package-inquiry-b9b0a.web.app Open in urlscan Pro
2620:0:890::100  Malicious Activity! Public Scan

Submitted URL: https://tudoperfeito.fun/wp-content/themes/mero-magazine/psg.php
Effective URL: https://package-inquiry-b9b0a.web.app/
Submission: On February 14 via manual from IT — Scanned from IT

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 20 HTTP transactions. The main IP is 2620:0:890::100, located in United States and belongs to FASTLY, US. The main domain is package-inquiry-b9b0a.web.app.
TLS certificate: Issued by GTS CA 1D4 on December 19th 2022. Valid for: 3 months.
This is the only time package-inquiry-b9b0a.web.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fedex (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 216.172.172.67 19871 (NETWORK-S...)
14 2620:0:890::100 54113 (FASTLY)
3 2a00:1450:400... 15169 (GOOGLE)
1 173.231.16.76 18450 (WEBNX)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
20 5
Apex Domain
Subdomains
Transfer
14 web.app
package-inquiry-b9b0a.web.app
157 KB
3 gstatic.com
fonts.gstatic.com
91 KB
1 ipapi.co
ipapi.co — Cisco Umbrella Rank: 18504
907 B
1 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2777
123 B
1 tudoperfeito.fun
tudoperfeito.fun
217 B
20 5
Domain Requested by
14 package-inquiry-b9b0a.web.app tudoperfeito.fun
package-inquiry-b9b0a.web.app
3 fonts.gstatic.com package-inquiry-b9b0a.web.app
1 ipapi.co package-inquiry-b9b0a.web.app
1 api.ipify.org package-inquiry-b9b0a.web.app
1 tudoperfeito.fun
20 5

This site contains no links.

Subject Issuer Validity Valid
www.tudoperfeito.fun.gotadapratafun.fun
R3
2023-01-07 -
2023-04-07
3 months crt.sh
web.app
GTS CA 1D4
2022-12-19 -
2023-03-19
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-01-31 -
2023-04-25
3 months crt.sh
*.ipify.org
Sectigo RSA Domain Validation Secure Server CA
2023-02-07 -
2024-02-18
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-05-16 -
2023-05-16
a year crt.sh

This page contains 1 frames:

Primary Page: https://package-inquiry-b9b0a.web.app/
Frame ID: 7C2EF197EE2223300B3E612587590CEA
Requests: 20 HTTP requests in this frame

Screenshot

Page Title

Fеdех

Page URL History Show full URLs

  1. https://tudoperfeito.fun/wp-content/themes/mero-magazine/psg.php Page URL
  2. https://package-inquiry-b9b0a.web.app/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Page Statistics

20
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

249 kB
Transfer

683 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://tudoperfeito.fun/wp-content/themes/mero-magazine/psg.php Page URL
  2. https://package-inquiry-b9b0a.web.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
psg.php
tudoperfeito.fun/wp-content/themes/mero-magazine/
114 B
217 B
Document
General
Full URL
https://tudoperfeito.fun/wp-content/themes/mero-magazine/psg.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.172.172.67 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
br460-ip03.hostgator.com.br
Software
Apache /
Resource Hash
14135e8436cc87b6d98819afe2d5910d257da33d7a357a98dbb09a998b074500

