| admin.fedex-returns-demo.com/ | 40.69.210.172 | 302 Found | 145 B |
URL User Request GET HTTP/2admin.fedex-returns-demo.com/ IP40.69.210.172:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerDigiCert, Inc. Subjectadmin.fedex-returns-demo.com Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash8a63de4febd6aacbabbe7fa512d58e5e 240cdc1e0346c2b4475ede4f77fa76693c8155b3 11c66b1efb6ec18317b779536ec46b6db40d4824d144b33bc344556e623a2e52
Analyzer | Verdict | Alert | OpenPhish | phishing | FedEx Corporation | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: text/html; charset=utf-8
date: Sat, 20 Apr 2024 16:29:33 GMT
server: Server
cache-control: private
location: /Account/Login?ReturnUrl=%2f
set-cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00;Path=/;HttpOnly;Secure;Domain=admin.fedex-returns-demo.com
ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00;Path=/;HttpOnly;SameSite=None;Secure;Domain=admin.fedex-returns-demo.com
content-length: 145
requestid: c01d27042fa245de95d2785ff68859cc
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2
|
|
| admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f | 40.69.210.172 | 200 OK | 2.2 kB |
URL User Request GET HTTP/2admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f IP40.69.210.172:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerDigiCert, Inc. Subjectadmin.fedex-returns-demo.com Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (387), with CRLF, LF line terminators Hash3f1176f1364805f78ca9a9446d60a445 e074263c09890e65c8ab544fe6c7de02d037b4f4 db2514c687a7cea63b920b7f203dbaea279b235c7467b30e4b8cf80ec832c130
Analyzer | Verdict | Alert | OpenPhish | phishing | FedEx Corporation | Quad9 DNS | malicious | Sinkholed |
GET /Account/Login?ReturnUrl=%2f HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1; path=/; secure; HttpOnly
vary: Accept-Encoding
content-length: 2198
strict-transport-security: max-age=10886400; includeSubDomains
requestid: a922ad22be4840e897c66f21a2e22c8e
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2
|
|
| admin.fedex-returns-demo.com/Content/Login?v=L9mPkktsrum7HuzJLjUrBlmNwBbPHCg7iaiB3vrzvDg1 | 40.69.210.172 | 200 OK | 1.8 kB |
URL GET HTTP/2admin.fedex-returns-demo.com/Content/Login?v=L9mPkktsrum7HuzJLjUrBlmNwBbPHCg7iaiB3vrzvDg1 IP40.69.210.172:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f CertificateIssuerDigiCert, Inc. Subjectadmin.fedex-returns-demo.com Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT
File typeASCII text, with very long lines (6514), with no line terminators Hash87905f5732aa3eb00e2c9c906fda3ba3 9751d83d6db08970ee161e09ad00eecdd9295a62 3dda3345aa4eaa8d41067a2e9b719067dc17342087310cb4d1dee771c1de3c50
Analyzer | Verdict | Alert | OpenPhish | phishing | FedEx Corporation | Quad9 DNS | malicious | Sinkholed |
GET /Content/Login?v=L9mPkktsrum7HuzJLjUrBlmNwBbPHCg7iaiB3vrzvDg1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
content-length: 1793
requestid: 77633ebb85734ab3b4579efc37b4849c
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2
|
|
| admin.fedex-returns-demo.com/Content/Bootstrap?v=Da_zAbTMnmX3bd00bJOzzReWRtu7iY-nJt9ugX7LYIc1 | 40.69.210.172 | 200 OK | 32 kB |
URL GET HTTP/2admin.fedex-returns-demo.com/Content/Bootstrap?v=Da_zAbTMnmX3bd00bJOzzReWRtu7iY-nJt9ugX7LYIc1 IP40.69.210.172:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f CertificateIssuerDigiCert, Inc. Subjectadmin.fedex-returns-demo.com Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (65012), with no line terminators Hashd7c22f9fa8c76bf35ab6f117ed12403f 0eb017a68df9d8a03730c9138e69e865aec1ea36 410494bfbdfb70c5a6d54e9c55c3d4f3a95c616f19338daafe3f86799c1ce9eb
