Report - tracki.fedexe.shop/fedex

Report Overview

Submitted URL
tracki.fedexe.shop/fedex
IP
104.168.144.24
ASN
#54290 HOSTWINDS
Submitted
2023-01-01 05:19:38
Access
Website Title
Final URL
Tags
fedex logistics phishing
urlquery detections
Phishing - FedEx

Detections

urlquery
6
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
cdn.jsdelivr.net	439	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	398 B	8.3 kB	151.101.129.229
code.jquery.com	634	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	378 B	25 kB	69.16.175.42
ka-f.fontawesome.com	3598	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	181 kB	172.64.168.22
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.76.226
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.0 kB	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.89.217.163
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	438 B	1.8 kB	142.250.74.74
kit.fontawesome.com	1868	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	404 B	650 B	104.18.23.52
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	368 B	1.9 kB	104.18.21.226
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
tracki.fedexe.shop	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.2 kB	78 kB	104.168.144.24
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	343 B	700 B	216.58.211.3
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	45 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-12-31	medium	tracki.fedexe.shop/fedex	FedEx Corporation

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-01	medium	tracki.fedexe.shop/fedex	Phishing
2023-01-01	medium	tracki.fedexe.shop/fedex/	Phishing
2023-01-01	medium	tracki.fedexe.shop/images/circle-exclamation-solid.svg	Phishing
2023-01-01	medium	tracki.fedexe.shop/fedex/assets/js/bootstrap.min.js	Phishing
2023-01-01	medium	tracki.fedexe.shop/fedex/assets/img/fx-favicon.ico	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-01-01	medium	fedexe.shop	Sinkholed
2023-01-01	medium	fedexe.shop	Sinkholed
2023-01-01	medium	fedexe.shop	Sinkholed
2023-01-01	medium	fedexe.shop	Sinkholed
2023-01-01	medium	fedexe.shop	Sinkholed
2023-01-01	medium	fedexe.shop	Sinkholed
2023-01-01	medium	fedexe.shop	Sinkholed
2023-01-01	medium	fedexe.shop	Sinkholed
2023-01-01	medium	fedexe.shop	Sinkholed
2023-01-01	medium	fedexe.shop	Sinkholed
2023-01-01	medium	fedexe.shop	Sinkholed

JavaScript (5)

	URL	Size	First Seen	Last Seen
	cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js	21 kB	2023-03-07	2024-05-04
Pretty URL cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-05-04 18:36:58 Times Seen6041 Hash 1022eaf388cc780bcfeb6456157adb7d 313789ca0e31b654784dbba8b0f83f364f8683b4 fe28dc38bc057f6eb11180235bbe458b3295a39b674d889075d3d9a0b5071d9f Loading...

	code.jquery.com/jquery-3.5.1.slim.min.js	72 kB	2023-03-07	2024-05-04
Pretty URL code.jquery.com/jquery-3.5.1.slim.min.js IP 69.16.175.42 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:10 Last Seen2024-05-04 12:56:43 Times Seen3270 Hash fb8409a092adc6e8be17e87d59e0595e cf8d9821552d51bb50ce572e696aba1309065800 e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db Loading...

	kit.fontawesome.com/94f32119b6.js	11 kB	2023-03-08	2023-03-12
Pretty URL kit.fontawesome.com/94f32119b6.js IP 104.18.23.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:35:02 Last Seen2023-03-12 12:43:15 Times Seen1 Hash d60c754112f61158c27239cc318080fa 755715af740a2a99c2c7d64f6082508f4c1a1064 a15f3a9bd71e340246f66879487c43298ac79fbcbe9c4610a4281df9c6005fe9 Loading...

	tracki.fedexe.shop/fedex/assets/js/bootstrap.min.js	64 kB	2023-03-07	2024-05-04
Pretty URL tracki.fedexe.shop/fedex/assets/js/bootstrap.min.js IP 104.168.144.24 ASN #54290 HOSTWINDS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:47 Last Seen2024-05-04 21:39:04 Times Seen8782 Hash f0c2bcf5ef0c4476508d79ec9cdcce07 3beed68ed7d753c6bf4f61c26386ddd7929ba030 edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba Loading...

	tracki.fedexe.shop/fedex/	636 B	2023-03-12	2023-03-12
Pretty URL tracki.fedexe.shop/fedex/ IP 104.168.144.24 ASN #54290 HOSTWINDS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 12:25:53 Last Seen2023-03-12 12:43:15 Times Seen1 Hash a3782955727bb41711206373db192c24 9dcb37f87c84ebc1cc8d560c5bb5e47d321917c5 b3254c90f31bf0bc5b040417091b07906b0afd6accc666bdfce3714b24ab62a4 Loading...

