urlscan.io logo urlscan.io
SecurityTrails logo

tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com Open in urlscan Pro
170.64.217.236  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://tracking-package-ups.id-66598887.cas.ind.in/
Effective URL: https://tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com/?views=&views=&visitorId=6639ece98155ca4b7f92fec8
Submission: On May 07 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 4 HTTP transactions. The main IP is 170.64.217.236, located in and belongs to . The main domain is tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com.
TLS certificate: Issued by R3 on April 26th 2024. Valid for: 3 months.
This is the only time tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 172.66.0.70 13335 (CLOUDFLAR...)
1 1 125.209.210.90 23576 (NHN-AS-KR...)
1 1 66.235.200.145 13335 (CLOUDFLAR...)
1 170.64.217.236 ()
4 3
Domain Requested by
1 tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com tracking-package-ups.id-66598887.cas.ind.in
tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com
1 xtremewindowcleaningllc.com 1 redirects
1 me2.do 1 redirects
1 tracking-package-ups.id-66598887.cas.ind.in
4 4

This site contains no links.

Subject Issuer Validity Valid
tracking-package-ups.id-66598887.cas.ind.in
E1		 2024-05-07 -
2024-08-05		 3 months crt.sh

R3		 2024-04-26 -
2024-07-25		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com/?views=&views=&visitorId=6639ece98155ca4b7f92fec8
Frame ID: ACAFE23EEAB082B6CF7B132656B78859
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://tracking-package-ups.id-66598887.cas.ind.in/ Page URL
  2. https://me2.do/GQN64bY5 HTTP 307
    https://xtremewindowcleaningllc.com/wp-admin/shell.php?view=img HTTP 302
    https://tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com/?views=&views=&visitorId=6639ece98155ca4b7f92fec8 Page URL

Page Statistics

4
Requests

50 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

6 kB
Transfer

14 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://tracking-package-ups.id-66598887.cas.ind.in/ Page URL
  2. https://me2.do/GQN64bY5 HTTP 307
    https://xtremewindowcleaningllc.com/wp-admin/shell.php?view=img HTTP 302
    https://tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com/?views=&views=&visitorId=6639ece98155ca4b7f92fec8 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
tracking-package-ups.id-66598887.cas.ind.in/ 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tracking-package-ups.id-66598887.cas.ind.in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.66.0.70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
max-age=0
cf-cache-status
DYNAMIC
cf-ray
880000465a399b95-FRA
content-encoding
gzip
content-type
text/html
date
Tue, 07 May 2024 08:57:11 GMT
expires
Tue, 07 May 2024 08:57:11 GMT
last-modified
Tue, 07 May 2024 08:52:37 GMT
server
cloudflare
vary
Accept-Encoding
Primary Request /
tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com/
Redirect Chain
  • https://me2.do/GQN64bY5
  • https://xtremewindowcleaningllc.com/wp-admin/shell.php?view=img
  • https://tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com/?views=&views=&visitorId=6639ece98155ca4b7f92fec8
406 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com/?views=&views=&visitorId=6639ece98155ca4b7f92fec8
Requested by
Host: tracking-package-ups.id-66598887.cas.ind.in
URL: https://tracking-package-ups.id-66598887.cas.ind.in/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
170.64.217.236 -, , ASN (),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://tracking-package-ups.id-66598887.cas.ind.in/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods
POST, OPTIONS, GET
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Tue, 07 May 2024 08:57:14 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
1; mode=block

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
88000050ee0b8fc5-FRA
content-type
text/html; charset=UTF-8
date
Tue, 07 May 2024 08:57:13 GMT
host-header
c2hhcmVkLmJsdWVob3N0LmNvbQ==
location
https://tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com/?views=&views=&visitorId=6639ece98155ca4b7f92fec8
server
cloudflare
main.c2e3b139.js
tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com/static/js/ 		0
0
main.cfee64ab.css
tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com/static/css/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com
URL
https://tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com/static/js/main.c2e3b139.js
Domain
tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com
URL
https://tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com/static/css/main.cfee64ab.css

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
.xtremewindowcleaningllc.com/ Name: _cfuvid
Value: P86FK6PNEHK0mPcxuH0GiObuLuCukqZqoDjZU_SfMQ0-1715072233859-0.0.1.1-604800000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

me2.do
tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com
tracking-package-ups.id-66598887.cas.ind.in
xtremewindowcleaningllc.com
tracking-id-xtqr2wq.updatepacking.information.userid.calligraphyuae.com
125.209.210.90
170.64.217.236
172.66.0.70
66.235.200.145