Report - tracking-ups-id283674.dynnamn.ru/us/en/homepage

Report Overview

Visited public
2023-10-27 13:33:33
Tags
ups logistics phishing dyndns
URL
tracking-ups-id283674.dynnamn.ru/us/en/homepage
Finishing URL
tracking-ups-id283674.dynnamn.ru/us/en/homepage
IP / ASN
195.230.22.39
#201133 Verdina Ltd.
Title
Global Shipping & Logistics Services | UPS - United States
Phishing - UPS
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tracking-ups-id283674.dynnamn.ru	unknown	2019-09-16	2023-10-23 08:49:15	2023-10-25 19:10:43	15 kB	1.2 MB	195.230.22.39

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-10-27 13:33:16	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-10-27 13:33:16	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-10-27 13:33:16	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-10-27 13:33:17	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-10-27 13:33:17	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-10-27 13:33:17	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-10-27 13:33:17	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-10-27 13:33:17	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-10-27 13:33:17	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-10-27 13:33:18	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-10-27 13:33:18	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-10-27 13:33:18	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-10-27 13:33:19	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-27	medium	dynnamn.ru	Sinkholed
2023-10-27	medium	dynnamn.ru	Sinkholed
2023-10-27	medium	dynnamn.ru	Sinkholed
2023-10-27	medium	dynnamn.ru	Sinkholed
2023-10-27	medium	dynnamn.ru	Sinkholed
2023-10-27	medium	dynnamn.ru	Sinkholed
2023-10-27	medium	dynnamn.ru	Sinkholed
2023-10-27	medium	dynnamn.ru	Sinkholed
2023-10-27	medium	dynnamn.ru	Sinkholed
2023-10-27	medium	dynnamn.ru	Sinkholed
2023-10-27	medium	dynnamn.ru	Sinkholed
2023-10-27	medium	dynnamn.ru	Sinkholed
2023-10-27	medium	dynnamn.ru	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	tracking-ups-id283674.dynnamn.ru/assets/js/jquery.js	ScriptElement	411 kB	2023-08-02	2024-08-21
Pretty URL tracking-ups-id283674.dynnamn.ru/assets/js/jquery.js IP 195.230.22.39 ASN #201133 Verdina Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-02 08:47 Last Seen2024-08-21 09:35 Times Seen150 Hash f990bc09e91b1a10e19dd2198e3058cc f5890ba0519c9503768c99131abe28cbcd76d402 c525928950f8fef0ff20ee8ebd93e4e22e33db2e5601c6980d760c16bda0a7e7 Loading...

	tracking-ups-id283674.dynnamn.ru/assets/js/mask.js	ScriptElement	29 kB	2023-08-02	2024-08-21
Pretty URL tracking-ups-id283674.dynnamn.ru/assets/js/mask.js IP 195.230.22.39 ASN #201133 Verdina Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-02 08:47 Last Seen2024-08-21 09:35 Times Seen150 Hash 4715635f27e94c49f16693659934b535 6c6e1e55464e312fe25e1c71d885572163d0d697 ba2b07db7325c8d7378441166a09873cd96b053fa315e99933625b97748ba45d Loading...

	tracking-ups-id283674.dynnamn.ru/us/en/homepage	ScriptElement	801 B	2023-08-02	2024-08-21
Pretty URL tracking-ups-id283674.dynnamn.ru/us/en/homepage IP 195.230.22.39 ASN #201133 Verdina Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-02 08:47 Last Seen2024-08-21 09:35 Times Seen150 Hash c3749990ff7bff8666cce06b6f9b3700 020bf630b67403ba0e1daf4e12bd985750ff03c4 ed9e6c77cc4def3663043491c1d927a387d9d91fe8d4d55123a462fc8f721609 Loading...

HTTP Transactions (13)

URL IP Response Size

tracking-ups-id283674.dynnamn.ru/assets/fonts/Roboto-Bold.woff

195.230.22.39

200 OK

27 kB

URL GET HTTP/2
tracking-ups-id283674.dynnamn.ru/assets/fonts/Roboto-Bold.woff
IP
195.230.22.39:443
ASN
#201133 Verdina Ltd.

Requested by
https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Certificate
IssuerLet's Encrypt
Subjecttracking-ups-id283674.dynnamn.ru
FingerprintC6:A0:E0:F5:74:C4:64:50:7E:CF:B5:85:B2:7F:6B:2C:CF:A6:CA:7E
ValidityMon, 23 Oct 2023 05:46:56 GMT - Sun, 21 Jan 2024 05:46:55 GMT

File type
Web Open Font Format, TrueType, length 26564, version 1.0\012- data
Size
27 kB (26564 bytes)
Hash
849fd0ec4277f2e8ee9ebe2753a30edd
ebcff6b5216b7cfdacc058ab35023c6f9bd6f286
5fce1e38ce56a7e63a78d5811e54679dba8cd15d6455cf312f4d2bd886e42d36