HTTP Transactions (44)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ab3625faa748b97df39d95f3265ccd14
3930df2e3cb45a1abe47de735002fba535de4f08
0b0a1eb64c4a23598884f08be0a9694c8fcaeffc4b0df790a678104f44fe1c14

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0B0A1EB64C4A23598884F08BE0A9694C8FCAEFFC4B0DF790A678104F44FE1C14"
Last-Modified: Fri, 30 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12815
Expires: Sun, 01 Jan 2023 08:53:02 GMT
Date: Sun, 01 Jan 2023 05:19:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5c6a87f6d6b5c54dcb1b630ae6001c73
e0315c9936d6f2f58ff7d078e74a8ec7802265a8
d88ef07b9fcfb42d27a490cb57df4adaf3261efc7d0b38246db387da3ca32a8d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D88EF07B9FCFB42D27A490CB57DF4ADAF3261EFC7D0B38246DB387DA3CA32A8D"
Last-Modified: Fri, 30 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5727
Expires: Sun, 01 Jan 2023 06:54:54 GMT
Date: Sun, 01 Jan 2023 05:19:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6d6d99cd1201f65eeb7d437b62bad1f3
6d5e41d7a2786ccaad7c7276ecdd9411f8cbd6ba
db2b42007fc4ad126c8af8d7cce27af88947231d09ded56da33cfee3d2594e23

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DB2B42007FC4AD126C8AF8D7CCE27AF88947231D09DED56DA33CFEE3D2594E23"
Last-Modified: Fri, 30 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13095
Expires: Sun, 01 Jan 2023 08:57:42 GMT
Date: Sun, 01 Jan 2023 05:19:27 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 01 Jan 2023 04:35:49 GMT
content-type: application/json
age: 2618
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: R+HZ2MNoiTRkC/kMLn/Upbcb+rI4/C+LzmTcSAl+2Y1sCRNrqJLKqmj4Uu8SslowA169NVnGCA0=
x-amz-request-id: 715VQ197YTYHAVZE
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 01 Jan 2023 04:59:56 GMT
age: 1171
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 01 Jan 2023 05:19:27 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2c7aaa19eb4b17c8cef69a13bedc5c40
76890fe5fc9f045b725b1f1cac02dcf2e0487931
114a98463b06ec2f3810fc89896a0e37bdd2b8533c098c4230a4c77a81224203

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "114A98463B06EC2F3810FC89896A0E37BDD2B8533C098C4230A4C77A81224203"
Last-Modified: Sat, 31 Dec 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21594
Expires: Sun, 01 Jan 2023 11:19:21 GMT
Date: Sun, 01 Jan 2023 05:19:27 GMT
Connection: keep-alive

tracki.fedexe.shop/fedex

104.168.144.24

301 Moved Permanently

310 B

URL HTTP/2
tracki.fedexe.shop/fedex
IP
104.168.144.24:0
ASN
#54290 HOSTWINDS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
310 B (310 bytes)
Hash
5004c62bc2bae358258d7e23a76f76ba
454a86c0e24aaf6528c702ff7309c8b4c90155da
64e16f79e184bd3fda1728fa57f69225388cd72844a101606084d6c572d7fd09

Detections

Analyzer	Verdict	Alert
openphish	FedEx Corporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /fedex HTTP/1.1
Host: tracki.fedexe.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
location: https://tracki.fedexe.shop/fedex/
content-length: 310
content-type: text/html; charset=iso-8859-1
date: Sun, 01 Jan 2023 05:19:27 GMT
server: Apache
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Last-Modified, Retry-After, Content-Type, Alert, Pragma, ETag, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 01 Jan 2023 05:08:11 GMT
age: 676
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
afc798d7819a9c19437d20a92eb6f6ec
badde0ed90ac423d5796dc35808a3cd6cec09820
f101fbf84795c278d89aafdadf23cca6c5010b372a48d39a5354555bfb961e61

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2753
Cache-Control: max-age=102795
Content-Type: application/ocsp-response
Date: Sun, 01 Jan 2023 05:19:28 GMT
Etag: "63affbaa-1d7"
Expires: Mon, 02 Jan 2023 09:52:43 GMT
Last-Modified: Sat, 31 Dec 2022 09:06:50 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.89.217.163

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.217.163:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: y0Aef3KOI/gCwgkHdoCPFg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xQYOQVaA1W+H4WqOGuzVQRtlUd4=

tracki.fedexe.shop/fedex/

104.168.144.24

200 OK

5.6 kB

URL HTTP/2
tracki.fedexe.shop/fedex/
IP
104.168.144.24:0
ASN
#54290 HOSTWINDS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (444)
Size
5.6 kB (5614 bytes)
Hash
4f24755cf2c319811bc84cbcfb7b711a
8ffa0d9336225819155186aa86ddc42fb578405e
ab2ae4560900944ef2834d3d0307ae264daf0f30eb398ff0c1a087f90d4e2ce9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /fedex/ HTTP/1.1
Host: tracki.fedexe.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=b9crohputnp90p82blaogg5ve4; path=/
vary: Accept-Encoding
content-encoding: gzip
content-length: 5614
content-type: text/html; charset=UTF-8
date: Sun, 01 Jan 2023 05:19:27 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
2d0499f737b43826c7a032be74dc8e6f
79ab4a9e81941181c73c041e0995b60229f17536
fbe9fb20a04380add9baf3e908d4267532fb71c908be819b7d5f225f2fd02d3a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1725
Cache-Control: max-age=112570
Content-Type: application/ocsp-response
Date: Sun, 01 Jan 2023 05:19:28 GMT
Etag: "63b025dd-1d7"
Expires: Mon, 02 Jan 2023 12:35:38 GMT
Last-Modified: Sat, 31 Dec 2022 12:06:53 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js

