Report - admin.fedex-returns-demo.com/

Report Overview

Submitted URL
admin.fedex-returns-demo.com/
IP
40.69.210.172
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2024-04-20 16:30:00
Access
public
Website Title
Login
Final URL
admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
48

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
admin.fedex-returns-demo.com	unknown	2023-03-09	2023-03-09	2023-07-18	10 kB	1.3 MB	40.69.210.172
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-04-20	506 B	207 kB	142.250.74.131
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	420 B	1.3 kB	142.250.74.164

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-20	medium	admin.fedex-returns-demo.com/	FedEx Corporation
2024-04-20	medium	admin.fedex-returns-demo.com/	FedEx Corporation
2024-04-20	medium	admin.fedex-returns-demo.com/	FedEx Corporation
2024-04-20	medium	admin.fedex-returns-demo.com/	FedEx Corporation
2024-04-20	medium	admin.fedex-returns-demo.com/	FedEx Corporation
2024-04-20	medium	admin.fedex-returns-demo.com/	FedEx Corporation
2024-04-20	medium	admin.fedex-returns-demo.com/	FedEx Corporation
2024-04-20	medium	admin.fedex-returns-demo.com/	FedEx Corporation
2024-04-20	medium	admin.fedex-returns-demo.com/	FedEx Corporation
2024-04-20	medium	admin.fedex-returns-demo.com/	FedEx Corporation
2024-04-20	medium	admin.fedex-returns-demo.com/	FedEx Corporation

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-20	medium	fedex-returns-demo.com	Sinkholed
2024-04-20	medium	fedex-returns-demo.com	Sinkholed
2024-04-20	medium	fedex-returns-demo.com	Sinkholed
2024-04-20	medium	fedex-returns-demo.com	Sinkholed
2024-04-20	medium	fedex-returns-demo.com	Sinkholed
2024-04-20	medium	fedex-returns-demo.com	Sinkholed
2024-04-20	medium	fedex-returns-demo.com	Sinkholed
2024-04-20	medium	fedex-returns-demo.com	Sinkholed
2024-04-20	medium	fedex-returns-demo.com	Sinkholed
2024-04-20	medium	fedex-returns-demo.com	Sinkholed
2024-04-20	medium	fedex-returns-demo.com	Sinkholed
2024-04-20	medium	fedex-returns-demo.com	Sinkholed
2024-04-20	medium	fedex-returns-demo.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	admin.fedex-returns-demo.com/ace-scripts?v=gRs2q8xHMr-tnDbdclWcIiOXTrH6DAfNXqC9Bis_MSk1	176 kB	2023-03-08	2024-04-20
Pretty URL admin.fedex-returns-demo.com/ace-scripts?v=gRs2q8xHMr-tnDbdclWcIiOXTrH6DAfNXqC9Bis_MSk1 IP 40.69.210.172 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:03:18 Last Seen2024-04-20 18:30:01 Times Seen40 Hash 31970ba4ed632984ef64f004dc5b9738 b094d4ffba1979bfb47869f9dc48ef861992d713 4956b369108a2dc496a98a0cba933e29493b1bb39a554a3a453c7314420c3286 Loading...

	admin.fedex-returns-demo.com/CustomValidation?v=2xlpqRlloJdFAZGnJRdtJ6pjeH9Iad4gqD3kYVeGNXU1	92 B	2023-03-08	2024-04-20
Pretty URL admin.fedex-returns-demo.com/CustomValidation?v=2xlpqRlloJdFAZGnJRdtJ6pjeH9Iad4gqD3kYVeGNXU1 IP 40.69.210.172 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:03:18 Last Seen2024-04-20 18:30:01 Times Seen40 Hash ceffb448ae3d151ffd2993adea957b03 d82008c9c71baf18b9affc49c312478a150b7402 15ed38579efcf4725fbe1cca848ca67fd63ded27d18bfe1778ba0d0767cc4adb Loading...