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - UPS
urlquery	phishing	Phishing - UPS
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/Roboto-Bold.woff HTTP/1.1
Host: tracking-ups-id283674.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://tracking-ups-id283674.dynnamn.ru/assets/css/ups1.css
Cookie: XSRF-TOKEN=eyJpdiI6IjBLK3UzMWx6QVcrNE9waytRQkhCRXc9PSIsInZhbHVlIjoiRGoyTjUwbEdCcC9NbTBXc3B3WkRlYXNQR3ZjTDNFeGJ6WG9mZ1drM29YTndBWWdhWXc0bDBmdUxWcndMbHpwa0x3RGhQU3hhd3ZrMkpQSThVcHRZSTU1YWJlVnNpVWZzenV5K0Ruai9tMmpHcEwxSDhBbENMcGRDY01BS21NamUiLCJtYWMiOiJmMTUzYmUxNzZhZjIyMzU4ODEwMmJlNDZmMGUwNDk5N2JhODE5MDI4NTA2ZjUxOTMyNTQ2ZTI1YWQ4NzhhMzNmIiwidGFnIjoiIn0%3D; g_project_session=eyJpdiI6Imx5aUN6Q2tQK2Nta2lLcFo5enJuNmc9PSIsInZhbHVlIjoic0dCeUZ3V3A1ajdUWC80S0NJNWxsZE8rK1N4Q21IZWlUTDA5dnBSdWtvTFZFZmhzMHBTOVFpZGNneTlIaHNobjd3MzlKYWxzWUkzL0JyeCtpa25LcFBQWHQrQ0ZlNkdNQ0lyT3l1UXBNYXhJaGRmYXRkNW4zL1JZbEJjaHlKQTMiLCJtYWMiOiI1YjMxZTAzYWEwMjY5ZjBkM2M1Y2ExZTdkODk2ZGYzNmJkNjEwNjNiNzYxZGQ5ODUyZGU3YTY2MDA3YmNhMjBjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 27 Oct 2023 13:33:17 GMT
content-type: font/woff
content-length: 26564
last-modified: Thu, 19 Oct 2023 09:14:10 GMT
etag: "6530f362-67c4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2

tracking-ups-id283674.dynnamn.ru/assets/img/20220401-JTBD-US-MAEVE.webp

195.230.22.39

200 OK

42 kB

URL GET HTTP/2
tracking-ups-id283674.dynnamn.ru/assets/img/20220401-JTBD-US-MAEVE.webp
IP
195.230.22.39:443
ASN
#201133 Verdina Ltd.

Requested by
https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Certificate
IssuerLet's Encrypt
Subjecttracking-ups-id283674.dynnamn.ru
FingerprintC6:A0:E0:F5:74:C4:64:50:7E:CF:B5:85:B2:7F:6B:2C:CF:A6:CA:7E
ValidityMon, 23 Oct 2023 05:46:56 GMT - Sun, 21 Jan 2024 05:46:55 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
42 kB (42494 bytes)
Hash
053f88f3256fa1b029ea33cec4944698
1afe94f1d8b47db35c9eda2144fab72384e51805
fe27203a5bf4ec6df5e01fcaa14cad6376afd0adbe5aca73b282fbdc85cb536b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - UPS
urlquery	phishing	Phishing - UPS
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/20220401-JTBD-US-MAEVE.webp HTTP/1.1
Host: tracking-ups-id283674.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Cookie: XSRF-TOKEN=eyJpdiI6IjBLK3UzMWx6QVcrNE9waytRQkhCRXc9PSIsInZhbHVlIjoiRGoyTjUwbEdCcC9NbTBXc3B3WkRlYXNQR3ZjTDNFeGJ6WG9mZ1drM29YTndBWWdhWXc0bDBmdUxWcndMbHpwa0x3RGhQU3hhd3ZrMkpQSThVcHRZSTU1YWJlVnNpVWZzenV5K0Ruai9tMmpHcEwxSDhBbENMcGRDY01BS21NamUiLCJtYWMiOiJmMTUzYmUxNzZhZjIyMzU4ODEwMmJlNDZmMGUwNDk5N2JhODE5MDI4NTA2ZjUxOTMyNTQ2ZTI1YWQ4NzhhMzNmIiwidGFnIjoiIn0%3D; g_project_session=eyJpdiI6Imx5aUN6Q2tQK2Nta2lLcFo5enJuNmc9PSIsInZhbHVlIjoic0dCeUZ3V3A1ajdUWC80S0NJNWxsZE8rK1N4Q21IZWlUTDA5dnBSdWtvTFZFZmhzMHBTOVFpZGNneTlIaHNobjd3MzlKYWxzWUkzL0JyeCtpa25LcFBQWHQrQ0ZlNkdNQ0lyT3l1UXBNYXhJaGRmYXRkNW4zL1JZbEJjaHlKQTMiLCJtYWMiOiI1YjMxZTAzYWEwMjY5ZjBkM2M1Y2ExZTdkODk2ZGYzNmJkNjEwNjNiNzYxZGQ5ODUyZGU3YTY2MDA3YmNhMjBjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 27 Oct 2023 13:33:17 GMT
content-type: image/webp
content-length: 42494
last-modified: Thu, 19 Oct 2023 09:14:10 GMT
etag: "6530f362-a5fe"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2

tracking-ups-id283674.dynnamn.ru/assets/fonts/Roboto-Medium.woff

195.230.22.39

200 OK

94 kB

URL GET HTTP/2
tracking-ups-id283674.dynnamn.ru/assets/fonts/Roboto-Medium.woff
IP
195.230.22.39:443
ASN
#201133 Verdina Ltd.