151.101.129.229

200 OK

7.5 kB

URL HTTP/2
cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js
IP
151.101.129.229:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (21060)
Size
7.5 kB (7503 bytes)
Hash
1f61c1b15b25ba046056238766ff3a43
2b8db740e4e913e9dc87a6060dea2a6b17ad0ec8
fe78a2c604b4757dd5d114e0efb7e74c8f4acfe840bf6b6c01517205744a7648

HTTP Headers

GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tracki.fedexe.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.16.1
x-jsd-version-type: version
etag: W/"52f1-MTeJyg4xtlR4TbuosPg/Nk+Gg7Q"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 01 Jan 2023 05:19:28 GMT
age: 18840574
x-served-by: cache-fra19126-FRA, cache-bma1625-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 7503
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.5.1.slim.min.js

69.16.175.42

200 OK

25 kB

URL HTTP/2
code.jquery.com/jquery-3.5.1.slim.min.js
IP
69.16.175.42:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (65245)
Size
25 kB (24606 bytes)
Hash
63f8c134408852106835db2f928cf0e0
7ca0035d2a05154f1f93e19793b2298973cc8733
2555d061e6c2337cc0b62e309c8d0464e8f88d6a44dab74246c37cd0154d73a5

HTTP Headers

GET /jquery-3.5.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tracki.fedexe.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 01 Jan 2023 05:19:28 GMT
content-encoding: gzip
content-length: 24606
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-11abc"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-sp-metadata: HS256.CPDLxJ0GEoYBCiRjOGQxZmRkMS1jOWIzLTQyNTYtYmE1MC0wYmRmNTZiNzU1Y2YQ+OiCoKvU+wIaBgjgr8SdBiIMOTEuOTAuNDIuMTU0KOIaMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaLAgBEiQ4YTZlYmRiNy1kZmNjLTQxNjUtOGE0MS1kYzgwYmIwY2JmMDUYnsABIhgIAhIUY2RzMjAyLnNrMS5od2Nkbi5uZXQ=.v4cQqAfQ9elfo7G+yrkDSA7ZGL2/lXCHiouAKiFhMx0=
x-hw: 1672550368.dop228.sk1.t,1672550368.cds246.sk1.hn,1672550368.cds202.sk1.c
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
81c87a3f088331ce54f7b42d3815e4d7
93f7ac5fa21edef94d130988ab2833a36a8db38d
e493ad44a81a5773112904c8141b028cac7298d3cf1b44368291d9a0a3b800d7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 01 Jan 2023 05:19:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4

104.18.21.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
2f9c45a5508240c1b46efe345762f43d
9abdc50d3d0ec507f5d143e2e6434dab60979172
e5d62612123aa5d7845041cfc57376ccf224bd8a8b71b51878348e58fa58b8ba

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 01 Jan 2023 05:19:28 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "0450B085103E0B40B3F4FFC132AFD18114A31A34"
Expires: Sun, 01 Jan 2023 17:00:00 GMT
Last-Modified: Sun, 01 Jan 2023 05:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 212
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7828ccdc7c51b4ff-OSL

fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600;700;800;900&display=swap

142.250.74.74

200 OK

1.0 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600;700;800;900&display=swap
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
data
Size
1.0 kB (1040 bytes)
Hash
42630ce592e602ddf352f471a4941e12
39a34c86620696dc9e19b0a842ed819091998c33
9f6799fe0d4c796277cbdc48765858d8c0b40e4e9c60f62219bcf18960c2e587

HTTP Headers

GET /css2?family=Poppins:wght@300;400;500;600;700;800;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tracki.fedexe.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 01 Jan 2023 05:19:28 GMT
date: Sun, 01 Jan 2023 05:19:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

tracki.fedexe.shop/fedex/assets/css/main.css

104.168.144.24

200 OK

2.5 kB

URL HTTP/2
tracki.fedexe.shop/fedex/assets/css/main.css
IP
104.168.144.24:0
ASN
#54290 HOSTWINDS

File type
Unicode text, UTF-8 text
Size
2.5 kB (2470 bytes)
Hash
b4916c90f04b6a7c94c5906cedec00a9
604b1bcb1dc773083df70aff4107bf53e36270e9
58c93f6ca8b6f183d08d0164d851a69a2697bf0d9665682c89c8cc440bef66e1