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

content-encoding
gzip
content-length
121
content-type
text/html; charset=UTF-8
date
Tue, 14 Feb 2023 11:29:45 GMT
server
Apache
vary
Accept-Encoding
Primary Request /
package-inquiry-b9b0a.web.app/
13 KB
1 KB
Document
General
Full URL
https://package-inquiry-b9b0a.web.app/
Requested by
Host: tudoperfeito.fun
URL: https://tudoperfeito.fun/wp-content/themes/mero-magazine/psg.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
57c5ae2cf09a3f031edb59a3bc8eb65fc62d6a3c47f442e5f1efa7c5da107c14
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://tudoperfeito.fun/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=3600
content-encoding
br
content-length
874
content-type
text/html; charset=utf-8
date
Tue, 14 Feb 2023 11:29:45 GMT
etag
"87e599847fe015f5308f56e65e76b1f9bd449829797b895676eaec8dacfff77a-br"
last-modified
Mon, 13 Feb 2023 14:31:58 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
x-cache-hits
0
x-served-by
cache-mxp6979-MXP
x-timer
S1676374185.296844,VS0,VE100
runtime.8414f7b476ce91b5ac27.js
package-inquiry-b9b0a.web.app/
1 KB
728 B
Script
General
Full URL
https://package-inquiry-b9b0a.web.app/runtime.8414f7b476ce91b5ac27.js
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
10d79512b8a210b04ec328e175a1952779f328df9a191dce200e9dd34624056a
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://package-inquiry-b9b0a.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-served-by
cache-mxp6979-MXP
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Tue, 14 Feb 2023 11:29:45 GMT
last-modified
Mon, 13 Feb 2023 14:31:58 GMT
x-timer
S1676374185.495633,VS0,VE128
etag
"094ff8297d73ed102d16dfa230eb1305a3854bc7f2dd053b6147986ea729ef8d-br"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
591
x-cache-hits
0
polyfills.446b97903ad01f95f9bc.js
package-inquiry-b9b0a.web.app/
33 KB
11 KB
Script
General
Full URL
https://package-inquiry-b9b0a.web.app/polyfills.446b97903ad01f95f9bc.js
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f9817fafa4c8b0cac7eeaf1ed7df45f146086ae5980a821a50a529b5e1846d64
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://package-inquiry-b9b0a.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-served-by
cache-mxp6979-MXP
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Tue, 14 Feb 2023 11:29:45 GMT
last-modified
Mon, 13 Feb 2023 14:31:58 GMT
x-timer
S1676374185.495637,VS0,VE147
etag
"caf5dd231115cf9f0dcd31343a3bdbd0a615d60c6ab44be6012ba7f0bfc07707-br"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
10870
x-cache-hits
0
main.209e39607602e6b1f30e.js
package-inquiry-b9b0a.web.app/
501 KB
127 KB
Script
General
Full URL
https://package-inquiry-b9b0a.web.app/main.209e39607602e6b1f30e.js
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
db950a29abc67587413afa73472fb6e33f829ba710f5a0e175a5ec1b713547b7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://package-inquiry-b9b0a.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-served-by
cache-mxp6947-MXP
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Tue, 14 Feb 2023 11:29:45 GMT
last-modified
Mon, 13 Feb 2023 14:31:58 GMT
x-timer
S1676374186.516245,VS0,VE148
etag
"365cbbc9899c3c339b8479c40e212f59335752985e4d4c0f5994db299615ed1d-br"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
129757
x-cache-hits
0
styles.eedd0fd42c55e1aba2e7.css
package-inquiry-b9b0a.web.app/
20 KB
3 KB
Stylesheet
General
Full URL
https://package-inquiry-b9b0a.web.app/styles.eedd0fd42c55e1aba2e7.css
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
62e1f2b6096e29c4a2ba64cef18c90601006cada3884d3f9887e0e6a263d83a7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://package-inquiry-b9b0a.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-served-by
cache-mxp6947-MXP
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Tue, 14 Feb 2023 11:29:45 GMT
last-modified
Mon, 13 Feb 2023 14:31:58 GMT
x-timer
S1676374186.516385,VS0,VE132
etag
"902926c676c8309f8683d7a24584a7e37a7372d6ea5f946ba6d3b1057a977226-br"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
text/css; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
2329
x-cache-hits
0
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/
44 KB
44 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://package-inquiry-b9b0a.web.app/
Origin
https://package-inquiry-b9b0a.web.app
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 08:26:15 GMT
x-content-type-options
nosniff
age
356610
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44856
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 18:20:18 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 10 Feb 2024 08:26:15 GMT
/
api.ipify.org/
24 B
123 B
XHR
General
Full URL
https://api.ipify.org/?format=json
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/polyfills.446b97903ad01f95f9bc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
173.231.16.76 , United States, ASN18450 (WEBNX, US),
Reverse DNS
173-231-16-76.static.webnx.com
Software
/
Resource Hash
5a9fa8ec202f6b1a7d4d299db65e2a64638e49c01dd50a40fd309bb6057ba198