Analyzer | Verdict | Alert | OpenPhish | phishing | FedEx Corporation | Quad9 DNS | malicious | Sinkholed |
GET /Content/Bootstrap?v=Da_zAbTMnmX3bd00bJOzzReWRtu7iY-nJt9ugX7LYIc1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
content-length: 32436
requestid: eed6749bc2f0471cb2d9b3b2e982d0e1
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2
|
|
| admin.fedex-returns-demo.com/CustomValidation?v=2xlpqRlloJdFAZGnJRdtJ6pjeH9Iad4gqD3kYVeGNXU1 | 40.69.210.172 | 200 OK | 200 B |
URL GET HTTP/2admin.fedex-returns-demo.com/CustomValidation?v=2xlpqRlloJdFAZGnJRdtJ6pjeH9Iad4gqD3kYVeGNXU1 IP40.69.210.172:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f CertificateIssuerDigiCert, Inc. Subjectadmin.fedex-returns-demo.com Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashceffb448ae3d151ffd2993adea957b03 d82008c9c71baf18b9affc49c312478a150b7402 15ed38579efcf4725fbe1cca848ca67fd63ded27d18bfe1778ba0d0767cc4adb
Analyzer | Verdict | Alert | OpenPhish | phishing | FedEx Corporation | Quad9 DNS | malicious | Sinkholed |
GET /CustomValidation?v=2xlpqRlloJdFAZGnJRdtJ6pjeH9Iad4gqD3kYVeGNXU1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
content-length: 200
requestid: be64110dee8142b2937d90707829bb06
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2
|
|
| admin.fedex-returns-demo.com/bootstrap?v=ucQlAB-klukZBdrcmfqyFB759cFHKbm9cLPv5zpnq1E1 | 40.69.210.172 | 200 OK | 21 kB |
URL GET HTTP/2admin.fedex-returns-demo.com/bootstrap?v=ucQlAB-klukZBdrcmfqyFB759cFHKbm9cLPv5zpnq1E1 IP40.69.210.172:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f CertificateIssuerDigiCert, Inc. Subjectadmin.fedex-returns-demo.com Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (63736), with no line terminators Hash6863e8725b3e5d0842267938b12aee3e 773fa7a3c29de837683d100e4bba4ef1e5754de9 aad21876156ccd6ffd727fdc9cd6b60e12a9a2f8595ac7ec56a6c93dc67367e7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bootstrap?v=ucQlAB-klukZBdrcmfqyFB759cFHKbm9cLPv5zpnq1E1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
content-length: 21188
requestid: 7c4753e9bc034aea8ca9092ce734c263
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2
|
|
| admin.fedex-returns-demo.com/CookiesNotification?v=LFDZ7CMyvVXDqVqeR8L38T5nJ0waZFsgvbdsnUdhVdY1 | 40.69.210.172 | 200 OK | 1.0 kB |
URL GET HTTP/2admin.fedex-returns-demo.com/CookiesNotification?v=LFDZ7CMyvVXDqVqeR8L38T5nJ0waZFsgvbdsnUdhVdY1 IP40.69.210.172:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f CertificateIssuerDigiCert, Inc. Subjectadmin.fedex-returns-demo.com Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1515), with no line terminators Hash3cbe587e751e3bccc3529d2aee45f29f ac358418a9ac73185f3d5bd5c0ca1bc15640b4d0 7a8fababc25d7662aca9ad854fd464f62a0001afe5493d94dbe5027adf5eeb1a
Analyzer | Verdict | Alert | OpenPhish | phishing | FedEx Corporation | Quad9 DNS | malicious | Sinkholed |
GET /CookiesNotification?v=LFDZ7CMyvVXDqVqeR8L38T5nJ0waZFsgvbdsnUdhVdY1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
content-length: 1014
requestid: c73c2b3a7d2c49619a3b0eaad2654786
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2
|
|
| admin.fedex-returns-demo.com/Login?v=jjN0JR71_jLO8fKhh5gcOA1w0w5Qc2nOQsf__VaVZHA1 | 40.69.210.172 | 200 OK | 418 B |