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /fedex/assets/css/main.css HTTP/1.1
Host: tracki.fedexe.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tracki.fedexe.shop/fedex/
Cookie: PHPSESSID=b9crohputnp90p82blaogg5ve4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 07 Dec 2022 21:48:25 GMT
etag: "280f-5ef43e1481c40-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2470
content-type: text/css
date: Sun, 01 Jan 2023 05:19:28 GMT
server: Apache
X-Firefox-Spdy: h2

tracki.fedexe.shop/fedex/assets/css/bootstrap.min.css

104.168.144.24

200 OK

24 kB

URL HTTP/2
tracki.fedexe.shop/fedex/assets/css/bootstrap.min.css
IP
104.168.144.24:0
ASN
#54290 HOSTWINDS

File type
ASCII text, with very long lines (65326)
Size
24 kB (24110 bytes)
Hash
2c24cdf72824eafdf0869112250fbcb7
6393bb4bd9d2c406471c3db6a86c250034885d5c
2f9fef610e18d81e5b22fe6a3c7f514501d1bb3678a40b0fce6197e1568f0912

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /fedex/assets/css/bootstrap.min.css HTTP/1.1
Host: tracki.fedexe.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tracki.fedexe.shop/fedex/
Cookie: PHPSESSID=b9crohputnp90p82blaogg5ve4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 07 Dec 2022 21:48:26 GMT
etag: "27681-5ef43e1575e80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 24110
content-type: text/css
date: Sun, 01 Jan 2023 05:19:28 GMT
server: Apache
X-Firefox-Spdy: h2

tracki.fedexe.shop/images/circle-exclamation-solid.svg

104.168.144.24

200 OK

311 B

URL HTTP/2
tracki.fedexe.shop/images/circle-exclamation-solid.svg
IP
104.168.144.24:0
ASN
#54290 HOSTWINDS

File type
SVG Scalable Vector Graphics image\012- exported SGML document, ASCII text, with very long lines (494), with no line terminators
Size
311 B (311 bytes)
Hash
9adfeabee5deb5df6c31c2a45d14d4cd
3d93c9b31e36d95a8a66fb6b3068d39e67eec39b
61ce6d74dfc7020e114be1cc4b57b7fa3a9ceacba3bc996d5dca809df09deffa

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /images/circle-exclamation-solid.svg HTTP/1.1
Host: tracki.fedexe.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tracki.fedexe.shop/fedex/
Cookie: PHPSESSID=b9crohputnp90p82blaogg5ve4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 28 Dec 2022 16:06:38 GMT
etag: "1ee-5f0e58dad3251-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 311
content-type: image/svg+xml
date: Sun, 01 Jan 2023 05:19:28 GMT
server: Apache
X-Firefox-Spdy: h2

tracki.fedexe.shop/fedex/assets/img/icon1.png

104.168.144.24

200 OK

1.4 kB

URL HTTP/2
tracki.fedexe.shop/fedex/assets/img/icon1.png
IP
104.168.144.24:0
ASN
#54290 HOSTWINDS

File type
PNG image data, 44 x 42, 8-bit/color RGB, non-interlaced\012- data
Size
1.4 kB (1430 bytes)
Hash
b8e3be3a22d77f33a2ca675f8da278c7
620e0cff5789a8c9075ebe000d7962d8a1bbcb88
189e5ee3eeff2d0289cadc644796482d06c5fe2d3a2b9bb55a01e4151379a7df

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - FedEx
quad9	Sinkholed

HTTP Headers

GET /fedex/assets/img/icon1.png HTTP/1.1
Host: tracki.fedexe.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tracki.fedexe.shop/fedex/
Cookie: PHPSESSID=b9crohputnp90p82blaogg5ve4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 07 Dec 2022 21:48:20 GMT
etag: "596-5ef43e0fbd100"
accept-ranges: bytes
content-length: 1430
content-type: image/png
date: Sun, 01 Jan 2023 05:19:28 GMT
server: Apache
X-Firefox-Spdy: h2

tracki.fedexe.shop/fedex/assets/img/icon2.png

104.168.144.24

200 OK

1.5 kB

URL HTTP/2
tracki.fedexe.shop/fedex/assets/img/icon2.png
IP
104.168.144.24:0
ASN
#54290 HOSTWINDS

File type
PNG image data, 46 x 43, 8-bit/color RGB, non-interlaced\012- data
Size
1.5 kB (1469 bytes)
Hash
9c517924954e65a5d58308906e930c56
86375fe2d5752f23b6302e740dc6c62697f06c74
58b92410cbaeb7d37ea13141e9742635c5eb879ffe7bf577a63e209f317cd0d5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - FedEx
quad9	Sinkholed

