trackship.org Open in urlscan Pro
2606:4700:3037::ac43:c750  Malicious Activity! Public Scan

Submitted URL: https://haramminkom.neocities.org/
Effective URL: https://trackship.org/CA9708308NZ/
Submission: On March 05 via manual from CA — Scanned from CA

Summary

This website contacted 7 IPs in 1 countries across 7 domains to perform 12 HTTP transactions. The main IP is 2606:4700:3037::ac43:c750, located in United States and belongs to CLOUDFLARENET, US. The main domain is trackship.org.
TLS certificate: Issued by GTS CA 1P5 on January 31st 2023. Valid for: 3 months.
This is the only time trackship.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Canada Post (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 2620:2:6000::a:1 395409 (NEOCITIES)
1 2606:4700:303... 13335 (CLOUDFLAR...)
2 5 2606:4700:303... 13335 (CLOUDFLAR...)
1 72.247.66.184 16625 (AKAMAI-AS)
2 2607:f8b0:400... 15169 (GOOGLE)
3 2606:4700::68... 13335 (CLOUDFLAR...)
12 7
Apex Domain
Subdomains
Transfer
5 rootxone.org
rootxone.org
11 KB
3 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 195
104 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 36
2 KB
1 canadapost-postescanada.ca
evaluation.canadapost-postescanada.ca — Cisco Umbrella Rank: 165243
166 KB
1 trackship.org
trackship.org
388 KB
1 neocities.org
haramminkom.neocities.org
507 B
0 rootxone.me Failed
rootxone.me Failed
12 7
Domain Requested by
5 rootxone.org 2 redirects trackship.org
rootxone.org
3 cdnjs.cloudflare.com rootxone.org
cdnjs.cloudflare.com
2 fonts.googleapis.com rootxone.org
1 evaluation.canadapost-postescanada.ca srcdoc
1 trackship.org
1 haramminkom.neocities.org
0 rootxone.me Failed rootxone.org
12 7
Subject Issuer Validity Valid
neocities.org
R3
2023-02-27 -
2023-05-28
3 months crt.sh
*.trackship.org
GTS CA 1P5
2023-01-31 -
2023-05-01
3 months crt.sh
*.rootxone.org
GTS CA 1P5
2023-01-06 -
2023-04-06
3 months crt.sh
akamaisecure7.qualtrics.com
DigiCert TLS RSA SHA256 2020 CA1
2022-07-07 -
2023-08-07
a year crt.sh
upload.video.google.com
GTS CA 1C3
2023-02-08 -
2023-05-03
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-08-03 -
2023-08-02
a year crt.sh

This page contains 3 frames:

Primary Page: https://trackship.org/CA9708308NZ/
Frame ID: F81D956F8CA65BBB85E8427DCF4808C6
Requests: 15 HTTP requests in this frame

Frame: https://rootxone.org/93bd0/1/745f9/
Frame ID: C8F5BAF77B8004E02C7A711E4DFFA4DF
Requests: 9 HTTP requests in this frame

Frame: https://evaluation.canadapost-postescanada.ca/jfe/themes/skins/canadapostdigital/canadapostdigital/version-1649635069097-edb30d/stylesheet.css
Frame ID: 7D8ED69BE8FBC28F005F68536F6C6DBE
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Canada Post - Track a package by tracking numberFacebookTwitterInstagramLinkedinYouTubeFacebookTwitterInstagramLinkedinYouTubeFacebookTwitterInstagramLinkedinYouTube

Page URL History Show full URLs

  1. https://haramminkom.neocities.org/ Page URL
  2. https://trackship.org/CA9708308NZ/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googleapis\.com/.+webfont

Page Statistics

12
Requests

92 %
HTTPS

83 %
IPv6

7
Domains

7
Subdomains

7
IPs

1
Countries

703 kB
Transfer

2158 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://haramminkom.neocities.org/ Page URL
  2. https://trackship.org/CA9708308NZ/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://rootxone.org/93bd0/index.php HTTP 302
  • https://rootxone.org/93bd0/1/index.php HTTP 302
  • https://rootxone.org/93bd0/1/745f9/