Requested by
https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Certificate
IssuerLet's Encrypt
Subjecttracking-ups-id283674.dynnamn.ru
FingerprintC6:A0:E0:F5:74:C4:64:50:7E:CF:B5:85:B2:7F:6B:2C:CF:A6:CA:7E
ValidityMon, 23 Oct 2023 05:46:56 GMT - Sun, 21 Jan 2024 05:46:55 GMT

File type
Web Open Font Format, TrueType, length 94364, version 2.137\012- data
Size
94 kB (94364 bytes)
Hash
7350337b673e86f2d62ee0eb5761e1e2
eb11f6c75c34069217cc1692d00e8ac3945c8a3d
4f543ad26c42709ef00a1921f7dd1aa27a1930a354ecb353196665e43dac3706

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - UPS
urlquery	phishing	Phishing - UPS
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/Roboto-Medium.woff HTTP/1.1
Host: tracking-ups-id283674.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://tracking-ups-id283674.dynnamn.ru/assets/css/ups1.css
Cookie: XSRF-TOKEN=eyJpdiI6IjBLK3UzMWx6QVcrNE9waytRQkhCRXc9PSIsInZhbHVlIjoiRGoyTjUwbEdCcC9NbTBXc3B3WkRlYXNQR3ZjTDNFeGJ6WG9mZ1drM29YTndBWWdhWXc0bDBmdUxWcndMbHpwa0x3RGhQU3hhd3ZrMkpQSThVcHRZSTU1YWJlVnNpVWZzenV5K0Ruai9tMmpHcEwxSDhBbENMcGRDY01BS21NamUiLCJtYWMiOiJmMTUzYmUxNzZhZjIyMzU4ODEwMmJlNDZmMGUwNDk5N2JhODE5MDI4NTA2ZjUxOTMyNTQ2ZTI1YWQ4NzhhMzNmIiwidGFnIjoiIn0%3D; g_project_session=eyJpdiI6Imx5aUN6Q2tQK2Nta2lLcFo5enJuNmc9PSIsInZhbHVlIjoic0dCeUZ3V3A1ajdUWC80S0NJNWxsZE8rK1N4Q21IZWlUTDA5dnBSdWtvTFZFZmhzMHBTOVFpZGNneTlIaHNobjd3MzlKYWxzWUkzL0JyeCtpa25LcFBQWHQrQ0ZlNkdNQ0lyT3l1UXBNYXhJaGRmYXRkNW4zL1JZbEJjaHlKQTMiLCJtYWMiOiI1YjMxZTAzYWEwMjY5ZjBkM2M1Y2ExZTdkODk2ZGYzNmJkNjEwNjNiNzYxZGQ5ODUyZGU3YTY2MDA3YmNhMjBjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 27 Oct 2023 13:33:17 GMT
content-type: font/woff
content-length: 94364
last-modified: Thu, 19 Oct 2023 09:14:10 GMT
etag: "6530f362-1709c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2

tracking-ups-id283674.dynnamn.ru/assets/fonts/Roboto-Regular.woff

195.230.22.39

200 OK

94 kB

URL GET HTTP/2
tracking-ups-id283674.dynnamn.ru/assets/fonts/Roboto-Regular.woff
IP
195.230.22.39:443
ASN
#201133 Verdina Ltd.

Requested by
https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Certificate
IssuerLet's Encrypt
Subjecttracking-ups-id283674.dynnamn.ru
FingerprintC6:A0:E0:F5:74:C4:64:50:7E:CF:B5:85:B2:7F:6B:2C:CF:A6:CA:7E
ValidityMon, 23 Oct 2023 05:46:56 GMT - Sun, 21 Jan 2024 05:46:55 GMT

File type
Web Open Font Format, TrueType, length 93784, version 2.137\012- data
Size
94 kB (93784 bytes)
Hash
1cfd1aa3b4fe4bba10c132acea9985af
4edccc73318b8d3f6dee84f934063ea52644ed0f
c511a38838f14cd23a3e2a7c7c9b7f2864a2a6b9e548053bb71b432a677966e2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - UPS
urlquery	phishing	Phishing - UPS
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/Roboto-Regular.woff HTTP/1.1
Host: tracking-ups-id283674.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://tracking-ups-id283674.dynnamn.ru/assets/css/ups1.css
Cookie: XSRF-TOKEN=eyJpdiI6IjBLK3UzMWx6QVcrNE9waytRQkhCRXc9PSIsInZhbHVlIjoiRGoyTjUwbEdCcC9NbTBXc3B3WkRlYXNQR3ZjTDNFeGJ6WG9mZ1drM29YTndBWWdhWXc0bDBmdUxWcndMbHpwa0x3RGhQU3hhd3ZrMkpQSThVcHRZSTU1YWJlVnNpVWZzenV5K0Ruai9tMmpHcEwxSDhBbENMcGRDY01BS21NamUiLCJtYWMiOiJmMTUzYmUxNzZhZjIyMzU4ODEwMmJlNDZmMGUwNDk5N2JhODE5MDI4NTA2ZjUxOTMyNTQ2ZTI1YWQ4NzhhMzNmIiwidGFnIjoiIn0%3D; g_project_session=eyJpdiI6Imx5aUN6Q2tQK2Nta2lLcFo5enJuNmc9PSIsInZhbHVlIjoic0dCeUZ3V3A1ajdUWC80S0NJNWxsZE8rK1N4Q21IZWlUTDA5dnBSdWtvTFZFZmhzMHBTOVFpZGNneTlIaHNobjd3MzlKYWxzWUkzL0JyeCtpa25LcFBQWHQrQ0ZlNkdNQ0lyT3l1UXBNYXhJaGRmYXRkNW4zL1JZbEJjaHlKQTMiLCJtYWMiOiI1YjMxZTAzYWEwMjY5ZjBkM2M1Y2ExZTdkODk2ZGYzNmJkNjEwNjNiNzYxZGQ5ODUyZGU3YTY2MDA3YmNhMjBjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 27 Oct 2023 13:33:17 GMT
content-type: font/woff
content-length: 93784
last-modified: Thu, 19 Oct 2023 09:14:10 GMT
etag: "6530f362-16e58"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2

