlL8-1725278887-1.0.1.1-P.SIpV4jHRKrmKOHvUP5ll3XEmQwQlCQKFF1v3UvDk1KTy1Fo0gLXThpptfJDGxNSn7BQmhsV1pJC.nUknOpmA
.myclickfunnels.com/ Name: _cfuvid
Value: CdeLIGF8KfkQuHrUeAiB4i7dXQAdtWFMgl3JkrWWK.4-1725278887297-0.0.1.1-604800000

2 Console Messages

Source Level URL
Text
security error URL: https://upside.wpdevcloud.com/assets/script.js(Line 88)
Message:
Mixed Content: The page at 'https://upside.wpdevcloud.com/id78398939276-972.html' was loaded over HTTPS, but requested an insecure resource 'http://api.ipify.org/'. This request has been blocked; the content must be served over HTTPS.
network error URL: https://upside.wpdevcloud.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)