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
haramminkom.neocities.org/
85 B
507 B
Document
General
Full URL
https://haramminkom.neocities.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:2:6000::a:1 , United States, ASN395409 (NEOCITIES, US),
Reverse DNS
Software
neocities /
Resource Hash
c1a45dbe3a7ef693e6d0637990f7e24b1975c89e03159dcfb2f8ccf1609dff54
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-methods
GET, HEAD, OPTIONS
access-control-allow-origin
*
content-encoding
br
content-security-policy
upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *
content-type
text/html
date
Sun, 05 Mar 2023 01:46:59 GMT
etag
W/"63f634d2-55"
last-modified
Wed, 22 Feb 2023 15:29:22 GMT
server
neocities
strict-transport-security
max-age=63072000; includeSubDomains; preload
upgrade-insecure-requests
1
vary
Accept-Encoding
x-cached
REVALIDATED
x-ipfs-path
/ipns/haramminkom.neocities.org
x-neocities-cdn
cdn-ewr
Primary Request /
trackship.org/CA9708308NZ/
2 MB
388 KB
Document
General
Full URL
https://trackship.org/CA9708308NZ/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c750 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8e66b37c8b28e6bd7020d06d2b438260aaaf1cc58aef31a0ab5af2f8d29cc89
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *
Strict-Transport-Security max-age=16416000; includeSubDomains

Request headers

Referer
https://haramminkom.neocities.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-methods
GET, HEAD, OPTIONS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7a2eb0392cef1784-EWR
content-encoding
gzip
content-security-policy
upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *
content-type
text/html
date
Sun, 05 Mar 2023 01:46:59 GMT
last-modified
Wed, 22 Feb 2023 15:15:38 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I8e0OT6SDCuQM2NMU9W1bSoQX%2B%2BRgs3w0O%2FRqtRHxkJe%2BaLaGxQ3JBYj1K5yMmiRdHEbEIqHNkUxptI7qRywIAp2dbgOko1nCS45vsVP0vdFlkNAUyYYzzgFL0%2B7GhNm%2FdyXvVnlIADsE1eE"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=16416000; includeSubDomains
upgrade-insecure-requests
1
vary
Accept-Encoding
x-cached
REVALIDATED
x-neocities-cdn
cdn-ewr
truncated
/
12 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e467e89a41e68909313eef448847f3446650158fb5d046295fea70fd7d776b87

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
320 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3228f4cd6fd28ef733c3d98079f3478b1c4cb3338dcd7b95658ba731b817e113

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
11 KB
11 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

Request headers

Referer
Origin
https://trackship.org
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/
11 KB
11 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44

Request headers

Referer
Origin
https://trackship.org
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
font/woff2
/
rootxone.org/93bd0/1/745f9/ Frame C8F5
Redirect Chain
  • https://rootxone.org/93bd0/index.php
  • https://rootxone.org/93bd0/1/index.php
  • https://rootxone.org/93bd0/1/745f9/
17 KB
5 KB
Document
General
Full URL
https://rootxone.org/93bd0/1/745f9/
Requested by
Host: trackship.org
URL: https://trackship.org/CA9708308NZ/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:bb2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.1.14RC1
Resource Hash
5fafd95cb3c624f84d747fbdfd99f52d5db53002bf5e954b7c3ddce241b093c1

Request headers

Referer
https://trackship.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7a2eb03e38ffc33b-EWR
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sun, 05 Mar 2023 01:47:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6TmrM1%2FIaG8UX9xXFtgidtQpBeHJVUoxq%2FkcXLNdhj2gniR522WoX6Il4reUrO8lQpMVohuHBVHC7Narp9pwpGVavOB0RwszzdOEqUGURhk%2BrO2PV8P0YrwIr5I%2BCAc1FGjUfb8QDrF73vc%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/8.1.14RC1

