gatifloxacin.ml
Open in
urlscan Pro
217.163.23.110
Malicious Activity!
Public Scan
Effective URL: http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Submission: On November 20 via manual from US
Summary
This is the only time gatifloxacin.ml was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Rackspace (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 217.18.244.196 217.18.244.196 | 13124 (IBGC) (IBGC) | |
7 | 217.163.23.110 217.163.23.110 | 20473 (AS-CHOOPA) (AS-CHOOPA - Choopa) | |
1 1 | 2a00:1450:400... 2a00:1450:4001:814::2002 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 1 | 2a00:1450:400... 2a00:1450:4001:80b::2004 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:81c::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
9 | 3 |
ASN13124 (IBGC, BG)
PTR: hosting1.webconnect.bg
www.mercedes-club-bg.com |
ASN20473 (AS-CHOOPA - Choopa, LLC, US)
PTR: 217.163.23.110.vultr.com
gatifloxacin.ml |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
gatifloxacin.ml
gatifloxacin.ml |
119 KB |
1 |
google.de
www.google.de |
315 B |
1 |
google.com
1 redirects
www.google.com |
500 B |
1 |
doubleclick.net
1 redirects
googleads.g.doubleclick.net |
932 B |
1 |
mercedes-club-bg.com
www.mercedes-club-bg.com |
407 B |
9 | 5 |
Domain | Requested by | |
---|---|---|
7 | gatifloxacin.ml |
www.mercedes-club-bg.com
gatifloxacin.ml |
1 | www.google.de |
gatifloxacin.ml
|
1 | www.google.com | 1 redirects |
1 | googleads.g.doubleclick.net | 1 redirects |
1 | www.mercedes-club-bg.com | |
9 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.rackspace.com |
cp.rackspace.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.google.de Google Internet Authority G3 |
2018-10-30 - 2019-01-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Frame ID: 3BF68420C955BD139A95EB627758F031
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://www.mercedes-club-bg.com/chat/templates/template.users.php Page URL
- http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Control Panel
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.mercedes-club-bg.com/chat/templates/template.users.php Page URL
- http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 7- https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040066332/?random=1419821665&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=720&u_w=1280&u_ah=720&u_aw=1280&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=4&u_nmime=5&sendb=1&frm=0&url=https://apps.rackspace.com/index.php&ref=https://apps.rackspace.com/&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&jaid=AJHaeXL8XzvH9xsz-jVXbLveHoEbOF4S804ZmpYzbUUPr8blrLri4Q&ocp_id=igLWWp3WDsumbN_LgvAN HTTP 302
- https://www.google.com/pagead/1p-user-list/1040066332/?random=1419821665&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&u_h=720&u_w=1280&u_ah=720&u_aw=1280&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=4&u_nmime=5&sendb=1&frm=0&url=https://apps.rackspace.com/index.php&ref=https://apps.rackspace.com/&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&jaid=AJHaeXL8XzvH9xsz-jVXbLveHoEbOF4S804ZmpYzbUUPr8blrLri4Q&crd=CITQGw&cdct=2&is_vtc=1&random=2783946529&resp=GooglemKTybQhCsO HTTP 302
- https://www.google.de/pagead/1p-user-list/1040066332/?random=1419821665&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&u_h=720&u_w=1280&u_ah=720&u_aw=1280&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=4&u_nmime=5&sendb=1&frm=0&url=https://apps.rackspace.com/index.php&ref=https://apps.rackspace.com/&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&jaid=AJHaeXL8XzvH9xsz-jVXbLveHoEbOF4S804ZmpYzbUUPr8blrLri4Q&crd=CITQGw&cdct=2&is_vtc=1&random=2783946529&resp=GooglemKTybQhCsO&ipr=y
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
template.users.php
www.mercedes-club-bg.com/chat/templates/ |
164 B 407 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
index.php
gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/ |
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/ |
91 KB 91 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saved_resource
gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/ |
2 KB 2 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_20141002.png
gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plus-anytime_anywhere-190x294.png
gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ssllogo.gif
gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/ |
1023 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
www.google.de/pagead/1p-user-list/1040066332/ Redirect Chain
|
42 B 315 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Rackspace (Online)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery boolean| _wm_redirect string| _ext_js_path0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
gatifloxacin.ml
googleads.g.doubleclick.net
www.google.com
www.google.de
www.mercedes-club-bg.com
217.163.23.110
217.18.244.196
2a00:1450:4001:80b::2004
2a00:1450:4001:814::2002
2a00:1450:4001:81c::2003
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
b21b46531b769438207630affd49a95b8ab98d505e4b10c705f63c0dc675768a
ba775313d5ba6e78a1a646a644237f27b983b5b116bb6a18182d130092bc1eab
bdad796e4ae503ca04d1227dbdc8e4934802aa9f828b0c81ca7f1588b7b04ade
db18ad437ed30b29a15bb4a394df2f29cd5073ccab904b6ed5e2cf870530dc62
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f167dfd881b45166119fce39b1fa639e925f80e4e7391e3cbe83f843490b7b19
f8689fe484dbd862415821527ed5e04d319d837df94847c13a9e76c7cd1f997c