	admin.fedex-returns-demo.com/CookiesNotification?v=LFDZ7CMyvVXDqVqeR8L38T5nJ0waZFsgvbdsnUdhVdY1	1.5 kB	2023-03-08	2024-04-20
Pretty URL admin.fedex-returns-demo.com/CookiesNotification?v=LFDZ7CMyvVXDqVqeR8L38T5nJ0waZFsgvbdsnUdhVdY1 IP 40.69.210.172 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:03:18 Last Seen2024-04-20 18:30:01 Times Seen40 Hash 3cbe587e751e3bccc3529d2aee45f29f ac358418a9ac73185f3d5bd5c0ca1bc15640b4d0 7a8fababc25d7662aca9ad854fd464f62a0001afe5493d94dbe5027adf5eeb1a Loading...

	admin.fedex-returns-demo.com/Login?v=jjN0JR71_jLO8fKhh5gcOA1w0w5Qc2nOQsf__VaVZHA1	510 B	2024-02-08	2024-04-20
Pretty URL admin.fedex-returns-demo.com/Login?v=jjN0JR71_jLO8fKhh5gcOA1w0w5Qc2nOQsf__VaVZHA1 IP 40.69.210.172 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-08 16:01:10 Last Seen2024-04-20 18:30:01 Times Seen6 Hash 1810f8951a49c11e245bb246462a1149 29cbe88b225af4380aab870f65651b35e65e61bd 4d1b1670c53f0bc46dd72943e82d3db0315eb808437bc79d3c42afcf81845810 Loading...

	www.gstatic.com/recaptcha/releases/QoukH5jSO3sKFzVEA7Vc8VgC/recaptcha__en.js	518 kB	2024-04-16	2024-04-24
Pretty URL www.gstatic.com/recaptcha/releases/QoukH5jSO3sKFzVEA7Vc8VgC/recaptcha__en.js IP 142.250.74.131 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 08:39:13 Last Seen2024-04-24 17:56:53 Times Seen2481 Hash 8326c23d6b3eed35bc3e62f3294587fd edda17e74e53e85073e5eac9cb6be2163dbfa23c 57f03d3ba66117edc152646341120dd3a1d7d71b9a98a3723af5a8ae61bcb3ab Loading...

	www.google.com/recaptcha/api.js	850 B	2024-04-16	2024-04-24
Pretty URL www.google.com/recaptcha/api.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 10:37:30 Last Seen2024-04-24 17:14:37 Times Seen377 Hash 7c792e0e26e2bd74f8e53c7da0d6b8a2 a43099555724ee257f66ca05de55cb56a14c8fca d782a59ef4bab02833ce95b5e9c9bd622f328683659f43a34f1dbcf54f1d4443 Loading...

	admin.fedex-returns-demo.com/jquery?v=DEzkwWg6hhj-1r8WCr8_Kt3FHVCjJ0ru9VTs3DivKcg1	522 kB	2023-03-08	2024-04-20
Pretty URL admin.fedex-returns-demo.com/jquery?v=DEzkwWg6hhj-1r8WCr8_Kt3FHVCjJ0ru9VTs3DivKcg1 IP 40.69.210.172 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:03:18 Last Seen2024-04-20 18:30:01 Times Seen21 Hash a8ead0d9b7e0c6a5e4c1867ce279bf63 00519f31aa4794b567ba17880fc82c484fd43158 358af9e1db048aa03bd0f6cc945e4d15d79db30e47f4104c75aa408a6eb4be2d Loading...

	admin.fedex-returns-demo.com/bootstrap?v=ucQlAB-klukZBdrcmfqyFB759cFHKbm9cLPv5zpnq1E1	64 kB	2023-04-13	2024-04-20
Pretty URL admin.fedex-returns-demo.com/bootstrap?v=ucQlAB-klukZBdrcmfqyFB759cFHKbm9cLPv5zpnq1E1 IP 40.69.210.172 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-13 20:04:06 Last Seen2024-04-20 18:30:01 Times Seen38 Hash 6863e8725b3e5d0842267938b12aee3e 773fa7a3c29de837683d100e4bba4ef1e5754de9 aad21876156ccd6ffd727fdc9cd6b60e12a9a2f8595ac7ec56a6c93dc67367e7 Loading...