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7a2eb03cebcac347-EWR
content-type
text/html; charset=UTF-8
date
Sun, 05 Mar 2023 01:47:00 GMT
location
https://rootxone.org/93bd0/1/745f9/
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r92PwuoVXIMlsg0DJo6CLY0SZ3Fn9xjn97XuajAbF0bcWP3ZiXBsBlXy24ynG%2BQcwPM5dNKanF%2FkIPdWu0j7Z%2FyGJEidJL8B8wluRcTcNQ5aPqhlwC3CuImKyuskCxXImTBKoaLnwuBGF%2B8%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/8.1.14RC1
truncated
/
938 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
52044e8d2e2dc085d3cff4cb721560e811200cc7ed7ab45f5ee32467f895df0f

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
603 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8754aadb1e4a2ae34539fa890aef276dcce219c3a22de8f6fa5c7a89e7edc523

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3653651e11f0a74c5a2e8925e34730a1fb8da827b51daabcd2d6a705f9999463

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
11 KB
11 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8d3251f4935896ec37ada153d20d0109828ad08523127f136415355b3fca2dcf

Request headers

Referer
Origin
https://trackship.org
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/
14 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6a50626ef34e5da6014662089f0775c6187d23e5c22379da71203848eac50ee3

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f522a363235dc02916dacd3bb06d0b04a0d5218eb40753ccf67188606101a33c

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
17 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3dcfd38e295103e966531c3c9fcb76464a7f885934dc536115b21cb0c79ec73a

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
724 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
acf56f4833ccd8789f66864deae46f9a6efb8625f15b9e5996a00e5634f094e1

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d3e646dfa4c0f2823df275de88bad394d6e3e30de340e1c035c1350dc6565ea0

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/svg+xml
stylesheet.css
evaluation.canadapost-postescanada.ca/jfe/themes/skins/canadapostdigital/canadapostdigital/version-1649635069097-edb30d/ Frame 7D8E
165 KB
166 KB
Stylesheet
General
Full URL
https://evaluation.canadapost-postescanada.ca/jfe/themes/skins/canadapostdigital/canadapostdigital/version-1649635069097-edb30d/stylesheet.css
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
72.247.66.184 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a72-247-66-184.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
c75a917e74b976bc12f069acac57af9732655f3b87a7632526178a2d985d3afc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-amz-version-id
NuanzuzTSnwyAVEoOZMRRJEgFxeLvJEq
date
Sun, 05 Mar 2023 01:46:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Sun, 10 Apr 2022 23:57:51 GMT
server
AmazonS3
x-amz-request-id
CBJX1ZM5ZBJK4B68
etag
"82fb4e4c24ab81cdc0bc3df62c5784e0"
content-type
text/css
cache-control
public, max-age=1707605
x-amz-replication-status
COMPLETED
accept-ranges
bytes
content-length
169044
x-amz-id-2
TqtbN7MVNxOXrVRIUYH2AjfnzgB93hiCEbBbzIHRkOQzhvZtRNtE4Azk7YQl/F9j6pS/xtKHkMo=
css
fonts.googleapis.com/ Frame C8F5
2 KB
835 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Lato:400,100,300
Requested by
Host: rootxone.org
URL: https://rootxone.org/93bd0/1/745f9/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200a Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
bbb0a751c316d7789214b029c266a65a85efc33d79eba382397110c3b3b290bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://rootxone.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 05 Mar 2023 01:47:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 05 Mar 2023 01:33:36 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 05 Mar 2023 01:47:00 GMT
font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ Frame C8F5
37 KB
6 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Requested by
Host: rootxone.org
URL: https://rootxone.org/93bd0/1/745f9/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://rootxone.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Sun, 05 Mar 2023 01:47:00 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
5043629
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5884
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-9226"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mtcR%2F7yk1w5WM3EoNM1uCgqYJ60eLwVPAvNlBznGXI9DMmNlgWvLCm2hB57BEaFsgAnWR13M5bVtOawFaGgWC1Cn%2F1YnLi3dt5BklkLkyvWlMjBAXzUhh9tyKtpX3A2NjU6SI87kvIWIqVmVXAK4djJF"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7a2eb03fcb6033eb-YUL
expires
Fri, 23 Feb 2024 01:47:00 GMT
zocial.css
cdnjs.cloudflare.com/ajax/libs/css-social-buttons/1.2.0/css/ Frame C8F5
44 KB
21 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/css-social-buttons/1.2.0/css/zocial.css
Requested by
Host: rootxone.org
URL: https://rootxone.org/93bd0/1/745f9/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf8d41c2e2250b2f0b431531871178d57cd9af1f42bbe121c90b51fd66a1dff2
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://rootxone.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Sun, 05 Mar 2023 01:47:00 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
21543
last-modified
Mon, 04 May 2020 16:09:17 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e2d-ae99"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FzNjThSMqeTjSQYhghD6XrCuUa4Mg4WKuTiG4xB%2B0nwDAuAaKXbjThdnuQk5CXQOAaHZY47DSVHwRYBYbZvxbCKGlIlXWj1evQEwK7gUfvourM0510wscCQjTpEqkZ%2Bqs1KtqA53ucMapLhxUniEBSxp"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7a2eb03fcb6533eb-YUL
expires
Fri, 23 Feb 2024 01:47:00 GMT
style.css
rootxone.org/93bd0/sourcexone/xonecss/ Frame C8F5
18 KB
5 KB
Stylesheet
General
Full URL
https://rootxone.org/93bd0/sourcexone/xonecss/style.css
Requested by
Host: rootxone.org
URL: https://rootxone.org/93bd0/1/745f9/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:bb2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a34fb4112dac269525802264dfe989c4bfce795635799fcc2f8726c0e2fb496f