tracking-ups-id283674.dynnamn.ru/us/en/homepage

195.230.22.39

200 OK

20 kB

URL User Request GET HTTP/2
tracking-ups-id283674.dynnamn.ru/us/en/homepage
IP
195.230.22.39:443
ASN
#201133 Verdina Ltd.

Certificate
IssuerLet's Encrypt
Subjecttracking-ups-id283674.dynnamn.ru
FingerprintC6:A0:E0:F5:74:C4:64:50:7E:CF:B5:85:B2:7F:6B:2C:CF:A6:CA:7E
ValidityMon, 23 Oct 2023 05:46:56 GMT - Sun, 21 Jan 2024 05:46:55 GMT

File type

Size
20 kB (20407 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /us/en/homepage HTTP/1.1
Host: tracking-ups-id283674.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 27 Oct 2023 13:33:16 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
vary: Accept-Encoding, X-Inertia
set-cookie: XSRF-TOKEN=eyJpdiI6IjBLK3UzMWx6QVcrNE9waytRQkhCRXc9PSIsInZhbHVlIjoiRGoyTjUwbEdCcC9NbTBXc3B3WkRlYXNQR3ZjTDNFeGJ6WG9mZ1drM29YTndBWWdhWXc0bDBmdUxWcndMbHpwa0x3RGhQU3hhd3ZrMkpQSThVcHRZSTU1YWJlVnNpVWZzenV5K0Ruai9tMmpHcEwxSDhBbENMcGRDY01BS21NamUiLCJtYWMiOiJmMTUzYmUxNzZhZjIyMzU4ODEwMmJlNDZmMGUwNDk5N2JhODE5MDI4NTA2ZjUxOTMyNTQ2ZTI1YWQ4NzhhMzNmIiwidGFnIjoiIn0%3D; expires=Fri, 27 Oct 2023 15:33:16 GMT; Max-Age=7200; path=/; samesite=lax
g_project_session=eyJpdiI6Imx5aUN6Q2tQK2Nta2lLcFo5enJuNmc9PSIsInZhbHVlIjoic0dCeUZ3V3A1ajdUWC80S0NJNWxsZE8rK1N4Q21IZWlUTDA5dnBSdWtvTFZFZmhzMHBTOVFpZGNneTlIaHNobjd3MzlKYWxzWUkzL0JyeCtpa25LcFBQWHQrQ0ZlNkdNQ0lyT3l1UXBNYXhJaGRmYXRkNW4zL1JZbEJjaHlKQTMiLCJtYWMiOiI1YjMxZTAzYWEwMjY5ZjBkM2M1Y2ExZTdkODk2ZGYzNmJkNjEwNjNiNzYxZGQ5ODUyZGU3YTY2MDA3YmNhMjBjIiwidGFnIjoiIn0%3D; expires=Fri, 27 Oct 2023 15:33:16 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

tracking-ups-id283674.dynnamn.ru/assets/css/ups_0021.css

195.230.22.39

200 OK

152 kB

URL GET HTTP/2
tracking-ups-id283674.dynnamn.ru/assets/css/ups_0021.css
IP
195.230.22.39:443
ASN
#201133 Verdina Ltd.

Requested by
https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Certificate
IssuerLet's Encrypt
Subjecttracking-ups-id283674.dynnamn.ru
FingerprintC6:A0:E0:F5:74:C4:64:50:7E:CF:B5:85:B2:7F:6B:2C:CF:A6:CA:7E
ValidityMon, 23 Oct 2023 05:46:56 GMT - Sun, 21 Jan 2024 05:46:55 GMT

File type

Size
152 kB (152529 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/ups_0021.css HTTP/1.1
Host: tracking-ups-id283674.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Cookie: XSRF-TOKEN=eyJpdiI6IjBLK3UzMWx6QVcrNE9waytRQkhCRXc9PSIsInZhbHVlIjoiRGoyTjUwbEdCcC9NbTBXc3B3WkRlYXNQR3ZjTDNFeGJ6WG9mZ1drM29YTndBWWdhWXc0bDBmdUxWcndMbHpwa0x3RGhQU3hhd3ZrMkpQSThVcHRZSTU1YWJlVnNpVWZzenV5K0Ruai9tMmpHcEwxSDhBbENMcGRDY01BS21NamUiLCJtYWMiOiJmMTUzYmUxNzZhZjIyMzU4ODEwMmJlNDZmMGUwNDk5N2JhODE5MDI4NTA2ZjUxOTMyNTQ2ZTI1YWQ4NzhhMzNmIiwidGFnIjoiIn0%3D; g_project_session=eyJpdiI6Imx5aUN6Q2tQK2Nta2lLcFo5enJuNmc9PSIsInZhbHVlIjoic0dCeUZ3V3A1ajdUWC80S0NJNWxsZE8rK1N4Q21IZWlUTDA5dnBSdWtvTFZFZmhzMHBTOVFpZGNneTlIaHNobjd3MzlKYWxzWUkzL0JyeCtpa25LcFBQWHQrQ0ZlNkdNQ0lyT3l1UXBNYXhJaGRmYXRkNW4zL1JZbEJjaHlKQTMiLCJtYWMiOiI1YjMxZTAzYWEwMjY5ZjBkM2M1Y2ExZTdkODk2ZGYzNmJkNjEwNjNiNzYxZGQ5ODUyZGU3YTY2MDA3YmNhMjBjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 27 Oct 2023 13:33:16 GMT
content-type: text/css
last-modified: Thu, 19 Oct 2023 09:14:10 GMT
vary: Accept-Encoding
etag: W/"6530f362-253d1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