HTTP Transactions (15)

URL IP Response Size

admin.fedex-returns-demo.com/

40.69.210.172

302 Found

145 B

URL User Request GET HTTP/2
admin.fedex-returns-demo.com/
IP
40.69.210.172:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerDigiCert, Inc.
Subjectadmin.fedex-returns-demo.com
Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB
ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
145 B (145 bytes)
Hash
8a63de4febd6aacbabbe7fa512d58e5e
240cdc1e0346c2b4475ede4f77fa76693c8155b3
11c66b1efb6ec18317b779536ec46b6db40d4824d144b33bc344556e623a2e52

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	FedEx Corporation
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: text/html; charset=utf-8
date: Sat, 20 Apr 2024 16:29:33 GMT
server: Server
cache-control: private
location: /Account/Login?ReturnUrl=%2f
set-cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00;Path=/;HttpOnly;Secure;Domain=admin.fedex-returns-demo.com
ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00;Path=/;HttpOnly;SameSite=None;Secure;Domain=admin.fedex-returns-demo.com
content-length: 145
requestid: c01d27042fa245de95d2785ff68859cc
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2

admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f

40.69.210.172

200 OK

2.2 kB

URL User Request GET HTTP/2
admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
IP
40.69.210.172:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerDigiCert, Inc.
Subjectadmin.fedex-returns-demo.com
Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB
ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (387), with CRLF, LF line terminators
Size
2.2 kB (2198 bytes)
Hash
3f1176f1364805f78ca9a9446d60a445
e074263c09890e65c8ab544fe6c7de02d037b4f4
db2514c687a7cea63b920b7f203dbaea279b235c7467b30e4b8cf80ec832c130

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	FedEx Corporation
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Account/Login?ReturnUrl=%2f HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1; path=/; secure; HttpOnly
vary: Accept-Encoding
content-length: 2198
strict-transport-security: max-age=10886400; includeSubDomains
requestid: a922ad22be4840e897c66f21a2e22c8e
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2

admin.fedex-returns-demo.com/Content/Login?v=L9mPkktsrum7HuzJLjUrBlmNwBbPHCg7iaiB3vrzvDg1

40.69.210.172

200 OK

1.8 kB

URL GET HTTP/2
admin.fedex-returns-demo.com/Content/Login?v=L9mPkktsrum7HuzJLjUrBlmNwBbPHCg7iaiB3vrzvDg1
IP
40.69.210.172:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Certificate
IssuerDigiCert, Inc.
Subjectadmin.fedex-returns-demo.com
Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB
ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6514), with no line terminators
Size
1.8 kB (1793 bytes)
Hash
87905f5732aa3eb00e2c9c906fda3ba3
9751d83d6db08970ee161e09ad00eecdd9295a62
3dda3345aa4eaa8d41067a2e9b719067dc17342087310cb4d1dee771c1de3c50

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	FedEx Corporation
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Content/Login?v=L9mPkktsrum7HuzJLjUrBlmNwBbPHCg7iaiB3vrzvDg1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
content-length: 1793
requestid: 77633ebb85734ab3b4579efc37b4849c
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2

admin.fedex-returns-demo.com/Content/Bootstrap?v=Da_zAbTMnmX3bd00bJOzzReWRtu7iY-nJt9ugX7LYIc1

40.69.210.172

200 OK

32 kB

URL GET HTTP/2
admin.fedex-returns-demo.com/Content/Bootstrap?v=Da_zAbTMnmX3bd00bJOzzReWRtu7iY-nJt9ugX7LYIc1
IP
40.69.210.172:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Certificate
IssuerDigiCert, Inc.
Subjectadmin.fedex-returns-demo.com
Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB
ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65012), with no line terminators
Size
32 kB (32436 bytes)
Hash
d7c22f9fa8c76bf35ab6f117ed12403f
0eb017a68df9d8a03730c9138e69e865aec1ea36
410494bfbdfb70c5a6d54e9c55c3d4f3a95c616f19338daafe3f86799c1ce9eb

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	FedEx Corporation
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Content/Bootstrap?v=Da_zAbTMnmX3bd00bJOzzReWRtu7iY-nJt9ugX7LYIc1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
content-length: 32436
requestid: eed6749bc2f0471cb2d9b3b2e982d0e1
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2

admin.fedex-returns-demo.com/CustomValidation?v=2xlpqRlloJdFAZGnJRdtJ6pjeH9Iad4gqD3kYVeGNXU1