URL GET HTTP/2admin.fedex-returns-demo.com/Login?v=jjN0JR71_jLO8fKhh5gcOA1w0w5Qc2nOQsf__VaVZHA1 IP40.69.210.172:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f CertificateIssuerDigiCert, Inc. Subjectadmin.fedex-returns-demo.com Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (510), with no line terminators Hash1810f8951a49c11e245bb246462a1149 29cbe88b225af4380aab870f65651b35e65e61bd 4d1b1670c53f0bc46dd72943e82d3db0315eb808437bc79d3c42afcf81845810
Analyzer | Verdict | Alert | OpenPhish | phishing | FedEx Corporation | Quad9 DNS | malicious | Sinkholed |
GET /Login?v=jjN0JR71_jLO8fKhh5gcOA1w0w5Qc2nOQsf__VaVZHA1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
content-length: 418
requestid: a1e9aea481674a8ca0179125ced6ceaa
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2
|
|
| admin.fedex-returns-demo.com/ace-scripts?v=gRs2q8xHMr-tnDbdclWcIiOXTrH6DAfNXqC9Bis_MSk1 | 40.69.210.172 | 200 OK | 65 kB |
URL GET HTTP/2admin.fedex-returns-demo.com/ace-scripts?v=gRs2q8xHMr-tnDbdclWcIiOXTrH6DAfNXqC9Bis_MSk1 IP40.69.210.172:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f CertificateIssuerDigiCert, Inc. Subjectadmin.fedex-returns-demo.com Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash31970ba4ed632984ef64f004dc5b9738 b094d4ffba1979bfb47869f9dc48ef861992d713 4956b369108a2dc496a98a0cba933e29493b1bb39a554a3a453c7314420c3286
Analyzer | Verdict | Alert | OpenPhish | phishing | FedEx Corporation | Quad9 DNS | malicious | Sinkholed |
GET /ace-scripts?v=gRs2q8xHMr-tnDbdclWcIiOXTrH6DAfNXqC9Bis_MSk1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
content-length: 64782
requestid: 7842cabeba744ff7aa218e1911fc710f
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2
|
|
| admin.fedex-returns-demo.com/Content/images/Logos/FedEx/fedex-logo-big.png | 40.69.210.172 | 200 OK | 146 kB |
URL GET HTTP/2admin.fedex-returns-demo.com/Content/images/Logos/FedEx/fedex-logo-big.png IP40.69.210.172:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f CertificateIssuerDigiCert, Inc. Subjectadmin.fedex-returns-demo.com Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT
File typePNG image data, 5231 x 1680, 8-bit/color RGBA, non-interlaced Size146 kB (146279 bytes) Hash6602e3e995c38cfc5bc3af7cb4d4b57f be22f2c14dd36c60180e7070114b17c701a46dca 52c51dfec6cfc39da2f8ded89bee57ae6be47fe22b5d4d9ea31cf9fbebcf9385
Analyzer | Verdict | Alert | OpenPhish | phishing | FedEx Corporation | Quad9 DNS | malicious | Sinkholed |
GET /Content/images/Logos/FedEx/fedex-logo-big.png HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Content/Login?v=L9mPkktsrum7HuzJLjUrBlmNwBbPHCg7iaiB3vrzvDg1
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
accept-ranges: bytes
etag: "85cce82d08cda1:0"
last-modified: Thu, 11 Apr 2024 11:05:35 GMT
content-length: 146279
X-Firefox-Spdy: h2
|
|
| admin.fedex-returns-demo.com/Content/images/Logos/FedEx/favicon.ico | 40.69.210.172 | 200 OK | 5.4 kB |
URL GET HTTP/2admin.fedex-returns-demo.com/Content/images/Logos/FedEx/favicon.ico IP40.69.210.172:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f CertificateIssuerDigiCert, Inc. Subjectadmin.fedex-returns-demo.com Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT
File typeMS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel Hasha53129769d15f251d4e5c5cb966765b4 043d6a7b9cca5d05aba04fc0a3f4527e3ad075e0 eab1b9a0ef942d84e3a8ed8c3e3996acb7a46af9a0b9f914ced662bcbe0e54be
Analyzer | Verdict | Alert | OpenPhish | phishing | FedEx Corporation | Quad9 DNS | malicious | Sinkholed |