tracking-ups-id283674.dynnamn.ru/assets/css/css.css

195.230.22.39

200 OK

6.7 kB

URL GET HTTP/2
tracking-ups-id283674.dynnamn.ru/assets/css/css.css
IP
195.230.22.39:443
ASN
#201133 Verdina Ltd.

Requested by
https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Certificate
IssuerLet's Encrypt
Subjecttracking-ups-id283674.dynnamn.ru
FingerprintC6:A0:E0:F5:74:C4:64:50:7E:CF:B5:85:B2:7F:6B:2C:CF:A6:CA:7E
ValidityMon, 23 Oct 2023 05:46:56 GMT - Sun, 21 Jan 2024 05:46:55 GMT

File type
ASCII text, with very long lines (6839), with no line terminators
Size
6.7 kB (6699 bytes)
Hash
5f79fe34289e871ce0c27e74aba0bd06
d9348099be095137ae2806be26930124febc9a8e
9fc72baab1f544694f6d5d5f79d1319e1066b73e39570dc19edcbc85841f770e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/css.css HTTP/1.1
Host: tracking-ups-id283674.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Cookie: XSRF-TOKEN=eyJpdiI6IjBLK3UzMWx6QVcrNE9waytRQkhCRXc9PSIsInZhbHVlIjoiRGoyTjUwbEdCcC9NbTBXc3B3WkRlYXNQR3ZjTDNFeGJ6WG9mZ1drM29YTndBWWdhWXc0bDBmdUxWcndMbHpwa0x3RGhQU3hhd3ZrMkpQSThVcHRZSTU1YWJlVnNpVWZzenV5K0Ruai9tMmpHcEwxSDhBbENMcGRDY01BS21NamUiLCJtYWMiOiJmMTUzYmUxNzZhZjIyMzU4ODEwMmJlNDZmMGUwNDk5N2JhODE5MDI4NTA2ZjUxOTMyNTQ2ZTI1YWQ4NzhhMzNmIiwidGFnIjoiIn0%3D; g_project_session=eyJpdiI6Imx5aUN6Q2tQK2Nta2lLcFo5enJuNmc9PSIsInZhbHVlIjoic0dCeUZ3V3A1ajdUWC80S0NJNWxsZE8rK1N4Q21IZWlUTDA5dnBSdWtvTFZFZmhzMHBTOVFpZGNneTlIaHNobjd3MzlKYWxzWUkzL0JyeCtpa25LcFBQWHQrQ0ZlNkdNQ0lyT3l1UXBNYXhJaGRmYXRkNW4zL1JZbEJjaHlKQTMiLCJtYWMiOiI1YjMxZTAzYWEwMjY5ZjBkM2M1Y2ExZTdkODk2ZGYzNmJkNjEwNjNiNzYxZGQ5ODUyZGU3YTY2MDA3YmNhMjBjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 27 Oct 2023 13:33:16 GMT
content-type: text/css
last-modified: Thu, 19 Oct 2023 09:14:10 GMT
vary: Accept-Encoding
etag: W/"6530f362-1a2b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

tracking-ups-id283674.dynnamn.ru/assets/img/UPS_logo.svg

195.230.22.39

200 OK

2.2 kB

URL GET HTTP/2
tracking-ups-id283674.dynnamn.ru/assets/img/UPS_logo.svg
IP
195.230.22.39:443
ASN
#201133 Verdina Ltd.

Requested by
https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Certificate
IssuerLet's Encrypt
Subjecttracking-ups-id283674.dynnamn.ru
FingerprintC6:A0:E0:F5:74:C4:64:50:7E:CF:B5:85:B2:7F:6B:2C:CF:A6:CA:7E
ValidityMon, 23 Oct 2023 05:46:56 GMT - Sun, 21 Jan 2024 05:46:55 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2182), with no line terminators
Size
2.2 kB (2162 bytes)
Hash
e43c29ad2012783279041e61187d863c
0ffa517d89c44b499797b048eff09ae25bc441c4
e83a7880dd4e2d8b561100522bc24566525187aa3aac599d81d82bab0bca3a94