40.69.210.172

200 OK

200 B

URL GET HTTP/2
admin.fedex-returns-demo.com/CustomValidation?v=2xlpqRlloJdFAZGnJRdtJ6pjeH9Iad4gqD3kYVeGNXU1
IP
40.69.210.172:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Certificate
IssuerDigiCert, Inc.
Subjectadmin.fedex-returns-demo.com
Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB
ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
200 B (200 bytes)
Hash
ceffb448ae3d151ffd2993adea957b03
d82008c9c71baf18b9affc49c312478a150b7402
15ed38579efcf4725fbe1cca848ca67fd63ded27d18bfe1778ba0d0767cc4adb

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	FedEx Corporation
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CustomValidation?v=2xlpqRlloJdFAZGnJRdtJ6pjeH9Iad4gqD3kYVeGNXU1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
content-length: 200
requestid: be64110dee8142b2937d90707829bb06
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2

admin.fedex-returns-demo.com/bootstrap?v=ucQlAB-klukZBdrcmfqyFB759cFHKbm9cLPv5zpnq1E1

40.69.210.172

200 OK

21 kB

URL GET HTTP/2
admin.fedex-returns-demo.com/bootstrap?v=ucQlAB-klukZBdrcmfqyFB759cFHKbm9cLPv5zpnq1E1
IP
40.69.210.172:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Certificate
IssuerDigiCert, Inc.
Subjectadmin.fedex-returns-demo.com
Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB
ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (63736), with no line terminators
Size
21 kB (21188 bytes)
Hash
6863e8725b3e5d0842267938b12aee3e
773fa7a3c29de837683d100e4bba4ef1e5754de9
aad21876156ccd6ffd727fdc9cd6b60e12a9a2f8595ac7ec56a6c93dc67367e7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bootstrap?v=ucQlAB-klukZBdrcmfqyFB759cFHKbm9cLPv5zpnq1E1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
content-length: 21188
requestid: 7c4753e9bc034aea8ca9092ce734c263
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2

admin.fedex-returns-demo.com/CookiesNotification?v=LFDZ7CMyvVXDqVqeR8L38T5nJ0waZFsgvbdsnUdhVdY1

40.69.210.172

200 OK

1.0 kB

URL GET HTTP/2
admin.fedex-returns-demo.com/CookiesNotification?v=LFDZ7CMyvVXDqVqeR8L38T5nJ0waZFsgvbdsnUdhVdY1
IP
40.69.210.172:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Certificate
IssuerDigiCert, Inc.
Subjectadmin.fedex-returns-demo.com
Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB
ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1515), with no line terminators
Size
1.0 kB (1014 bytes)
Hash
3cbe587e751e3bccc3529d2aee45f29f
ac358418a9ac73185f3d5bd5c0ca1bc15640b4d0
7a8fababc25d7662aca9ad854fd464f62a0001afe5493d94dbe5027adf5eeb1a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	FedEx Corporation
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CookiesNotification?v=LFDZ7CMyvVXDqVqeR8L38T5nJ0waZFsgvbdsnUdhVdY1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
content-length: 1014
requestid: c73c2b3a7d2c49619a3b0eaad2654786
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2

admin.fedex-returns-demo.com/Login?v=jjN0JR71_jLO8fKhh5gcOA1w0w5Qc2nOQsf__VaVZHA1

40.69.210.172

200 OK

418 B

URL GET HTTP/2
admin.fedex-returns-demo.com/Login?v=jjN0JR71_jLO8fKhh5gcOA1w0w5Qc2nOQsf__VaVZHA1
IP
40.69.210.172:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Certificate
IssuerDigiCert, Inc.
Subjectadmin.fedex-returns-demo.com
Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB
ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (510), with no line terminators
Size
418 B (418 bytes)
Hash
1810f8951a49c11e245bb246462a1149
29cbe88b225af4380aab870f65651b35e65e61bd
4d1b1670c53f0bc46dd72943e82d3db0315eb808437bc79d3c42afcf81845810

