trackship.org
Open in
urlscan Pro
2606:4700:3037::ac43:c750
Malicious Activity!
Public Scan
Effective URL: https://trackship.org/CA9708308NZ/
Submission: On March 05 via manual from CA — Scanned from CA
Summary
TLS certificate: Issued by GTS CA 1P5 on January 31st 2023. Valid for: 3 months.
This is the only time trackship.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Canada Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2620:2:6000::a:1 2620:2:6000::a:1 | 395409 (NEOCITIES) (NEOCITIES) | |
1 | 2606:4700:303... 2606:4700:3037::ac43:c750 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 5 | 2606:4700:303... 2606:4700:3032::ac43:bb2d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 72.247.66.184 72.247.66.184 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
2 | 2607:f8b0:400... 2607:f8b0:4006:80c::200a | 15169 (GOOGLE) (GOOGLE) | |
3 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
12 | 7 |
ASN16625 (AKAMAI-AS, US)
PTR: a72-247-66-184.deploy.static.akamaitechnologies.com
evaluation.canadapost-postescanada.ca |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
rootxone.org
2 redirects
rootxone.org |
11 KB |
3 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 195 |
104 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 36 |
2 KB |
1 |
canadapost-postescanada.ca
evaluation.canadapost-postescanada.ca — Cisco Umbrella Rank: 165243 |
166 KB |
1 |
trackship.org
trackship.org |
388 KB |
1 |
neocities.org
haramminkom.neocities.org |
507 B |
0 |
rootxone.me
Failed
rootxone.me Failed |
|
12 | 7 |
Domain | Requested by | |
---|---|---|
5 | rootxone.org |
2 redirects
trackship.org
rootxone.org |
3 | cdnjs.cloudflare.com |
rootxone.org
cdnjs.cloudflare.com |
2 | fonts.googleapis.com |
rootxone.org
|
1 | evaluation.canadapost-postescanada.ca |
srcdoc
|
1 | trackship.org | |
1 | haramminkom.neocities.org | |
0 | rootxone.me Failed |
rootxone.org
|
12 | 7 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
neocities.org R3 |
2023-02-27 - 2023-05-28 |
3 months | crt.sh |
*.trackship.org GTS CA 1P5 |
2023-01-31 - 2023-05-01 |
3 months | crt.sh |
*.rootxone.org GTS CA 1P5 |
2023-01-06 - 2023-04-06 |
3 months | crt.sh |
akamaisecure7.qualtrics.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-07-07 - 2023-08-07 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-02-08 - 2023-05-03 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://trackship.org/CA9708308NZ/
Frame ID: F81D956F8CA65BBB85E8427DCF4808C6
Requests: 15 HTTP requests in this frame
Frame:
https://rootxone.org/93bd0/1/745f9/
Frame ID: C8F5BAF77B8004E02C7A711E4DFFA4DF
Requests: 9 HTTP requests in this frame
Frame:
https://evaluation.canadapost-postescanada.ca/jfe/themes/skins/canadapostdigital/canadapostdigital/version-1649635069097-edb30d/stylesheet.css
Frame ID: 7D8ED69BE8FBC28F005F68536F6C6DBE
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Canada Post - Track a package by tracking numberFacebookTwitterInstagramLinkedinYouTubeFacebookTwitterInstagramLinkedinYouTubeFacebookTwitterInstagramLinkedinYouTubePage URL History Show full URLs
- https://haramminkom.neocities.org/ Page URL
- https://trackship.org/CA9708308NZ/ Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Font API (Font Scripts) Expand
Detected patterns
- googleapis\.com/.+webfont
Page Statistics
42 Outgoing links
These are links going to different origins than the main page.
Title: Skip to Main Content
Search URL Search Domain Scan URL
Title: Support
Search URL Search Domain Scan URL
Title: Français
Search URL Search Domain Scan URL
Title: Sign in or Register
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Personal
Search URL Search Domain Scan URL
Title: Business
Search URL Search Domain Scan URL
Title: Our company
Search URL Search Domain Scan URL
Title: Store
Search URL Search Domain Scan URL
Title: Tools
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: support page.