Request headers

Accept
application/json, text/plain, */*
Referer
https://package-inquiry-b9b0a.web.app/
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

access-control-allow-origin
https://package-inquiry-b9b0a.web.app
date
Tue, 14 Feb 2023 11:29:46 GMT
content-length
24
vary
Origin
content-type
application/json
logo.png
package-inquiry-b9b0a.web.app/assets/
18 KB
4 KB
Image
General
Full URL
https://package-inquiry-b9b0a.web.app/assets/logo.png
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
99f7cd905d160e4bf4408195b22a893a45661a8855a0841e207d5bafe7411d90
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://package-inquiry-b9b0a.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-served-by
cache-mxp6947-MXP
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Tue, 14 Feb 2023 11:29:46 GMT
last-modified
Mon, 13 Feb 2023 14:31:58 GMT
x-timer
S1676374186.839498,VS0,VE246
etag
"36f20ed91cc77acc7d1b58d213df4fdde3278330957511588ba7ea3d7b9b6ac4-br"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
image/png
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
4054
x-cache-hits
0
arrow.png
package-inquiry-b9b0a.web.app/assets/
273 B
594 B
Image
General
Full URL
https://package-inquiry-b9b0a.web.app/assets/arrow.png
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5d40469bec954c9105462c4f8f808c26cb1d2d0462e78326d87a863a4bebcecd
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://package-inquiry-b9b0a.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-served-by
cache-mxp6947-MXP
strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Tue, 14 Feb 2023 11:29:46 GMT
last-modified
Mon, 13 Feb 2023 14:31:58 GMT
x-timer
S1676374186.840136,VS0,VE231
etag
"5487df2b0cd68b9953dfbd114b60f14e9b1a791007ab7e32546b1cd96c6e88ff"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
image/png
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
273
x-cache-hits
0
header-icon1.png
package-inquiry-b9b0a.web.app/assets/
1 KB
2 KB
Image
General
Full URL
https://package-inquiry-b9b0a.web.app/assets/header-icon1.png
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b15bab32569969289dafeba6f869b8dbc36462e013245762e398859204c946e9
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://package-inquiry-b9b0a.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-served-by
cache-mxp6947-MXP
strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Tue, 14 Feb 2023 11:29:46 GMT
last-modified
Mon, 13 Feb 2023 14:31:58 GMT
x-timer
S1676374186.842930,VS0,VE253
etag
"390e311a3b598ada41ee7c7b83bed650e13131852b06d65e93f276a2aa944d49"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
image/png
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
1509
x-cache-hits
0
header-icon2.png
package-inquiry-b9b0a.web.app/assets/
2 KB
2 KB
Image
General
Full URL
https://package-inquiry-b9b0a.web.app/assets/header-icon2.png
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
de3d55a9455a060fdc78a53b9d2726811aea908dc948f7abb9398b7c54cc6e8a
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://package-inquiry-b9b0a.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-served-by
cache-mxp6947-MXP
strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Tue, 14 Feb 2023 11:29:46 GMT
last-modified
Mon, 13 Feb 2023 14:31:58 GMT
x-timer
S1676374186.842905,VS0,VE268
etag
"cf360b01f68935d78a6558bf8fa266a6696aa60472ea2ae15a388fbc6136f6aa"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
image/png
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
1585
x-cache-hits
0
header-icon3.png
package-inquiry-b9b0a.web.app/assets/
1 KB
1 KB
Image
General
Full URL
https://package-inquiry-b9b0a.web.app/assets/header-icon3.png
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
eff30400f0ba5f66b1295396f200ae94cac23bbcf9960dce5b67c3d699c73c31
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://package-inquiry-b9b0a.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-served-by
cache-mxp6947-MXP
strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Tue, 14 Feb 2023 11:29:46 GMT
last-modified
Mon, 13 Feb 2023 14:31:58 GMT
x-timer
S1676374186.843563,VS0,VE254
etag
"27a5e35b1fbfb0333b833535844569aa6a8431107f09dedf2cf509fae2d95cb1"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
image/png
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
1101
x-cache-hits
0
dots.png
package-inquiry-b9b0a.web.app/assets/
262 B
581 B
Image
General
Full URL
https://package-inquiry-b9b0a.web.app/assets/dots.png
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8748e92ec190b17bed52570d5c87ceee3a44111d16cbd66589d40fddd1b05cb0
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://package-inquiry-b9b0a.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-served-by
cache-mxp6947-MXP
strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Tue, 14 Feb 2023 11:29:46 GMT
last-modified
Mon, 13 Feb 2023 14:31:58 GMT
x-timer
S1676374186.843548,VS0,VE256
etag