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	FedEx Corporation
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Login?v=jjN0JR71_jLO8fKhh5gcOA1w0w5Qc2nOQsf__VaVZHA1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
content-length: 418
requestid: a1e9aea481674a8ca0179125ced6ceaa
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2

admin.fedex-returns-demo.com/ace-scripts?v=gRs2q8xHMr-tnDbdclWcIiOXTrH6DAfNXqC9Bis_MSk1

40.69.210.172

200 OK

65 kB

URL GET HTTP/2
admin.fedex-returns-demo.com/ace-scripts?v=gRs2q8xHMr-tnDbdclWcIiOXTrH6DAfNXqC9Bis_MSk1
IP
40.69.210.172:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Certificate
IssuerDigiCert, Inc.
Subjectadmin.fedex-returns-demo.com
Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB
ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
65 kB (64782 bytes)
Hash
31970ba4ed632984ef64f004dc5b9738
b094d4ffba1979bfb47869f9dc48ef861992d713
4956b369108a2dc496a98a0cba933e29493b1bb39a554a3a453c7314420c3286

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	FedEx Corporation
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ace-scripts?v=gRs2q8xHMr-tnDbdclWcIiOXTrH6DAfNXqC9Bis_MSk1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
content-length: 64782
requestid: 7842cabeba744ff7aa218e1911fc710f
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2

admin.fedex-returns-demo.com/Content/images/Logos/FedEx/fedex-logo-big.png

40.69.210.172

200 OK

146 kB

URL GET HTTP/2
admin.fedex-returns-demo.com/Content/images/Logos/FedEx/fedex-logo-big.png
IP
40.69.210.172:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Certificate
IssuerDigiCert, Inc.
Subjectadmin.fedex-returns-demo.com
Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB
ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT

File type
PNG image data, 5231 x 1680, 8-bit/color RGBA, non-interlaced
Size
146 kB (146279 bytes)
Hash
6602e3e995c38cfc5bc3af7cb4d4b57f
be22f2c14dd36c60180e7070114b17c701a46dca
52c51dfec6cfc39da2f8ded89bee57ae6be47fe22b5d4d9ea31cf9fbebcf9385

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	FedEx Corporation
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Content/images/Logos/FedEx/fedex-logo-big.png HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Content/Login?v=L9mPkktsrum7HuzJLjUrBlmNwBbPHCg7iaiB3vrzvDg1
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
accept-ranges: bytes
etag: "85cce82d08cda1:0"
last-modified: Thu, 11 Apr 2024 11:05:35 GMT
content-length: 146279
X-Firefox-Spdy: h2

admin.fedex-returns-demo.com/Content/images/Logos/FedEx/favicon.ico

40.69.210.172

200 OK

5.4 kB

URL GET HTTP/2
admin.fedex-returns-demo.com/Content/images/Logos/FedEx/favicon.ico
IP
40.69.210.172:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Certificate
IssuerDigiCert, Inc.
Subjectadmin.fedex-returns-demo.com
Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB
ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
5.4 kB (5430 bytes)
Hash
a53129769d15f251d4e5c5cb966765b4
043d6a7b9cca5d05aba04fc0a3f4527e3ad075e0
eab1b9a0ef942d84e3a8ed8c3e3996acb7a46af9a0b9f914ced662bcbe0e54be

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	FedEx Corporation
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Content/images/Logos/FedEx/favicon.ico HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/x-icon
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
accept-ranges: bytes
etag: "2b1db92d08cda1:0"
last-modified: Thu, 11 Apr 2024 11:05:35 GMT
content-length: 5430
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/QoukH5jSO3sKFzVEA7Vc8VgC/recaptcha__en.js

142.250.74.131

200 OK

206 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/QoukH5jSO3sKFzVEA7Vc8VgC/recaptcha__en.js
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
JavaScript source, ASCII text, with very long lines (597)
Size
206 kB (206057 bytes)
Hash
8326c23d6b3eed35bc3e62f3294587fd
edda17e74e53e85073e5eac9cb6be2163dbfa23c
57f03d3ba66117edc152646341120dd3a1d7d71b9a98a3723af5a8ae61bcb3ab

