ical.fedexdigitalcalendar.com
Open in
urlscan Pro
2606:4700:20::681a:96a
Malicious Activity!
Public Scan
Submission: On July 13 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by E1 on May 30th 2022. Valid for: 3 months.
This is the only time ical.fedexdigitalcalendar.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Fedex (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 2606:4700:20:... 2606:4700:20::681a:96a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 208.101.240.116 208.101.240.116 | 14230 (INVOLTA) (INVOLTA) | |
5 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
fedexdigitalcalendar.com
ical.fedexdigitalcalendar.com |
25 KB |
1 |
infinitycontact.com
ftp.infinitycontact.com |
18 KB |
5 | 2 |
Domain | Requested by | |
---|---|---|
4 | ical.fedexdigitalcalendar.com |
ical.fedexdigitalcalendar.com
|
1 | ftp.infinitycontact.com |
ical.fedexdigitalcalendar.com
|
5 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.fedexdigitalcalendar.com E1 |
2022-05-30 - 2022-08-28 |
3 months | crt.sh |
ftp.infinitycontact.com Go Daddy Secure Certificate Authority - G2 |
2021-08-01 - 2022-09-02 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://ical.fedexdigitalcalendar.com/digitalcalendar/home/confirmationpage?eventGUID=A0891F5D-3078-4542-B586-3B260C9C78F6
Frame ID: 4BB28C6B66595A427A1B1AFB9E6D128B
Requests: 2 HTTP requests in this frame
Frame:
https://ical.fedexdigitalcalendar.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1657728000
Frame ID: 0BB57639179B8652D5F4D4E67B24975E
Requests: 3 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
confirmationpage
ical.fedexdigitalcalendar.com/digitalcalendar/home/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FedEx_Whitelogo.png
ftp.infinitycontact.com/img/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
invisible.js
ical.fedexdigitalcalendar.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame 0BB5 |
40 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pica.js
ical.fedexdigitalcalendar.com/cdn-cgi/challenge-platform/h/g/scripts/ Frame 0BB5 |
21 KB 8 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
72a3b56e4fce9bbe
ical.fedexdigitalcalendar.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 0BB5 |
2 B 581 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Fedex (Transportation)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.fedexdigitalcalendar.com/ | Name: __cf_bm Value: DcqqRYDO4NLcwET_Rrj2UC9D5PGpHmPEHSDW8HHjlbU-1657733031-0-AUoAfiSZTL7WkVbatLxopN53cTwWjV8eMR0neaIc7794CQVwBtQe8hdPyeyagiQH3A0pyZhk2R0xjF9eSeIGGRgSA65T70c2viwKe5YDvW3yyqTOxEtbMWmU23l2XMQiTg== |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ftp.infinitycontact.com
ical.fedexdigitalcalendar.com
208.101.240.116
2606:4700:20::681a:96a
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
333c6789c764d0c01d84761818d5316bbdcf123d9dd5006f254555a99228c6f6
a522687d8b152efdd12ccec781f54d91fa60de20408684f1ef41c1e672619c56
ed4ec6905203b74855ab3b0745fd1935f4d614b905dc5ed3a67b4e4666d32833
f95fbaeeb6c592ec97cb4197f57c9dc47639e01dd5c17df7956067fee7a47017