"c19530bd71b0af9f6b37cfc129b24407c969f1fbe1b210b25590489c2029161e"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
image/png
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
262
x-cache-hits
0
icon1.png
package-inquiry-b9b0a.web.app/assets/
675 B
997 B
Image
General
Full URL
https://package-inquiry-b9b0a.web.app/assets/icon1.png
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
22aaf60f91fb5f783db0afc52aca0fbb6c0ed42afef3949c6885d75242146e60
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://package-inquiry-b9b0a.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-served-by
cache-mxp6947-MXP
strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Tue, 14 Feb 2023 11:29:46 GMT
last-modified
Mon, 13 Feb 2023 14:31:58 GMT
x-timer
S1676374186.843520,VS0,VE215
etag
"6fafa7848ad4c96f785ed55b844b0ffd9c9da7a7c7ef47f3f8dcb390c6af99de"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
image/png
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
675
x-cache-hits
0
icon3.png
package-inquiry-b9b0a.web.app/assets/
616 B
936 B
Image
General
Full URL
https://package-inquiry-b9b0a.web.app/assets/icon3.png
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7ebc82abf1efe7ae7aac40c8f4f493bf7eada63384f66073ed1024069233b7ae
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://package-inquiry-b9b0a.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-served-by
cache-mxp6947-MXP
strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Tue, 14 Feb 2023 11:29:46 GMT
last-modified
Mon, 13 Feb 2023 14:31:58 GMT
x-timer
S1676374186.843503,VS0,VE290
etag
"273eec17f3dfbc3b0e4e8b15f39a15b1e469d8cc6ec763e65a1d2eae340289cd"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
image/png
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
616
x-cache-hits
0
social.png
package-inquiry-b9b0a.web.app/assets/
2 KB
2 KB
Image
General
Full URL
https://package-inquiry-b9b0a.web.app/assets/social.png
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
08e0af481673473e20d15a3e7d688a006670412bd28ae67105af1bd9e5f09256
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://package-inquiry-b9b0a.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-served-by
cache-mxp6947-MXP
strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Tue, 14 Feb 2023 11:29:46 GMT
last-modified
Mon, 13 Feb 2023 14:31:58 GMT
x-timer
S1676374186.843459,VS0,VE242
etag
"f4b5d49796208613a1c8f27042b2fbf84f54da4fc3572a549f6b4d5bd751a290"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
image/png
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
1638
x-cache-hits
0
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
fonts.gstatic.com/s/opensans/v34/
26 KB
26 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
59bd288e64c57e034672999e33ebda6eb5ad1575945eb563dbfb5b44f226e1e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://package-inquiry-b9b0a.web.app/
Origin
https://package-inquiry-b9b0a.web.app
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Wed, 08 Feb 2023 11:59:19 GMT
x-content-type-options
nosniff
age
516626
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
26240
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 18:14:37 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 08 Feb 2024 11:59:19 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2
fonts.gstatic.com/s/opensans/v34/
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0c018fe9d09945d93f6f5aa5f1c53a2975621c3043a22344eaf86d6500c245c6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://package-inquiry-b9b0a.web.app/
Origin
https://package-inquiry-b9b0a.web.app
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 23:40:27 GMT
x-content-type-options
nosniff
age
560958
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21048
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 18:13:11 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 07 Feb 2024 23:40:27 GMT
/
ipapi.co/192.145.127.213/json/
758 B
907 B
XHR
General
Full URL
https://ipapi.co/192.145.127.213/json/
Requested by
Host: package-inquiry-b9b0a.web.app
URL: https://package-inquiry-b9b0a.web.app/polyfills.446b97903ad01f95f9bc.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::ac43:45e2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e755c0e1eba57899bdbf0279de8326afa6814f3cf0dac9a1f83c1d22fcb492a9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
https://package-inquiry-b9b0a.web.app/
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 11:29:46 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
same-origin
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Host, Origin
allow
HEAD, OPTIONS, GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://package-inquiry-b9b0a.web.app
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XjZ84QFaBvD7NbCUO3ImhorZXGbgQ8yeEIOGPnvASyJXE7vSE3Ahj5K15psmzz40uqgCrz%2FkKAGJGcEvJa%2FV9wRaWeJ%2B%2FuLf4s9zFvAU8bHD8IfaI5Z%2FvM4Ez0oCaGLG4uhA81b3"}],"group":"cf-nel","max_age":604800}
x-frame-options
DENY
cf-ray
799577c8cddf5a07-MXP