HTTP Headers

GET /fedex/assets/img/icon2.png HTTP/1.1
Host: tracki.fedexe.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tracki.fedexe.shop/fedex/
Cookie: PHPSESSID=b9crohputnp90p82blaogg5ve4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 07 Dec 2022 21:48:20 GMT
etag: "5bd-5ef43e0fbd100"
accept-ranges: bytes
content-length: 1469
content-type: image/png
date: Sun, 01 Jan 2023 05:19:28 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
12f34c3cdf73d70af277dd04d2ff6526
4ddd22c640321a6de45f09fe09e8423c7670ff7d
0fd4bf89eda1d1f24e548bd2842bf03cf3efcf954a584ff637ea8df2de899d9e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4400
Cache-Control: max-age=122459
Content-Type: application/ocsp-response
Date: Sun, 01 Jan 2023 05:19:28 GMT
Etag: "63b0420b-118"
Expires: Mon, 02 Jan 2023 15:20:27 GMT
Last-Modified: Sat, 31 Dec 2022 14:07:07 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
12f34c3cdf73d70af277dd04d2ff6526
4ddd22c640321a6de45f09fe09e8423c7670ff7d
0fd4bf89eda1d1f24e548bd2842bf03cf3efcf954a584ff637ea8df2de899d9e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4401
Cache-Control: max-age=122459
Content-Type: application/ocsp-response
Date: Sun, 01 Jan 2023 05:19:29 GMT
Etag: "63b0420b-118"
Expires: Mon, 02 Jan 2023 15:20:28 GMT
Last-Modified: Sat, 31 Dec 2022 14:07:07 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
12f34c3cdf73d70af277dd04d2ff6526
4ddd22c640321a6de45f09fe09e8423c7670ff7d
0fd4bf89eda1d1f24e548bd2842bf03cf3efcf954a584ff637ea8df2de899d9e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4401
Cache-Control: max-age=122459
Content-Type: application/ocsp-response
Date: Sun, 01 Jan 2023 05:19:29 GMT
Etag: "63b0420b-118"
Expires: Mon, 02 Jan 2023 15:20:28 GMT
Last-Modified: Sat, 31 Dec 2022 14:07:07 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
12f34c3cdf73d70af277dd04d2ff6526
4ddd22c640321a6de45f09fe09e8423c7670ff7d
0fd4bf89eda1d1f24e548bd2842bf03cf3efcf954a584ff637ea8df2de899d9e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4401
Cache-Control: max-age=122459
Content-Type: application/ocsp-response
Date: Sun, 01 Jan 2023 05:19:29 GMT
Etag: "63b0420b-118"
Expires: Mon, 02 Jan 2023 15:20:28 GMT
Last-Modified: Sat, 31 Dec 2022 14:07:07 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 280

tracki.fedexe.shop/fedex/assets/img/progresss-bg.png

104.168.144.24

200 OK

5.1 kB

URL HTTP/2
tracki.fedexe.shop/fedex/assets/img/progresss-bg.png
IP
104.168.144.24:0
ASN
#54290 HOSTWINDS

File type
PNG image data, 75 x 466, 8-bit/color RGBA, non-interlaced\012- data
Size
5.1 kB (5070 bytes)
Hash
53c42ec9a49e36f74f7f49064c74812d
8fa1370f1b35d4e0805f035eb43c043b98d61c4d
de53d8df4ad8dcbae9758095e01e27b6d9c9e35ed1d7fa523499f5c6de5e52dd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - FedEx
quad9	Sinkholed

HTTP Headers

GET /fedex/assets/img/progresss-bg.png HTTP/1.1
Host: tracki.fedexe.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tracki.fedexe.shop/fedex/
Cookie: PHPSESSID=b9crohputnp90p82blaogg5ve4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 07 Dec 2022 21:48:17 GMT
etag: "13ce-5ef43e0ce0a40"
accept-ranges: bytes
content-length: 5070
content-type: image/png
date: Sun, 01 Jan 2023 05:19:28 GMT
server: Apache
X-Firefox-Spdy: h2

tracki.fedexe.shop/fedex/assets/img/logo.png

104.168.144.24

200 OK

18 kB

URL HTTP/2
tracki.fedexe.shop/fedex/assets/img/logo.png
IP
104.168.144.24:0
ASN
#54290 HOSTWINDS

File type
PNG image data, 176 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
18 kB (17964 bytes)
Hash
f9f3a4bf508eec8270bf7c8fe4397384
8b47c45b41e159b9dc2d6fe563b1197bd2a3ec16
99f7cd905d160e4bf4408195b22a893a45661a8855a0841e207d5bafe7411d90

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - FedEx
quad9	Sinkholed

HTTP Headers

GET /fedex/assets/img/logo.png HTTP/1.1
Host: tracki.fedexe.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tracki.fedexe.shop/fedex/
Cookie: PHPSESSID=b9crohputnp90p82blaogg5ve4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 07 Dec 2022 21:48:19 GMT
etag: "462c-5ef43e0ec8ec0"
accept-ranges: bytes
content-length: 17964
content-type: image/png
date: Sun, 01 Jan 2023 05:19:28 GMT
server: Apache
X-Firefox-Spdy: h2

tracki.fedexe.shop/fedex/assets/js/bootstrap.min.js

104.168.144.24

200 OK

15 kB

URL HTTP/2
tracki.fedexe.shop/fedex/assets/js/bootstrap.min.js
IP
104.168.144.24:0
ASN
#54290 HOSTWINDS

