urlscan.io logo urlscan.io
SecurityTrails logo

fic-track.floship.com Open in urlscan Pro
52.21.227.162  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://fic-track.floship.com/
Submission: On April 02 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 7 HTTP transactions. The main IP is 52.21.227.162, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is fic-track.floship.com.
TLS certificate: Issued by R3 on April 2nd 2024. Valid for: 3 months.
This is the only time fic-track.floship.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fedex (Transportation)

Domain & IP information

IP Address AS Autonomous System
5 52.21.227.162 14618 (AMAZON-AES)
1 2a02:6ea0:c45... 60068 (CDN77 _)
1 2 2606:4700:10:... 13335 (CLOUDFLAR...)
7 3
Apex Domain
Subdomains		 Transfer
5 floship.com
fic-track.floship.com
46 KB
2 tailwindcss.com
cdn.tailwindcss.com — Cisco Umbrella Rank: 44182
110 KB
1 bunny.net
fonts.bunny.net — Cisco Umbrella Rank: 10500
1 KB
7 3
Domain Requested by
5 fic-track.floship.com fic-track.floship.com
2 cdn.tailwindcss.com 1 redirects fic-track.floship.com
1 fonts.bunny.net fic-track.floship.com
7 3

This site contains no links.

Subject Issuer Validity Valid
fic-track.floship.com
R3		 2024-04-02 -
2024-07-01		 3 months crt.sh
fonts.bunny.net
R3		 2024-02-25 -
2024-05-25		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://fic-track.floship.com/
Frame ID: 865CBDEFF205697EEFEC108EC8C44B45
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

FedEx Tracking

Page Statistics

7
Requests

86 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

157 kB
Transfer

401 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://cdn.tailwindcss.com/ HTTP 302
  • https://cdn.tailwindcss.com/3.4.3

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
fic-track.floship.com/ 		5 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fic-track.floship.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.21.227.162 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-227-162.compute-1.amazonaws.com
Software
Apache /
Resource Hash
56a740169ab04d5642361fa4e7315dd4cd311df6f6cf92f905d21f1e1d48806e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-US,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Tue, 02 Apr 2024 15:17:01 GMT
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712071021&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&s=SpKXrgq%2BpQ%2F%2FH476uwWYjTbneagAysNec9KBN1Bsug4%3D"}]}
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712071021&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&s=SpKXrgq%2BpQ%2F%2FH476uwWYjTbneagAysNec9KBN1Bsug4%3D
Server
Apache
Transfer-Encoding
chunked
Via
1.1 vegur
css
fonts.bunny.net/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.bunny.net/css?family=figtree:400,600&display=swap
Requested by
Host: fic-track.floship.com
URL: https://fic-track.floship.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-NY1-885 /
Resource Hash
3dfd7e17872ab27f3acba86f466d45666ef1f74162b83a82f787dbeb8093762a

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fic-track.floship.com/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 15:17:02 GMT
content-encoding
br
cdn-edgestorageid
885
cdn-cachedat
03/06/2024 15:48:20
cdn-pullzone
781720
last-modified
Wed, 06 Mar 2024 15:48:20 GMT
server
BunnyCDN-NY1-885
cdn-proxyver
1.04
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=2592000
cdn-requestid
f28937e994e0cc479b793774f92ab5e0
cdn-requestcountrycode
US
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
3.4.3
cdn.tailwindcss.com/
Redirect Chain
  • https://cdn.tailwindcss.com/
  • https://cdn.tailwindcss.com/3.4.3
357 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.tailwindcss.com/3.4.3
Requested by
Host: fic-track.floship.com
URL: https://fic-track.floship.com/
Protocol
H2
Server
2606:4700:10::ac43:2910 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2c35bf03246b0634bb22cbdc74962c8368e5e13b656e7f3cc10029da79d2e5c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://fic-track.floship.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date
Tue, 02 Apr 2024 15:17:02 GMT
content-encoding
br
strict-transport-security
max-age=63072000
last-modified
Wed, 27 Mar 2024 19:52:06 GMT
x-vercel-id
cle1::iad1::rn74h-1711569125689-ef02b3caf33b
cf-cache-status
HIT
age
501812
server
cloudflare
x-vercel-cache
MISS
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=31536000
cf-ray
86e1c89128be0331-MIA

Redirect headers

date
Tue, 02 Apr 2024 15:17:02 GMT
strict-transport-security
max-age=63072000
cf-cache-status
HIT
x-vercel-id
cle1::iad1::xh9bh-1712070039150-e608c786636e
server
cloudflare
age
802
x-vercel-cache
MISS
vary
Accept-Encoding
location
/3.4.3
cache-control
max-age=14400
cf-ray
86e1c890d8670331-MIA
content-length
0
style.css
fic-track.floship.com/css/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fic-track.floship.com/css/style.css
Requested by
Host: fic-track.floship.com
URL: https://fic-track.floship.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.21.227.162 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-227-162.compute-1.amazonaws.com
Software
Apache /
Resource Hash
f4239146347dcd9bb0e9b0ed6feddcc77ff993e31d78d1405bf3248d8bca3f6f