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - UPS
urlquery	phishing	Phishing - UPS
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/UPS_logo.svg HTTP/1.1
Host: tracking-ups-id283674.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Cookie: XSRF-TOKEN=eyJpdiI6IjBLK3UzMWx6QVcrNE9waytRQkhCRXc9PSIsInZhbHVlIjoiRGoyTjUwbEdCcC9NbTBXc3B3WkRlYXNQR3ZjTDNFeGJ6WG9mZ1drM29YTndBWWdhWXc0bDBmdUxWcndMbHpwa0x3RGhQU3hhd3ZrMkpQSThVcHRZSTU1YWJlVnNpVWZzenV5K0Ruai9tMmpHcEwxSDhBbENMcGRDY01BS21NamUiLCJtYWMiOiJmMTUzYmUxNzZhZjIyMzU4ODEwMmJlNDZmMGUwNDk5N2JhODE5MDI4NTA2ZjUxOTMyNTQ2ZTI1YWQ4NzhhMzNmIiwidGFnIjoiIn0%3D; g_project_session=eyJpdiI6Imx5aUN6Q2tQK2Nta2lLcFo5enJuNmc9PSIsInZhbHVlIjoic0dCeUZ3V3A1ajdUWC80S0NJNWxsZE8rK1N4Q21IZWlUTDA5dnBSdWtvTFZFZmhzMHBTOVFpZGNneTlIaHNobjd3MzlKYWxzWUkzL0JyeCtpa25LcFBQWHQrQ0ZlNkdNQ0lyT3l1UXBNYXhJaGRmYXRkNW4zL1JZbEJjaHlKQTMiLCJtYWMiOiI1YjMxZTAzYWEwMjY5ZjBkM2M1Y2ExZTdkODk2ZGYzNmJkNjEwNjNiNzYxZGQ5ODUyZGU3YTY2MDA3YmNhMjBjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 27 Oct 2023 13:33:16 GMT
content-type: image/svg+xml
last-modified: Thu, 19 Oct 2023 09:14:10 GMT
vary: Accept-Encoding
etag: W/"6530f362-872"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

tracking-ups-id283674.dynnamn.ru/assets/js/jquery.js

195.230.22.39

200 OK

411 kB

URL GET HTTP/2
tracking-ups-id283674.dynnamn.ru/assets/js/jquery.js
IP
195.230.22.39:443
ASN
#201133 Verdina Ltd.

Requested by
https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Certificate
IssuerLet's Encrypt
Subjecttracking-ups-id283674.dynnamn.ru
FingerprintC6:A0:E0:F5:74:C4:64:50:7E:CF:B5:85:B2:7F:6B:2C:CF:A6:CA:7E
ValidityMon, 23 Oct 2023 05:46:56 GMT - Sun, 21 Jan 2024 05:46:55 GMT

File type
ASCII text
Size
411 kB (410866 bytes)
Hash
f990bc09e91b1a10e19dd2198e3058cc
f5890ba0519c9503768c99131abe28cbcd76d402
c525928950f8fef0ff20ee8ebd93e4e22e33db2e5601c6980d760c16bda0a7e7

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/jquery.js HTTP/1.1
Host: tracking-ups-id283674.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Cookie: XSRF-TOKEN=eyJpdiI6IjBLK3UzMWx6QVcrNE9waytRQkhCRXc9PSIsInZhbHVlIjoiRGoyTjUwbEdCcC9NbTBXc3B3WkRlYXNQR3ZjTDNFeGJ6WG9mZ1drM29YTndBWWdhWXc0bDBmdUxWcndMbHpwa0x3RGhQU3hhd3ZrMkpQSThVcHRZSTU1YWJlVnNpVWZzenV5K0Ruai9tMmpHcEwxSDhBbENMcGRDY01BS21NamUiLCJtYWMiOiJmMTUzYmUxNzZhZjIyMzU4ODEwMmJlNDZmMGUwNDk5N2JhODE5MDI4NTA2ZjUxOTMyNTQ2ZTI1YWQ4NzhhMzNmIiwidGFnIjoiIn0%3D; g_project_session=eyJpdiI6Imx5aUN6Q2tQK2Nta2lLcFo5enJuNmc9PSIsInZhbHVlIjoic0dCeUZ3V3A1ajdUWC80S0NJNWxsZE8rK1N4Q21IZWlUTDA5dnBSdWtvTFZFZmhzMHBTOVFpZGNneTlIaHNobjd3MzlKYWxzWUkzL0JyeCtpa25LcFBQWHQrQ0ZlNkdNQ0lyT3l1UXBNYXhJaGRmYXRkNW4zL1JZbEJjaHlKQTMiLCJtYWMiOiI1YjMxZTAzYWEwMjY5ZjBkM2M1Y2ExZTdkODk2ZGYzNmJkNjEwNjNiNzYxZGQ5ODUyZGU3YTY2MDA3YmNhMjBjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 27 Oct 2023 13:33:16 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 19 Oct 2023 09:14:10 GMT
vary: Accept-Encoding
etag: W/"6530f362-644f2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

tracking-ups-id283674.dynnamn.ru/assets/css/ups1.css

195.230.22.39

200 OK

292 kB

URL GET HTTP/2
tracking-ups-id283674.dynnamn.ru/assets/css/ups1.css
IP
195.230.22.39:443
ASN
#201133 Verdina Ltd.