File type
ASCII text, with very long lines (63188)
Size
15 kB (14966 bytes)
Hash
90bc53f0b7f6c82a093c4711acb000fe
e1e3a889dcb76632cb8d789c3917678b7630f52c
2cf77edd0911131736a15a750bf7e01a45bd90fa3675bcf04dd7a26b41520924

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /fedex/assets/js/bootstrap.min.js HTTP/1.1
Host: tracki.fedexe.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tracki.fedexe.shop/fedex/
Cookie: PHPSESSID=b9crohputnp90p82blaogg5ve4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 07 Dec 2022 21:48:31 GMT
etag: "f7eb-5ef43e1a3a9c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 14966
content-type: application/javascript
date: Sun, 01 Jan 2023 05:19:28 GMT
server: Apache
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-regular-400.woff2

172.64.168.22

200 OK

13 kB

URL HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-regular-400.woff2
IP
172.64.168.22:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 13216, version 331.-31196\012- data
Size
13 kB (13216 bytes)
Hash
b8f1c6a3a94d42b082c29f0b1db8ba95
2e410a47e3321a42072f966b964c0cad9a3457a4
48fb6f0d8ac464d95cbc2df3ffa7bf5066950898c5581f5133d0565abb7f706b

HTTP Headers

GET /releases/v5.15.4/webfonts/free-fa-regular-400.woff2 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tracki.fedexe.shop
Connection: keep-alive
Referer: https://tracki.fedexe.shop/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 01 Jan 2023 05:19:29 GMT
content-type: font/woff2
content-length: 13216
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:58:24 GMT
etag: "b8f1c6a3a94d42b082c29f0b1db8ba95"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 cb8e2cd001e8928a49dc551941d5c7da.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: gGRoZkab3TsYOkZbSxfPdAntZiPtvt0LwDx9L4h3CLOKzQpo-tM4tw==
age: 36180
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mwrUGHLnBsJ10cxdlwgWZvbxmhi0kDasoCwTBO4mNphKR5EIBJ2wA7zlhmNWjZembkLaUr%2FMd8hReiKsFGjKNeCAbMzjGf3tFhocYqzimqViOrnHKZgcX2MZ%2B1sZanjG463xH1WHtw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7828ccdf4f3c8880-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-solid-900.woff2

172.64.168.22

200 OK

78 kB

URL HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-solid-900.woff2
IP
172.64.168.22:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 78168, version 331.-31196\012- data
Size
78 kB (78168 bytes)
Hash
a9fd1225fb2cd32320e2b931dca01089
44ec5c6a868b4ce62350d9f040ed8e18f7a1d128
c5dd43f53f3af822cbf17b1fb75f46192cdbd51724f277acf6cf0dacb3fd57e7

HTTP Headers

GET /releases/v5.15.4/webfonts/free-fa-solid-900.woff2 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tracki.fedexe.shop
Connection: keep-alive
Referer: https://tracki.fedexe.shop/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 01 Jan 2023 05:19:29 GMT
content-type: font/woff2
content-length: 78168
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:58:24 GMT
etag: "a9fd1225fb2cd32320e2b931dca01089"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 7334e58f541a6f336bf4941e79456558.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: j35SShT3tvUymRNnePS3ii0HI_9SKga0VU1nbFZzPPYx10IfHWKckw==
age: 36180
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dmO%2F9WUHUJ5bc%2BIlIKDyMpiubhf0ObqgLpduE3Dh9ZGdwEMF7nlTj759t8O5ZJ5VV7j3b3hzEGPO6ob0pTVv7InkWSXbhCJlwDVVfMIs2TvfLbV2WTjmm%2BAq5IjK9zcw%2BINvLrDh0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7828ccdf4f3f8880-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-brands-400.woff2

172.64.168.22

200 OK

77 kB

URL HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-brands-400.woff2
IP
172.64.168.22:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 76736, version 331.-31196\012- data
Size
77 kB (76736 bytes)
Hash
4f5ec865a8274ab291b6a42b5f70639e
6f00f8c75208b96e585646824c4011093446acd2
b5be0732ab1cc16692e165a7950810f0c772e400f6a2f63e1026a0b938016813