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fic-track.floship.com/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 02 Apr 2024 15:17:02 GMT
Via
1.1 vegur
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server
Apache
Last-Modified
Tue, 02 Apr 2024 11:19:57 GMT
Etag
"41b-6151b49387140"
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712071022&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&s=fxR1Jadf9NmXqwzDmEgbc6Oi9h00NOqSvFn%2FJYL%2Bdak%3D"}]}
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1051
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712071022&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&s=fxR1Jadf9NmXqwzDmEgbc6Oi9h00NOqSvFn%2FJYL%2Bdak%3D
logo.png
fic-track.floship.com/images/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fic-track.floship.com/images/logo.png
Requested by
Host: fic-track.floship.com
URL: https://fic-track.floship.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.21.227.162 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-227-162.compute-1.amazonaws.com
Software
Apache /
Resource Hash
99f7cd905d160e4bf4408195b22a893a45661a8855a0841e207d5bafe7411d90

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fic-track.floship.com/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 02 Apr 2024 15:17:02 GMT
Via
1.1 vegur
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server
Apache
Last-Modified
Tue, 02 Apr 2024 11:19:57 GMT
Etag
"462c-6151b49387140"
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712071022&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&s=fxR1Jadf9NmXqwzDmEgbc6Oi9h00NOqSvFn%2FJYL%2Bdak%3D"}]}
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
17964
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712071022&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&s=fxR1Jadf9NmXqwzDmEgbc6Oi9h00NOqSvFn%2FJYL%2Bdak%3D
powered.png
fic-track.floship.com/images/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fic-track.floship.com/images/powered.png
Requested by
Host: fic-track.floship.com
URL: https://fic-track.floship.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.21.227.162 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-227-162.compute-1.amazonaws.com
Software
Apache /
Resource Hash
2b930859a36ba9f571150cb39f963d5fcf2b1d1811f2a9f1853369b06befb720

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fic-track.floship.com/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 02 Apr 2024 15:17:02 GMT
Via
1.1 vegur
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server
Apache
Last-Modified
Tue, 02 Apr 2024 11:19:57 GMT
Etag
"3142-6151b49387140"
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712071022&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&s=fxR1Jadf9NmXqwzDmEgbc6Oi9h00NOqSvFn%2FJYL%2Bdak%3D"}]}
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
12610
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712071022&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&s=fxR1Jadf9NmXqwzDmEgbc6Oi9h00NOqSvFn%2FJYL%2Bdak%3D
favicon.ico
fic-track.floship.com/ 		5 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://fic-track.floship.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.21.227.162 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-227-162.compute-1.amazonaws.com
Software
Apache /
Resource Hash
eab1b9a0ef942d84e3a8ed8c3e3996acb7a46af9a0b9f914ced662bcbe0e54be

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fic-track.floship.com/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 02 Apr 2024 15:17:02 GMT
Via
1.1 vegur
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server
Apache
Last-Modified
Tue, 02 Apr 2024 11:19:57 GMT
Etag
"1536-6151b49387140"
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712071022&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&s=fxR1Jadf9NmXqwzDmEgbc6Oi9h00NOqSvFn%2FJYL%2Bdak%3D"}]}
Content-Type
image/x-icon
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5430
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712071022&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&s=fxR1Jadf9NmXqwzDmEgbc6Oi9h00NOqSvFn%2FJYL%2Bdak%3D

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fedex (Transportation)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal object| tailwind string| /template.html

2 Cookies

Domain/Path Name / Value
fic-track.floship.com/ Name: XSRF-TOKEN
Value: eyJpdiI6IlRkazZnOVJ5c240OTl0aVV1WWlZZnc9PSIsInZhbHVlIjoiQ3RkRHJPUkpTU2k2OGd5ZFJlYm1aRkFieXc1em9RZkcyb2tZSDhEUmJCa2pMWjBYaVF2L1BlbEpWS2xNbmhqNG4wNmNoTEd6bUJqazZ2cWFRWCt1QkQvcTJFU1Vkb3BlbW5FS2RDRFlPUG9GY0w4RTVPcUQwbUVkMjU1STRyS0IiLCJtYWMiOiIyOTdiMzE4NDhmYzhjOWE0ZWZlOWEzODVmNmVjNWJlOTU2ZDFjYjE3OWQzNWQ2YmY2YjcwYTM4NDFkMGYwNmY0IiwidGFnIjoiIn0%3D
fic-track.floship.com/ Name: fedex_session
Value: eyJpdiI6IkxXRWkvR1JtNlRaeXdMci9aVWhzZ2c9PSIsInZhbHVlIjoiWW5sSHNEQ2g2WDRMOFZYdThNRTFrc3RQOVFmN2FoaXVpNGZ5a29qaE0vY0FHZXVKSU81MytXVnE5SW82R0VueGlXeU9tb25PU0tkMXhpd3RLMUlCNk9iOWtaR0doVndoOUphTnFFTStmd0Rienc3Z081UjBmN3lCRTFGU3lCaDciLCJtYWMiOiI0MjE2MTYyM2Y3OTM2OWY0Y2JjNDNmMzAxMjM3YjRhNDY3NmE3MzRlNjljNzEwYWM0OGIzNmM2YzM3MDg3YzRhIiwidGFnIjoiIn0%3D