Requested by
https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Certificate
IssuerLet's Encrypt
Subjecttracking-ups-id283674.dynnamn.ru
FingerprintC6:A0:E0:F5:74:C4:64:50:7E:CF:B5:85:B2:7F:6B:2C:CF:A6:CA:7E
ValidityMon, 23 Oct 2023 05:46:56 GMT - Sun, 21 Jan 2024 05:46:55 GMT

File type

Size
292 kB (292321 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/ups1.css HTTP/1.1
Host: tracking-ups-id283674.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Cookie: XSRF-TOKEN=eyJpdiI6IjBLK3UzMWx6QVcrNE9waytRQkhCRXc9PSIsInZhbHVlIjoiRGoyTjUwbEdCcC9NbTBXc3B3WkRlYXNQR3ZjTDNFeGJ6WG9mZ1drM29YTndBWWdhWXc0bDBmdUxWcndMbHpwa0x3RGhQU3hhd3ZrMkpQSThVcHRZSTU1YWJlVnNpVWZzenV5K0Ruai9tMmpHcEwxSDhBbENMcGRDY01BS21NamUiLCJtYWMiOiJmMTUzYmUxNzZhZjIyMzU4ODEwMmJlNDZmMGUwNDk5N2JhODE5MDI4NTA2ZjUxOTMyNTQ2ZTI1YWQ4NzhhMzNmIiwidGFnIjoiIn0%3D; g_project_session=eyJpdiI6Imx5aUN6Q2tQK2Nta2lLcFo5enJuNmc9PSIsInZhbHVlIjoic0dCeUZ3V3A1ajdUWC80S0NJNWxsZE8rK1N4Q21IZWlUTDA5dnBSdWtvTFZFZmhzMHBTOVFpZGNneTlIaHNobjd3MzlKYWxzWUkzL0JyeCtpa25LcFBQWHQrQ0ZlNkdNQ0lyT3l1UXBNYXhJaGRmYXRkNW4zL1JZbEJjaHlKQTMiLCJtYWMiOiI1YjMxZTAzYWEwMjY5ZjBkM2M1Y2ExZTdkODk2ZGYzNmJkNjEwNjNiNzYxZGQ5ODUyZGU3YTY2MDA3YmNhMjBjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 27 Oct 2023 13:33:16 GMT
content-type: text/css
last-modified: Thu, 19 Oct 2023 09:14:10 GMT
vary: Accept-Encoding
etag: W/"6530f362-475e1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

tracking-ups-id283674.dynnamn.ru/assets/js/mask.js

195.230.22.39

200 OK

29 kB

URL GET HTTP/2
tracking-ups-id283674.dynnamn.ru/assets/js/mask.js
IP
195.230.22.39:443
ASN
#201133 Verdina Ltd.

Requested by
https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Certificate
IssuerLet's Encrypt
Subjecttracking-ups-id283674.dynnamn.ru
FingerprintC6:A0:E0:F5:74:C4:64:50:7E:CF:B5:85:B2:7F:6B:2C:CF:A6:CA:7E
ValidityMon, 23 Oct 2023 05:46:56 GMT - Sun, 21 Jan 2024 05:46:55 GMT

File type
ASCII text
Size
29 kB (28737 bytes)
Hash
4715635f27e94c49f16693659934b535
6c6e1e55464e312fe25e1c71d885572163d0d697
ba2b07db7325c8d7378441166a09873cd96b053fa315e99933625b97748ba45d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/mask.js HTTP/1.1
Host: tracking-ups-id283674.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Cookie: XSRF-TOKEN=eyJpdiI6IjBLK3UzMWx6QVcrNE9waytRQkhCRXc9PSIsInZhbHVlIjoiRGoyTjUwbEdCcC9NbTBXc3B3WkRlYXNQR3ZjTDNFeGJ6WG9mZ1drM29YTndBWWdhWXc0bDBmdUxWcndMbHpwa0x3RGhQU3hhd3ZrMkpQSThVcHRZSTU1YWJlVnNpVWZzenV5K0Ruai9tMmpHcEwxSDhBbENMcGRDY01BS21NamUiLCJtYWMiOiJmMTUzYmUxNzZhZjIyMzU4ODEwMmJlNDZmMGUwNDk5N2JhODE5MDI4NTA2ZjUxOTMyNTQ2ZTI1YWQ4NzhhMzNmIiwidGFnIjoiIn0%3D; g_project_session=eyJpdiI6Imx5aUN6Q2tQK2Nta2lLcFo5enJuNmc9PSIsInZhbHVlIjoic0dCeUZ3V3A1ajdUWC80S0NJNWxsZE8rK1N4Q21IZWlUTDA5dnBSdWtvTFZFZmhzMHBTOVFpZGNneTlIaHNobjd3MzlKYWxzWUkzL0JyeCtpa25LcFBQWHQrQ0ZlNkdNQ0lyT3l1UXBNYXhJaGRmYXRkNW4zL1JZbEJjaHlKQTMiLCJtYWMiOiI1YjMxZTAzYWEwMjY5ZjBkM2M1Y2ExZTdkODk2ZGYzNmJkNjEwNjNiNzYxZGQ5ODUyZGU3YTY2MDA3YmNhMjBjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 27 Oct 2023 13:33:16 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 19 Oct 2023 09:14:10 GMT
vary: Accept-Encoding
etag: W/"6530f362-7041"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

tracking-ups-id283674.dynnamn.ru/assets/images/social.jpg

195.230.22.39

404 Not Found

6.6 kB

URL GET HTTP/2
tracking-ups-id283674.dynnamn.ru/assets/images/social.jpg
IP
195.230.22.39:443
ASN
#201133 Verdina Ltd.

