urlscan.io logo urlscan.io
SecurityTrails logo

gatifloxacin.ml Open in urlscan Pro
217.163.23.110  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.mercedes-club-bg.com/chat/templates/template.users.php
Effective URL: http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Submission: On November 20 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 5 domains to perform 9 HTTP transactions. The main IP is 217.163.23.110, located in United Kingdom and belongs to AS-CHOOPA - Choopa, LLC, US. The main domain is gatifloxacin.ml.
This is the only time gatifloxacin.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Rackspace (Online)

Domain & IP information

IP Address AS Autonomous System
1 217.18.244.196 13124 (IBGC)
7 217.163.23.110 20473 (AS-CHOOPA)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
9 3
1    217.18.244.196 (Sofia, Bulgaria)

ASN13124 (IBGC, BG)
PTR: hosting1.webconnect.bg
www.mercedes-club-bg.com
7    217.163.23.110 (United Kingdom)

ASN20473 (AS-CHOOPA - Choopa, LLC, US)
PTR: 217.163.23.110.vultr.com
gatifloxacin.ml
1    2a00:1450:4001:814::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:80b::2004 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
1    2a00:1450:4001:81c::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google.de
Domain Requested by
7 gatifloxacin.ml www.mercedes-club-bg.com
gatifloxacin.ml
1 www.google.de gatifloxacin.ml
1 www.google.com 1 redirects
1 googleads.g.doubleclick.net 1 redirects
1 www.mercedes-club-bg.com
9 5

This site contains links to these domains. Also see Links.

Domain
www.rackspace.com
cp.rackspace.com
Subject Issuer Validity Valid
www.google.de
Google Internet Authority G3		 2018-10-30 -
2019-01-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Frame ID: 3BF68420C955BD139A95EB627758F031
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://www.mercedes-club-bg.com/chat/templates/template.users.php Page URL
  2. http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js/i
  • env /^jQuery$/i

Page Statistics

9
Requests

11 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

120 kB
Transfer

118 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.mercedes-club-bg.com/chat/templates/template.users.php Page URL
  2. http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040066332/?random=1419821665&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=720&u_w=1280&u_ah=720&u_aw=1280&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=4&u_nmime=5&sendb=1&frm=0&url=https://apps.rackspace.com/index.php&ref=https://apps.rackspace.com/&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&jaid=AJHaeXL8XzvH9xsz-jVXbLveHoEbOF4S804ZmpYzbUUPr8blrLri4Q&ocp_id=igLWWp3WDsumbN_LgvAN HTTP 302
  • https://www.google.com/pagead/1p-user-list/1040066332/?random=1419821665&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&u_h=720&u_w=1280&u_ah=720&u_aw=1280&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=4&u_nmime=5&sendb=1&frm=0&url=https://apps.rackspace.com/index.php&ref=https://apps.rackspace.com/&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&jaid=AJHaeXL8XzvH9xsz-jVXbLveHoEbOF4S804ZmpYzbUUPr8blrLri4Q&crd=CITQGw&cdct=2&is_vtc=1&random=2783946529&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-user-list/1040066332/?random=1419821665&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&u_h=720&u_w=1280&u_ah=720&u_aw=1280&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=4&u_nmime=5&sendb=1&frm=0&url=https://apps.rackspace.com/index.php&ref=https://apps.rackspace.com/&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&jaid=AJHaeXL8XzvH9xsz-jVXbLveHoEbOF4S804ZmpYzbUUPr8blrLri4Q&crd=CITQGw&cdct=2&is_vtc=1&random=2783946529&resp=GooglemKTybQhCsO&ipr=y

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
template.users.php
www.mercedes-club-bg.com/chat/templates/ 		164 B
407 B 		Document
General
Check archive.org
Download Go to
Full URL
http://www.mercedes-club-bg.com/chat/templates/template.users.php
Protocol
HTTP/1.1
Server
217.18.244.196 Sofia, Bulgaria, ASN13124 (IBGC, BG),
Reverse DNS
hosting1.webconnect.bg
Software
Apache/2.2.9 / PHP/5.2.17-0.dotdeb.0
Resource Hash
b21b46531b769438207630affd49a95b8ab98d505e4b10c705f63c0dc675768a

Request headers

Host
www.mercedes-club-bg.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 20 Nov 2018 00:44:20 GMT
Server
Apache/2.2.9
X-Powered-By
PHP/5.2.17-0.dotdeb.0
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
144
Keep-Alive
timeout=3, max=80
Connection
Keep-Alive
Content-Type
text/html
Primary Request index.php
gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/ 		13 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Requested by
Host: www.mercedes-club-bg.com
URL: http://www.mercedes-club-bg.com/chat/templates/template.users.php
Protocol
HTTP/1.1
Server
217.163.23.110 , United Kingdom, ASN20473 (AS-CHOOPA - Choopa, LLC, US),
Reverse DNS
217.163.23.110.vultr.com
Software
Apache /
Resource Hash
ba775313d5ba6e78a1a646a644237f27b983b5b116bb6a18182d130092bc1eab

Request headers

Host
gatifloxacin.ml
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://www.mercedes-club-bg.com/chat/templates/template.users.php
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://www.mercedes-club-bg.com/chat/templates/template.users.php