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://rootxone.org/93bd0/1/745f9/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Sun, 05 Mar 2023 01:47:00 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Sat, 11 Feb 2023 16:39:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"4771-5f46f426d98b3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6zXcUYa3GKdgtOn4Rqfw%2BpO5fF1VN3jvNNFLVbH4CddaFmMTbV0ZHBsRvPhn3PMsT8CfDvsxdJ%2FChAmRf6RDMJrrNLuuL3HSnGlz%2Ft%2B%2FN3OjPXbKFk4sX%2B44RV2fLWNM9xH%2FVrTUDLTHlmE%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
7a2eb03f9b25c33b-EWR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
wz3xIB32v8DPajHZ
rootxone.me/pixel/ Frame C8F5
0
0

stepbar.css
rootxone.org/93bd0/sourcexone/xonecss/ Frame C8F5
3 KB
1 KB
Stylesheet
General
Full URL
https://rootxone.org/93bd0/sourcexone/xonecss/stepbar.css
Requested by
Host: rootxone.org
URL: https://rootxone.org/93bd0/1/745f9/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:bb2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1a0917eca00cbcf2fd9f9c97031af5035645e18718f8e6ba239bf69314bc081

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://rootxone.org/93bd0/1/745f9/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Sun, 05 Mar 2023 01:47:00 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Sat, 11 Feb 2023 16:39:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"db8-5f46f426d9c9b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P0jnGYe9dWvBrAjzbuY6yBkRj11C0ttfPXhlSgq6MZO6RbCmBlP0sMmxwicIC%2FO4924GBmL6cyvtXs9ckhV4zuHbFurFwrA1%2FHplV5gozfT%2BRaaI6hIwCCOmvKhZ%2F59QIckEavv2THlSOF4%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
7a2eb03f9b29c33b-EWR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
css
fonts.googleapis.com/ Frame C8F5
16 KB
1009 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Source+Code+Pro:400,500,600,700|Source+Sans+Pro:400,600,700&display=swap
Requested by
Host: rootxone.org
URL: https://rootxone.org/93bd0/sourcexone/xonecss/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200a Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3923f928d9a6c5410f2d8ce11a9e7fcfe75fad1e62eeb4e452bfee7bf307a560
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://rootxone.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 05 Mar 2023 01:47:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 05 Mar 2023 01:47:00 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 05 Mar 2023 01:47:00 GMT
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ Frame C8F5
75 KB
76 KB
Font
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Origin
https://rootxone.org
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Sun, 05 Mar 2023 01:47:00 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
377001
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
77160
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-12d68"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aV01FyMC%2BYVqlotq5WZ4ZDiZiAArRDcAMQp2xjsyhCTuY7xb4ytonR03T4RIfY76kvGS%2F1NONTLujbr3uYwY%2BCD%2B6qFIh%2BOowFGm6g5oYBNQ8e42%2BzMvuMMoFfwf4LggBrCmvK5QEv6P9F3EpXkxgcn3"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7a2eb0414c2dca57-YUL
expires
Fri, 23 Feb 2024 01:47:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
rootxone.me
URL
https://rootxone.me/pixel/wz3xIB32v8DPajHZ