HTTP Headers

GET /releases/v5.15.4/webfonts/free-fa-brands-400.woff2 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tracki.fedexe.shop
Connection: keep-alive
Referer: https://tracki.fedexe.shop/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 01 Jan 2023 05:19:29 GMT
content-type: font/woff2
content-length: 76736
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:58:24 GMT
etag: "4f5ec865a8274ab291b6a42b5f70639e"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 24639548230786af4bba1a9e26c6080e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: FkaVsiI9Mml6EJqvObx3aJWJulxfOTKegExO7_hRWNI63MndweT2Ag==
age: 36180
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OITco1azrM96vVIv2mdHAxYme%2BuSk4lBnY7i4bo3GfVArsaiZqruQDvtIDOeDF1otw%2F85GBrU6NpgtqDrEXUDfBUnnhD%2BSp4I3eGackTC%2BqjZFz6wX155CcNgdpUfD6grmvNbEIq%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7828ccdf5f488880-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

tracki.fedexe.shop/fedex/assets/img/fx-favicon.ico

104.168.144.24

200 OK

818 B

URL HTTP/2
tracki.fedexe.shop/fedex/assets/img/fx-favicon.ico
IP
104.168.144.24:0
ASN
#54290 HOSTWINDS

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
818 B (818 bytes)
Hash
fc6777a702207118d4fb16bf74a04579
fc2472548713903500b7775af92b59cb4da33b01
f26c82b7db470587c9746b5833f03ecada9cedcb3f35b554b3a3739ed4a57e7d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - FedEx
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /fedex/assets/img/fx-favicon.ico HTTP/1.1
Host: tracki.fedexe.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tracki.fedexe.shop/fedex/
Cookie: PHPSESSID=b9crohputnp90p82blaogg5ve4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 07 Dec 2022 21:48:21 GMT
etag: "1536-5ef43e10b1340-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 818
content-type: image/x-icon
date: Sun, 01 Jan 2023 05:19:29 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2156f5045eb474b5c02d0c6f64f02c4e
5cc884658ca6b9b357478137cb431f694e773bd8
3e7eb661f6a47c44f20915b8384799874b0f0a69fcedd1d90caaed93f8fce4bb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E7EB661F6A47C44F20915B8384799874B0F0A69FCEDD1D90CAAED93F8FCE4BB"
Last-Modified: Fri, 30 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19615
Expires: Sun, 01 Jan 2023 10:46:24 GMT
Date: Sun, 01 Jan 2023 05:19:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2156f5045eb474b5c02d0c6f64f02c4e
5cc884658ca6b9b357478137cb431f694e773bd8
3e7eb661f6a47c44f20915b8384799874b0f0a69fcedd1d90caaed93f8fce4bb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E7EB661F6A47C44F20915B8384799874B0F0A69FCEDD1D90CAAED93F8FCE4BB"
Last-Modified: Fri, 30 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19615
Expires: Sun, 01 Jan 2023 10:46:24 GMT
Date: Sun, 01 Jan 2023 05:19:29 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56ecc912-7c04-44d7-a43d-91f5105e563b.jpeg

34.120.237.76

200 OK

4.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56ecc912-7c04-44d7-a43d-91f5105e563b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.6 kB (4560 bytes)
Hash
c9c106ab8d6891b9865ef89c4cd6c6cb
784caa00a9877cb4cc6ad9037a9676b6d3b37fd2
84440ac9326499d9ce81d6fe8b58fa4f7430f60d5624a2acf5d66f906fe6f898

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56ecc912-7c04-44d7-a43d-91f5105e563b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4560
x-amzn-requestid: 26f5e408-f9d0-46b9-90a7-5cdf29d5a27c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eB__3ETBoAMFU3g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b0ad32-2b1520235d6b63862bebc2d5;Sampled=0
x-amzn-remapped-date: Sat, 31 Dec 2022 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _rjDZLvICb3vlPm6dyfbx8GbjCj43moCVpzoez77yFUFGNvej2ygTA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 31 Dec 2022 22:05:16 GMT
age: 26053
etag: "784caa00a9877cb4cc6ad9037a9676b6d3b37fd2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F68f62f24-c2ce-40d9-b8b6-d160b5dc9ad8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10706 bytes)
Hash
535eb6b8d57fc5b9f74bcd81479aa52a
464b621007fa223e5b22cf3c097bf98990e0865f
28a05e5950da01b731ec0be060e9614cd344f8f56a9dbd3052a09af32e8677b6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F68f62f24-c2ce-40d9-b8b6-d160b5dc9ad8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10706
x-amzn-requestid: 8a57047f-81b3-4dbf-ad44-39b8a506a68c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d42LGED1IAMFc2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ad03e0-3a493e06092446212392d625;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 03:05:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YnTgrEhb0GIcMunrtYKds4XUTPwnpCOJJ4kWfmZglRsbu_ZIZXsqyg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sun, 01 Jan 2023 04:03:13 GMT
age: 4576
etag: "464b621007fa223e5b22cf3c097bf98990e0865f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8561e732-44f3-4c66-8b48-832a439b9ac3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7791 bytes)
Hash
f2a2d6220c99ca386f0517d430a7a503
75172bf57617e9fd91296df9ef35f2da78b615a0
704c955a91c12506e2835aec357c6448c0bca103142dd0b44133dbbe59b7344a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8561e732-44f3-4c66-8b48-832a439b9ac3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7791
x-amzn-requestid: be887802-b5d5-49ad-a0e0-b78005a82e83
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dy0mgHFxIAMF_4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa9af6-53ee68c2626e0ec236df004b;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 07:12:54 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Gt5vG3db7vh_L07T6s-bey5SnBRU8Z1gVdI-YLMTtbwz1Bbn_S6sHA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sat, 31 Dec 2022 14:00:53 GMT
age: 55116
etag: "75172bf57617e9fd91296df9ef35f2da78b615a0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=94f32119b6