Response headers

Date
Tue, 20 Nov 2018 00:44:36 GMT
Server
Apache
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
jquery.min.js
gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/ 		91 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/jquery.min.js
Requested by
Host: gatifloxacin.ml
URL: http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Protocol
HTTP/1.1
Server
217.163.23.110 , United Kingdom, ASN20473 (AS-CHOOPA - Choopa, LLC, US),
Reverse DNS
217.163.23.110.vultr.com
Software
Apache /
Resource Hash
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
gatifloxacin.ml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 20 Nov 2018 00:44:36 GMT
Last-Modified
Thu, 11 Oct 2018 14:40:20 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
93100
login.js
gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/login.js
Requested by
Host: gatifloxacin.ml
URL: http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Protocol
HTTP/1.1
Server
217.163.23.110 , United Kingdom, ASN20473 (AS-CHOOPA - Choopa, LLC, US),
Reverse DNS
217.163.23.110.vultr.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
gatifloxacin.ml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 20 Nov 2018 00:44:36 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
388
Content-Type
text/html; charset=iso-8859-1
saved_resource
gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/saved_resource
Requested by
Host: gatifloxacin.ml
URL: http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Protocol
HTTP/1.1
Server
217.163.23.110 , United Kingdom, ASN20473 (AS-CHOOPA - Choopa, LLC, US),
Reverse DNS
217.163.23.110.vultr.com
Software
Apache /
Resource Hash
f8689fe484dbd862415821527ed5e04d319d837df94847c13a9e76c7cd1f997c

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
gatifloxacin.ml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 20 Nov 2018 00:44:36 GMT
Last-Modified
Thu, 11 Oct 2018 14:40:20 GMT
Server
Apache
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
1726
logo_20141002.png
gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/logo_20141002.png
Requested by
Host: gatifloxacin.ml
URL: http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Protocol
HTTP/1.1
Server
217.163.23.110 , United Kingdom, ASN20473 (AS-CHOOPA - Choopa, LLC, US),
Reverse DNS
217.163.23.110.vultr.com
Software
Apache /
Resource Hash
f167dfd881b45166119fce39b1fa639e925f80e4e7391e3cbe83f843490b7b19

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
gatifloxacin.ml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 20 Nov 2018 00:44:36 GMT
Last-Modified
Thu, 11 Oct 2018 14:40:20 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
2080
plus-anytime_anywhere-190x294.png
gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/plus-anytime_anywhere-190x294.png
Requested by
Host: gatifloxacin.ml
URL: http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Protocol
HTTP/1.1
Server
217.163.23.110 , United Kingdom, ASN20473 (AS-CHOOPA - Choopa, LLC, US),
Reverse DNS
217.163.23.110.vultr.com
Software
Apache /
Resource Hash
db18ad437ed30b29a15bb4a394df2f29cd5073ccab904b6ed5e2cf870530dc62

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
gatifloxacin.ml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 20 Nov 2018 00:44:36 GMT
Last-Modified
Thu, 11 Oct 2018 14:40:20 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=95
Content-Length
9209
ssllogo.gif
gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/ 		1023 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/Webmail_login_files/ssllogo.gif
Requested by
Host: gatifloxacin.ml
URL: http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Protocol
HTTP/1.1
Server
217.163.23.110 , United Kingdom, ASN20473 (AS-CHOOPA - Choopa, LLC, US),
Reverse DNS
217.163.23.110.vultr.com
Software
Apache /
Resource Hash
bdad796e4ae503ca04d1227dbdc8e4934802aa9f828b0c81ca7f1588b7b04ade

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
gatifloxacin.ml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 20 Nov 2018 00:44:36 GMT
Last-Modified
Thu, 11 Oct 2018 14:40:20 GMT
Server
Apache
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=94
Content-Length
1023
/
www.google.de/pagead/1p-user-list/1040066332/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040066332/?random=1419821665&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=7...
  • https://www.google.com/pagead/1p-user-list/1040066332/?random=1419821665&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&u_h=720&u_w=1280&u_ah=720&u_aw=1280&u_cd=24&u_his...
  • https://www.google.de/pagead/1p-user-list/1040066332/?random=1419821665&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&u_h=720&u_w=1280&u_ah=720&u_aw=1280&u_cd=24&u_his=...
42 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/1040066332/?random=1419821665&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&u_h=720&u_w=1280&u_ah=720&u_aw=1280&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=4&u_nmime=5&sendb=1&frm=0&url=https://apps.rackspace.com/index.php&ref=https://apps.rackspace.com/&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&jaid=AJHaeXL8XzvH9xsz-jVXbLveHoEbOF4S804ZmpYzbUUPr8blrLri4Q&crd=CITQGw&cdct=2&is_vtc=1&random=2783946529&resp=GooglemKTybQhCsO&ipr=y
Requested by
Host: gatifloxacin.ml
URL: http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81c::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://gatifloxacin.ml/dhl.global/e-notification/Rackspace/secure/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Nov 2018 00:44:36 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 20 Nov 2018 00:44:36 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
image/gif
location
https://www.google.de/pagead/1p-user-list/1040066332/?random=1419821665&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&u_h=720&u_w=1280&u_ah=720&u_aw=1280&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=4&u_nmime=5&sendb=1&frm=0&url=https://apps.rackspace.com/index.php&ref=https://apps.rackspace.com/&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&jaid=AJHaeXL8XzvH9xsz-jVXbLveHoEbOF4S804ZmpYzbUUPr8blrLri4Q&crd=CITQGw&cdct=2&is_vtc=1&random=2783946529&resp=GooglemKTybQhCsO&ipr=y
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Rackspace (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery boolean| _wm_redirect string| _ext_js_path

0 Cookies