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fedex (Transportation)

149 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange object| webpackChunkfedex function| Zone function| __zone_symbol__Promise function| __zone_symbol__fetch function| __zone_symbol__queueMicrotask function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforexrselectpatched boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononbeforeinputpatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontextlostpatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__ononcontextrestoredpatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__ononformdatapatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononsecuritypolicyviolationpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononslotchangepatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointerrawupdatepatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononmessageerrorpatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononbeforematchpatched boolean| __zone_symbol__ononcontentvisibilityautostatechangepatched object| __zone_symbol__popstatefalse object| __zone_symbol__hashchangefalse function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener undefined| __zone_symbol__eventListeners undefined| __zone_symbol__removeAllListeners function| eventListeners function| removeAllListeners

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
fonts.gstatic.com
ipapi.co
package-inquiry-b9b0a.web.app
tudoperfeito.fun
173.231.16.76
216.172.172.67
2606:4700:20::ac43:45e2
2620:0:890::100
2a00:1450:400d:80a::2003
08e0af481673473e20d15a3e7d688a006670412bd28ae67105af1bd9e5f09256
0c018fe9d09945d93f6f5aa5f1c53a2975621c3043a22344eaf86d6500c245c6
10d79512b8a210b04ec328e175a1952779f328df9a191dce200e9dd34624056a
14135e8436cc87b6d98819afe2d5910d257da33d7a357a98dbb09a998b074500
22aaf60f91fb5f783db0afc52aca0fbb6c0ed42afef3949c6885d75242146e60
57c5ae2cf09a3f031edb59a3bc8eb65fc62d6a3c47f442e5f1efa7c5da107c14
59bd288e64c57e034672999e33ebda6eb5ad1575945eb563dbfb5b44f226e1e1
5a9fa8ec202f6b1a7d4d299db65e2a64638e49c01dd50a40fd309bb6057ba198
5d40469bec954c9105462c4f8f808c26cb1d2d0462e78326d87a863a4bebcecd
62e1f2b6096e29c4a2ba64cef18c90601006cada3884d3f9887e0e6a263d83a7
7ebc82abf1efe7ae7aac40c8f4f493bf7eada63384f66073ed1024069233b7ae
8748e92ec190b17bed52570d5c87ceee3a44111d16cbd66589d40fddd1b05cb0
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
99f7cd905d160e4bf4408195b22a893a45661a8855a0841e207d5bafe7411d90
b15bab32569969289dafeba6f869b8dbc36462e013245762e398859204c946e9
db950a29abc67587413afa73472fb6e33f829ba710f5a0e175a5ec1b713547b7
de3d55a9455a060fdc78a53b9d2726811aea908dc948f7abb9398b7c54cc6e8a
e755c0e1eba57899bdbf0279de8326afa6814f3cf0dac9a1f83c1d22fcb492a9
eff30400f0ba5f66b1295396f200ae94cac23bbcf9960dce5b67c3d699c73c31
f9817fafa4c8b0cac7eeaf1ed7df45f146086ae5980a821a50a529b5e1846d64