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Canada Post (Transportation)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 boolean| credentialless function| savepage_ShadowLoader

0 Cookies

6 Console Messages

Source Level URL
Text
other warning URL: https://rootxone.org/93bd0/1/745f9/
Message:
Failed to decode downloaded font: data:text/plain;base64,bm90IGZvdW5k
other warning URL: https://rootxone.org/93bd0/1/745f9/
Message:
OTS parsing error: invalid sfntVersion: 1852797984
other warning URL: https://rootxone.org/93bd0/1/745f9/
Message:
Failed to decode downloaded font: data:text/plain;base64,bm90IGZvdW5k
other warning URL: https://rootxone.org/93bd0/1/745f9/
Message:
OTS parsing error: invalid sfntVersion: 1852797984
other warning URL: https://rootxone.org/93bd0/1/745f9/
Message:
Failed to decode downloaded font: data:text/plain;base64,bm90IGZvdW5k
other warning URL: https://rootxone.org/93bd0/1/745f9/
Message:
OTS parsing error: invalid sfntVersion: 1852797984

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
evaluation.canadapost-postescanada.ca
fonts.googleapis.com
haramminkom.neocities.org
rootxone.me
rootxone.org
trackship.org
rootxone.me
2606:4700:3032::ac43:bb2d
2606:4700:3037::ac43:c750
2606:4700::6811:190e
2607:f8b0:4006:80c::200a
2620:2:6000::a:1
72.247.66.184
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44
3228f4cd6fd28ef733c3d98079f3478b1c4cb3338dcd7b95658ba731b817e113
3653651e11f0a74c5a2e8925e34730a1fb8da827b51daabcd2d6a705f9999463
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
3923f928d9a6c5410f2d8ce11a9e7fcfe75fad1e62eeb4e452bfee7bf307a560
3dcfd38e295103e966531c3c9fcb76464a7f885934dc536115b21cb0c79ec73a
52044e8d2e2dc085d3cff4cb721560e811200cc7ed7ab45f5ee32467f895df0f
5fafd95cb3c624f84d747fbdfd99f52d5db53002bf5e954b7c3ddce241b093c1
6a50626ef34e5da6014662089f0775c6187d23e5c22379da71203848eac50ee3
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
8754aadb1e4a2ae34539fa890aef276dcce219c3a22de8f6fa5c7a89e7edc523
8d3251f4935896ec37ada153d20d0109828ad08523127f136415355b3fca2dcf
a1a0917eca00cbcf2fd9f9c97031af5035645e18718f8e6ba239bf69314bc081
a34fb4112dac269525802264dfe989c4bfce795635799fcc2f8726c0e2fb496f
acf56f4833ccd8789f66864deae46f9a6efb8625f15b9e5996a00e5634f094e1
bbb0a751c316d7789214b029c266a65a85efc33d79eba382397110c3b3b290bd
bf8d41c2e2250b2f0b431531871178d57cd9af1f42bbe121c90b51fd66a1dff2
c1a45dbe3a7ef693e6d0637990f7e24b1975c89e03159dcfb2f8ccf1609dff54
c75a917e74b976bc12f069acac57af9732655f3b87a7632526178a2d985d3afc
c8e66b37c8b28e6bd7020d06d2b438260aaaf1cc58aef31a0ab5af2f8d29cc89
d3e646dfa4c0f2823df275de88bad394d6e3e30de340e1c035c1350dc6565ea0
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
e467e89a41e68909313eef448847f3446650158fb5d046295fea70fd7d776b87
f522a363235dc02916dacd3bb06d0b04a0d5218eb40753ccf67188606101a33c