Requested by
https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Certificate
IssuerLet's Encrypt
Subjecttracking-ups-id283674.dynnamn.ru
FingerprintC6:A0:E0:F5:74:C4:64:50:7E:CF:B5:85:B2:7F:6B:2C:CF:A6:CA:7E
ValidityMon, 23 Oct 2023 05:46:56 GMT - Sun, 21 Jan 2024 05:46:55 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6689), with no line terminators
Size
6.6 kB (6603 bytes)
Hash
c906baf41656d717ab5e98353babad8e
812d89dcbdd6d325b7af82efbf7e7d87d1bdacd7
b1207e04bb6b87d1ffb56c250d69f876ea40d2d98373d35e61200c1a17e11c64

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/images/social.jpg HTTP/1.1
Host: tracking-ups-id283674.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tracking-ups-id283674.dynnamn.ru/assets/css/ups1.css
Cookie: XSRF-TOKEN=eyJpdiI6IjBLK3UzMWx6QVcrNE9waytRQkhCRXc9PSIsInZhbHVlIjoiRGoyTjUwbEdCcC9NbTBXc3B3WkRlYXNQR3ZjTDNFeGJ6WG9mZ1drM29YTndBWWdhWXc0bDBmdUxWcndMbHpwa0x3RGhQU3hhd3ZrMkpQSThVcHRZSTU1YWJlVnNpVWZzenV5K0Ruai9tMmpHcEwxSDhBbENMcGRDY01BS21NamUiLCJtYWMiOiJmMTUzYmUxNzZhZjIyMzU4ODEwMmJlNDZmMGUwNDk5N2JhODE5MDI4NTA2ZjUxOTMyNTQ2ZTI1YWQ4NzhhMzNmIiwidGFnIjoiIn0%3D; g_project_session=eyJpdiI6Imx5aUN6Q2tQK2Nta2lLcFo5enJuNmc9PSIsInZhbHVlIjoic0dCeUZ3V3A1ajdUWC80S0NJNWxsZE8rK1N4Q21IZWlUTDA5dnBSdWtvTFZFZmhzMHBTOVFpZGNneTlIaHNobjd3MzlKYWxzWUkzL0JyeCtpa25LcFBQWHQrQ0ZlNkdNQ0lyT3l1UXBNYXhJaGRmYXRkNW4zL1JZbEJjaHlKQTMiLCJtYWMiOiI1YjMxZTAzYWEwMjY5ZjBkM2M1Y2ExZTdkODk2ZGYzNmJkNjEwNjNiNzYxZGQ5ODUyZGU3YTY2MDA3YmNhMjBjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Fri, 27 Oct 2023 13:33:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2

tracking-ups-id283674.dynnamn.ru/assets/img/favicon.ico

195.230.22.39

200 OK

2.2 kB

URL GET HTTP/2
tracking-ups-id283674.dynnamn.ru/assets/img/favicon.ico
IP
195.230.22.39:443
ASN
#201133 Verdina Ltd.

Requested by
https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Certificate
IssuerLet's Encrypt
Subjecttracking-ups-id283674.dynnamn.ru
FingerprintC6:A0:E0:F5:74:C4:64:50:7E:CF:B5:85:B2:7F:6B:2C:CF:A6:CA:7E
ValidityMon, 23 Oct 2023 05:46:56 GMT - Sun, 21 Jan 2024 05:46:55 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel\012- data
Size
2.2 kB (2238 bytes)
Hash
afd13e52f285793f5eaa266c12a19abe
4b71098176443981be65286ec864b12ebc233f81
9ca2236bb4ec1714e173cecb6bcc95c82e12df204c7d4c87fe4b9f01135efce8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - UPS
urlquery	phishing	Phishing - UPS
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/favicon.ico HTTP/1.1
Host: tracking-ups-id283674.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tracking-ups-id283674.dynnamn.ru/us/en/homepage
Cookie: XSRF-TOKEN=eyJpdiI6IjBLK3UzMWx6QVcrNE9waytRQkhCRXc9PSIsInZhbHVlIjoiRGoyTjUwbEdCcC9NbTBXc3B3WkRlYXNQR3ZjTDNFeGJ6WG9mZ1drM29YTndBWWdhWXc0bDBmdUxWcndMbHpwa0x3RGhQU3hhd3ZrMkpQSThVcHRZSTU1YWJlVnNpVWZzenV5K0Ruai9tMmpHcEwxSDhBbENMcGRDY01BS21NamUiLCJtYWMiOiJmMTUzYmUxNzZhZjIyMzU4ODEwMmJlNDZmMGUwNDk5N2JhODE5MDI4NTA2ZjUxOTMyNTQ2ZTI1YWQ4NzhhMzNmIiwidGFnIjoiIn0%3D; g_project_session=eyJpdiI6Imx5aUN6Q2tQK2Nta2lLcFo5enJuNmc9PSIsInZhbHVlIjoic0dCeUZ3V3A1ajdUWC80S0NJNWxsZE8rK1N4Q21IZWlUTDA5dnBSdWtvTFZFZmhzMHBTOVFpZGNneTlIaHNobjd3MzlKYWxzWUkzL0JyeCtpa25LcFBQWHQrQ0ZlNkdNQ0lyT3l1UXBNYXhJaGRmYXRkNW4zL1JZbEJjaHlKQTMiLCJtYWMiOiI1YjMxZTAzYWEwMjY5ZjBkM2M1Y2ExZTdkODk2ZGYzNmJkNjEwNjNiNzYxZGQ5ODUyZGU3YTY2MDA3YmNhMjBjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 27 Oct 2023 13:33:18 GMT
content-type: image/x-icon
last-modified: Thu, 19 Oct 2023 09:14:10 GMT
vary: Accept-Encoding
etag: W/"6530f362-8be"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type