Search URL Search Domain Scan URL
Title: Facebook
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Title: Instagram
Search URL Search Domain Scan URL
Title: Linkedin
Search URL Search Domain Scan URL
Title: YouTube
Search URL Search Domain Scan URL
Title: Website feedback
Search URL Search Domain Scan URL
Title: Accessibility feedback
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Title: About us
Search URL Search Domain Scan URL
Title: Media centre
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: I'm an employee
Search URL Search Domain Scan URL
Title: Talent Zone
Search URL Search Domain Scan URL
Title: Negotiations Updates
Search URL Search Domain Scan URL
Title: Business Matters
Search URL Search Domain Scan URL
Title: Canada Post Magazine
Search URL Search Domain Scan URL
Title: Support
Search URL Search Domain Scan URL
Title: Corporate
Search URL Search Domain Scan URL
Title: Blogs
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Title: Legal
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Research
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Look up a postal code
Search URL Search Domain Scan URL
Title: Stamp prices
Search URL Search Domain Scan URL
Title: Mail Forwarding
Search URL Search Domain Scan URL
Title: Track
Search URL Search Domain Scan URL
Title: All postal guides
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://haramminkom.neocities.org/ Page URL
- https://trackship.org/CA9708308NZ/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- https://rootxone.org/93bd0/index.php HTTP 302
- https://rootxone.org/93bd0/1/index.php HTTP 302
- https://rootxone.org/93bd0/1/745f9/
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
haramminkom.neocities.org/ |
85 B 507 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
trackship.org/CA9708308NZ/ |
2 MB 388 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
12 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
320 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
rootxone.org/93bd0/1/745f9/ Frame C8F5 Redirect Chain
|
17 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
938 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
603 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
17 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
724 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stylesheet.css
evaluation.canadapost-postescanada.ca/jfe/themes/skins/canadapostdigital/canadapostdigital/version-1649635069097-edb30d/ Frame 7D8E |
165 KB 166 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ Frame C8F5 |
2 KB 835 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ Frame C8F5 |
37 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zocial.css
cdnjs.cloudflare.com/ajax/libs/css-social-buttons/1.2.0/css/ Frame C8F5 |
44 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
rootxone.org/93bd0/sourcexone/xonecss/ Frame C8F5 |
18 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
wz3xIB32v8DPajHZ
rootxone.me/pixel/ Frame C8F5 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
stepbar.css
rootxone.org/93bd0/sourcexone/xonecss/ Frame C8F5 |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ Frame C8F5 |
16 KB 1009 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ Frame C8F5 |
75 KB 76 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- rootxone.me
- URL
- https://rootxone.me/pixel/wz3xIB32v8DPajHZ
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Canada Post (Transportation)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 boolean| credentialless function| savepage_ShadowLoader0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * |
Strict-Transport-Security | max-age=63072000; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
evaluation.canadapost-postescanada.ca
fonts.googleapis.com
haramminkom.neocities.org
rootxone.me
rootxone.org
trackship.org
rootxone.me
2606:4700:3032::ac43:bb2d
2606:4700:3037::ac43:c750
2606:4700::6811:190e
2607:f8b0:4006:80c::200a
2620:2:6000::a:1
72.247.66.184
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44
3228f4cd6fd28ef733c3d98079f3478b1c4cb3338dcd7b95658ba731b817e113
3653651e11f0a74c5a2e8925e34730a1fb8da827b51daabcd2d6a705f9999463
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
3923f928d9a6c5410f2d8ce11a9e7fcfe75fad1e62eeb4e452bfee7bf307a560
3dcfd38e295103e966531c3c9fcb76464a7f885934dc536115b21cb0c79ec73a
52044e8d2e2dc085d3cff4cb721560e811200cc7ed7ab45f5ee32467f895df0f
5fafd95cb3c624f84d747fbdfd99f52d5db53002bf5e954b7c3ddce241b093c1
6a50626ef34e5da6014662089f0775c6187d23e5c22379da71203848eac50ee3
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
8754aadb1e4a2ae34539fa890aef276dcce219c3a22de8f6fa5c7a89e7edc523
8d3251f4935896ec37ada153d20d0109828ad08523127f136415355b3fca2dcf
a1a0917eca00cbcf2fd9f9c97031af5035645e18718f8e6ba239bf69314bc081
a34fb4112dac269525802264dfe989c4bfce795635799fcc2f8726c0e2fb496f
acf56f4833ccd8789f66864deae46f9a6efb8625f15b9e5996a00e5634f094e1
bbb0a751c316d7789214b029c266a65a85efc33d79eba382397110c3b3b290bd
bf8d41c2e2250b2f0b431531871178d57cd9af1f42bbe121c90b51fd66a1dff2
c1a45dbe3a7ef693e6d0637990f7e24b1975c89e03159dcfb2f8ccf1609dff54
c75a917e74b976bc12f069acac57af9732655f3b87a7632526178a2d985d3afc
c8e66b37c8b28e6bd7020d06d2b438260aaaf1cc58aef31a0ab5af2f8d29cc89
d3e646dfa4c0f2823df275de88bad394d6e3e30de340e1c035c1350dc6565ea0
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
e467e89a41e68909313eef448847f3446650158fb5d046295fea70fd7d776b87
f522a363235dc02916dacd3bb06d0b04a0d5218eb40753ccf67188606101a33c