paddocksmillhoa.com
Open in
urlscan Pro
72.34.46.198
Malicious Activity!
Public Scan
URL:
http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/login.php
Submission: On July 19 via api from IN — Scanned from DE
Submission: On July 19 via api from IN — Scanned from DE
Summary
This website contacted 3 IPs
in 2 countries
across 5 domains to perform 8 HTTP transactions.
The main IP is 72.34.46.198, located in
United States and
belongs to IHNET, US.
The main domain is paddocksmillhoa.com.
This is the only time paddocksmillhoa.com was scanned on urlscan.io!
This is the only time paddocksmillhoa.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Rackspace (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 6 | 72.34.46.198 72.34.46.198 | 33494 (IHNET) (IHNET) | |
| 1 1 | 2a00:1450:400... 2a00:1450:4001:801::2002 | 15169 (GOOGLE) (GOOGLE) | |
| 1 1 | 2a00:1450:400... 2a00:1450:4001:810::2004 | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:806::2003 | 15169 (GOOGLE) (GOOGLE) | |
| 1 2 | 2001:4802:7a0... 2001:4802:7a01:10::7 | 27357 (RACKSPACE) (RACKSPACE) | |
| 8 | 3 |
6
72.34.46.198
(United States)
ASN33494 (IHNET, US)
PTR: mail.tigers.unisonplatform.com
ASN33494 (IHNET, US)
PTR: mail.tigers.unisonplatform.com
| paddocksmillhoa.com |
1
2a00:1450:4001:801::2002
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| googleads.g.doubleclick.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 6 |
paddocksmillhoa.com
paddocksmillhoa.com |
198 KB |
| 2 |
rackspace.com
1 redirects
cp.rackspace.com — Cisco Umbrella Rank: 443856 |
9 KB |
| 1 |
google.de
www.google.de — Cisco Umbrella Rank: 4915 |
548 B |
| 1 |
google.com
1 redirects
www.google.com — Cisco Umbrella Rank: 17 |
904 B |
| 1 |
doubleclick.net
1 redirects
googleads.g.doubleclick.net — Cisco Umbrella Rank: 67 |
979 B |
| 8 | 5 |
| Domain | Requested by | |
|---|---|---|
| 6 | paddocksmillhoa.com |
paddocksmillhoa.com
|
| 2 | cp.rackspace.com |
1 redirects
paddocksmillhoa.com
|
| 1 | www.google.de |
paddocksmillhoa.com
|
| 1 | www.google.com | 1 redirects |
| 1 | googleads.g.doubleclick.net | 1 redirects |
| 8 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.rackspace.com |
| cp.rackspace.com |
| apps.rackspace.com |
| Subject Issuer | Validity | Valid |
|---|
This page contains 1 frames:
Primary Page:
http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/login.php
Frame ID: 345AA956AB79947EE7DE0127D8D1E9DF
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
Rackspace Webmail: Hosted Email for BusinessDetected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
URL: http://www.rackspace.com/apps/
Search URL Search Domain Scan URL
URL: https://cp.rackspace.com/
Title: Control Panel
Title: Control Panel
Search URL Search Domain Scan URL
URL: https://apps.rackspace.com/rackspace-email-plus?utm_source=webmail-login-ib&utm_medium=display&utm_campaign=rse-plus-growth-ib-13&utm_content=190x294-cloud-drive-affordability
Search URL Search Domain Scan URL
URL: https://apps.rackspace.com/forgot-password
Title: Forgot Password?
Title: Forgot Password?
Search URL Search Domain Scan URL
URL: https://www.rackspace.com/apps/email_hosting/rackspace_email
Title: Hosted Email
Title: Hosted Email
Search URL Search Domain Scan URL
URL: http://www.rackspace.com/information/legal/privacystatement
Title: Privacy Statement
Title: Privacy Statement
Search URL Search Domain Scan URL
URL: http://www.rackspace.com/information/legal/websiteterms
Title: Website Terms
Title: Website Terms
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040066332/?random=1959838549&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=50&u_tz=60&u_java=false&u_nplug=4&u_nmime=5&frm=0&url=https://apps.rackspace.com/index.php&ref=https://apps.rackspace.com/&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&jaid=AJHaeXJIoNvd5Ak2R5Zj3Lew6nc84sO1o9haSyt_eeEtOJFlkT0wzQ&ocp_id=tuyGWsHyB8WnzAbwt4DYCQ HTTP 302
- https://www.google.com/pagead/1p-user-list/1040066332/?random=1959838549&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=50&u_tz=60&u_java=false&u_nplug=4&u_nmime=5&frm=0&url=https://apps.rackspace.com/index.php&ref=https://apps.rackspace.com/&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&jaid=AJHaeXJIoNvd5Ak2R5Zj3Lew6nc84sO1o9haSyt_eeEtOJFlkT0wzQ&is_vtc=1&random=2644639242&resp=GooglemKTybQhCsO HTTP 302
- https://www.google.de/pagead/1p-user-list/1040066332/?random=1959838549&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=50&u_tz=60&u_java=false&u_nplug=4&u_nmime=5&frm=0&url=https://apps.rackspace.com/index.php&ref=https://apps.rackspace.com/&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&jaid=AJHaeXJIoNvd5Ak2R5Zj3Lew6nc84sO1o9haSyt_eeEtOJFlkT0wzQ&is_vtc=1&random=2644639242&resp=GooglemKTybQhCsO&ipr=y
- http://cp.rackspace.com/clients/webmail/apps_rackspace_com/images/plus-anytime_anywhere-190x294.png HTTP 302
- https://cp.rackspace.com/clients/webmail/apps_rackspace_com/images/plus-anytime_anywhere-190x294.png
8 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
login.php
paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/ |
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js.download
paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/index_files/ |
91 KB 91 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
saved_resource
paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/index_files/ |
2 KB 2 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.png
paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/index_files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
spacer.png
paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/index_files/ |
89 KB 89 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
blank.gif
paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/index_files/ |
43 B 284 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.google.de/pagead/1p-user-list/1040066332/ Redirect Chain
|
42 B 548 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
plus-anytime_anywhere-190x294.png
cp.rackspace.com/clients/webmail/apps_rackspace_com/images/ Redirect Chain
|
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Rackspace (Online)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| $ function| jQuery boolean| _wm_redirect1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .doubleclick.net/ | Name: test_cookie Value: CheckForPermission |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cp.rackspace.com
googleads.g.doubleclick.net
paddocksmillhoa.com
www.google.com
www.google.de
2001:4802:7a01:10::7
2a00:1450:4001:801::2002
2a00:1450:4001:806::2003
2a00:1450:4001:810::2004
72.34.46.198
2894fa1d1ebe2f99a165317c3c46ea23a7de28590a1c3965508acaf802e9c9a8
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
92fa0541866bf8ba690ac1fe98fa67cf922777d9c9c57d43f4ee10fa20c2bb2e
c158d79537524fc8d07d79398f3b14933a5408ed5695297d5c114c8b93b59058
db18ad437ed30b29a15bb4a394df2f29cd5073ccab904b6ed5e2cf870530dc62
e663736da01a2cc020031b6fdf3cea351b70011446be8ec9f5270510f4b01369
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f167dfd881b45166119fce39b1fa639e925f80e4e7391e3cbe83f843490b7b19