172.64.168.22

200 OK

7.8 kB

URL HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=94f32119b6
IP
172.64.168.22:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2774)
Size
7.8 kB (7846 bytes)
Hash
2cb794ea2f6d347e4379e1267e59f54d
8e9a1f18fe100b255bc32e9f65f13f87681d46f3
781ea61be9dfca6d0908d9ef7029481cc0234ce2f382f18c369dd924b08c503e

HTTP Headers

GET /releases/v5.15.4/css/free-v4-font-face.min.css?token=94f32119b6 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tracki.fedexe.shop/
Origin: https://tracki.fedexe.shop
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 01 Jan 2023 05:19:29 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2fe8f7f5aca4ab098dc7bad8e97a06dc.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: wI71wi-ibTIyv571n5pGm0xe7MBdvEp5bowJT330JWiH06xd8PXNug==
age: 36181
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hrkqYIe1BMce87ZG6vcJWtfZB2N05ZiYp75RjKJnmk4VBavYY41z7B8qZe%2BdVmrV3kpEPO8PSFUJyILivMxv1qnxRNr9i1eS679wDLX3XGBFfrN31mvPPBpmF1i17wumTZaT%2Bt%2FuoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7828ccde6e238880-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbff09b5-fd04-45ca-959e-83e4f40897df.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10696 bytes)
Hash
02a9375cec16bfe696766c8d373d9b54
2167c2f197dd44558ac2dea500d8b6b3cfa50e83
6f94fe0c817b031d913d53fee6b317148bdabea044102b8f0c9df8a3737d59f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbff09b5-fd04-45ca-959e-83e4f40897df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10696
x-amzn-requestid: 2117681b-ee8b-4881-b860-087a8662a3c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7xM1FK7oAMFd4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae2f1e-5a3648ba2ac7ba01177f361d;Sampled=0
x-amzn-remapped-date: Fri, 30 Dec 2022 00:21:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CpPZkZcwPWBN4qFQeb6hLMr-dP6SrlxludndGa7wsuCzNPKVgYkfLQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 31 Dec 2022 07:51:53 GMT
age: 77256
etag: "2167c2f197dd44558ac2dea500d8b6b3cfa50e83"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F151a214a-7044-496c-9662-1b2876c624f1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.1 kB (6146 bytes)
Hash
af3364657e9f5fc73ad87a8bfbcc74a9
09275100c95963905ea2c6ad0cfe719d44e731ad
773ef6723580164ae4f978de9d5d806b4903c827f32f0cd76184ec59abf62772

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F151a214a-7044-496c-9662-1b2876c624f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6146
x-amzn-requestid: b428336f-ff33-4425-b753-bbabfcae4c52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dsOHKFN2oAMF7SA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a7f6fa-5e9739cb09f539507cbf7f81;Sampled=0
x-amzn-remapped-date: Sun, 25 Dec 2022 07:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9_j5M39bx6NOls-GtljmKs1CGzL1rR7SmHhQ7LPYkHeJ4L4TE34CRQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 31 Dec 2022 16:10:51 GMT
age: 47318
etag: "09275100c95963905ea2c6ad0cfe719d44e731ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

kit.fontawesome.com/94f32119b6.js

104.18.23.52

200 OK

0 B

URL HTTP/2
kit.fontawesome.com/94f32119b6.js
IP
104.18.23.52:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /94f32119b6.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tracki.fedexe.shop
Connection: keep-alive
Referer: https://tracki.fedexe.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 01 Jan 2023 05:19:28 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: FzX8yhknAZ4dgHSQwmVi
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 7828ccdc2e38b517-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=94f32119b6

172.64.168.22

200 OK

0 B

URL HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=94f32119b6
IP
172.64.168.22:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.15.4/css/free.min.css?token=94f32119b6 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tracki.fedexe.shop/
Origin: https://tracki.fedexe.shop
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 01 Jan 2023 05:19:29 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a6a1a17bbe377bf7c4423397c71959da.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: kvMKC7f4ftYlaPCo3rrs5Y1dwDXP1muyY0tV_Rx_0xZpTz9PWM21cQ==
age: 36181
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xTtlsWT%2B5e8menjbnbZBAEP79X%2BFsYfW75o%2FlK2GaZt4TfuWBDEEfA0OfNZ%2BXY0mLTtFK06SYHPLXp1NRjtVfFjJiC2Fqb9ksvir1n047XIMRB5brHtf5thqxyZwYeGjXuGMUDWvow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7828ccde5e128880-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (44)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size