GET /Content/images/Logos/FedEx/favicon.ico HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
accept-ranges: bytes
etag: "2b1db92d08cda1:0"
last-modified: Thu, 11 Apr 2024 11:05:35 GMT
content-length: 5430
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/QoukH5jSO3sKFzVEA7Vc8VgC/recaptcha__en.js | 142.250.74.131 | 200 OK | 206 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/QoukH5jSO3sKFzVEA7Vc8VgC/recaptcha__en.js IP142.250.74.131:443
Requested byhttps://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeJavaScript source, ASCII text, with very long lines (597) Size206 kB (206057 bytes) Hash8326c23d6b3eed35bc3e62f3294587fd edda17e74e53e85073e5eac9cb6be2163dbfa23c 57f03d3ba66117edc152646341120dd3a1d7d71b9a98a3723af5a8ae61bcb3ab
GET /recaptcha/releases/QoukH5jSO3sKFzVEA7Vc8VgC/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://admin.fedex-returns-demo.com
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 206057
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 16:10:43 GMT
expires: Tue, 15 Apr 2025 16:10:43 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Apr 2024 02:01:04 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 433132
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| admin.fedex-returns-demo.com/jquery?v=DEzkwWg6hhj-1r8WCr8_Kt3FHVCjJ0ru9VTs3DivKcg1 | 40.69.210.172 | 200 OK | 522 kB |
URL GET HTTP/2admin.fedex-returns-demo.com/jquery?v=DEzkwWg6hhj-1r8WCr8_Kt3FHVCjJ0ru9VTs3DivKcg1 IP40.69.210.172:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f CertificateIssuerDigiCert, Inc. Subjectadmin.fedex-returns-demo.com Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT
Size522 kB (521813 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /jquery?v=DEzkwWg6hhj-1r8WCr8_Kt3FHVCjJ0ru9VTs3DivKcg1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
requestid: 1afc45639e9a4f108de6cbeecd097df2
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2
|
|
| admin.fedex-returns-demo.com/Content/ace-theme?v=xaKtRanB--9ithTMYwPE8ITEOZu3gNU-vuhGaXqtbWY1 | 40.69.210.172 | 200 OK | 507 kB |
URL GET HTTP/2admin.fedex-returns-demo.com/Content/ace-theme?v=xaKtRanB--9ithTMYwPE8ITEOZu3gNU-vuhGaXqtbWY1 IP40.69.210.172:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f CertificateIssuerDigiCert, Inc. Subjectadmin.fedex-returns-demo.com Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT
Size507 kB (507355 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | FedEx Corporation | Quad9 DNS | malicious | Sinkholed |
GET /Content/ace-theme?v=xaKtRanB--9ithTMYwPE8ITEOZu3gNU-vuhGaXqtbWY1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
requestid: dc4add0efffd401ea67641ce08911b2c
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api.js | 142.250.74.164 | 200 OK | 850 B |
URL GET HTTP/2www.google.com/recaptcha/api.js IP142.250.74.164:443
Requested byhttps://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintCD:48:2A:0C:60:1D:37:5A:D4:D5:A9:F7:DE:A0:2B:5E:2F:29:76:73 ValidityMon, 18 Mar 2024 20:38:49 GMT - Mon, 10 Jun 2024 20:38:48 GMT
File typeJavaScript source, ASCII text, with very long lines (850), with no line terminators Hash7c792e0e26e2bd74f8e53c7da0d6b8a2 a43099555724ee257f66ca05de55cb56a14c8fca d782a59ef4bab02833ce95b5e9c9bd622f328683659f43a34f1dbcf54f1d4443
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Sat, 20 Apr 2024 16:29:34 GMT
date: Sat, 20 Apr 2024 16:29:34 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|