HTTP Headers

GET /recaptcha/releases/QoukH5jSO3sKFzVEA7Vc8VgC/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://admin.fedex-returns-demo.com
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 206057
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 16:10:43 GMT
expires: Tue, 15 Apr 2025 16:10:43 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Apr 2024 02:01:04 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 433132
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

admin.fedex-returns-demo.com/jquery?v=DEzkwWg6hhj-1r8WCr8_Kt3FHVCjJ0ru9VTs3DivKcg1

40.69.210.172

200 OK

522 kB

URL GET HTTP/2
admin.fedex-returns-demo.com/jquery?v=DEzkwWg6hhj-1r8WCr8_Kt3FHVCjJ0ru9VTs3DivKcg1
IP
40.69.210.172:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Certificate
IssuerDigiCert, Inc.
Subjectadmin.fedex-returns-demo.com
Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB
ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT

File type

Size
522 kB (521813 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jquery?v=DEzkwWg6hhj-1r8WCr8_Kt3FHVCjJ0ru9VTs3DivKcg1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
requestid: 1afc45639e9a4f108de6cbeecd097df2
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2

admin.fedex-returns-demo.com/Content/ace-theme?v=xaKtRanB--9ithTMYwPE8ITEOZu3gNU-vuhGaXqtbWY1

40.69.210.172

200 OK

507 kB

URL GET HTTP/2
admin.fedex-returns-demo.com/Content/ace-theme?v=xaKtRanB--9ithTMYwPE8ITEOZu3gNU-vuhGaXqtbWY1
IP
40.69.210.172:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Certificate
IssuerDigiCert, Inc.
Subjectadmin.fedex-returns-demo.com
Fingerprint26:1E:3B:28:AA:AF:CB:E8:CD:62:68:AE:A1:07:03:7A:1A:39:DC:AB
ValidityMon, 01 Apr 2024 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT

File type

Size
507 kB (507355 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	FedEx Corporation
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Content/ace-theme?v=xaKtRanB--9ithTMYwPE8ITEOZu3gNU-vuhGaXqtbWY1 HTTP/1.1
Host: admin.fedex-returns-demo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Cookie: ARRAffinity=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; ARRAffinitySameSite=f5fc5fc3d5b08f9d845fabe21e1789ffaac1d29e1628cab01c21b75a21e2da00; __RequestVerificationToken=Rt4mrExIgi_wgwdhLfaBxsGpjgIOVADdP7Ec4gQpre1hHsFptJFbWKYryAYg6Z-ekgr7-gRu24k8stKEd4mNaEmWLmdLKYKh-sMTnKwI8Pw1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
date: Sat, 20 Apr 2024 16:29:34 GMT
server: Server
cache-control: public
content-encoding: gzip
expires: Sun, 20 Apr 2025 16:29:34 GMT
last-modified: Sat, 20 Apr 2024 16:29:34 GMT
vary: User-Agent,Accept-Encoding
requestid: dc4add0efffd401ea67641ce08911b2c
x-frame-options: SAMEORIGIN
request-context: appId=cid-v1:7fe9fd9c-05d3-4f7f-94e6-6a8c07f5041b
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js

142.250.74.164

200 OK

850 B

URL GET HTTP/2
www.google.com/recaptcha/api.js
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://admin.fedex-returns-demo.com/Account/Login?ReturnUrl=%2f
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintCD:48:2A:0C:60:1D:37:5A:D4:D5:A9:F7:DE:A0:2B:5E:2F:29:76:73
ValidityMon, 18 Mar 2024 20:38:49 GMT - Mon, 10 Jun 2024 20:38:48 GMT

File type
JavaScript source, ASCII text, with very long lines (850), with no line terminators
Size
850 B (850 bytes)
Hash
7c792e0e26e2bd74f8e53c7da0d6b8a2
a43099555724ee257f66ca05de55cb56a14c8fca
d782a59ef4bab02833ce95b5e9c9bd622f328683659f43a34f1dbcf54f1d4443

HTTP Headers

GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://admin.fedex-returns-demo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Sat, 20 Apr 2024 16:29:34 GMT
date: Sat, 20 Apr 2024 16:29:34 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML