support-rackspace-inc.com Open in urlscan Pro
185.84.108.232 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://rounduprealtycebu.com/wp-admin/js/
Effective URL:
http://support-rackspace-inc.com/login/
Submission: On February 15 via manual (February 15th 2020, 1:14:41 pm UTC) from IN

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 185.84.108.232, located in Russian Federation and belongs to MAJORDOMO, RU. The main domain is support-rackspace-inc.com.

This is the only time support-rackspace-inc.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Rackspace (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	107.180.29.18 107.180.29.18	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
1	2606:4700::68... 2606:4700::6811:4004	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	185.84.108.232 185.84.108.232	43362 (MAJORDOMO) (MAJORDOMO)
9	3

1 107.180.29.18 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-107-180-29-18.ip.secureserver.net

rounduprealtycebu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:4004 (United States)

ASN13335 (CLOUDFLARENET, US)

ajax.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.84.108.232 (Russian Federation)

ASN43362 (MAJORDOMO, RU)
PTR: web29.majordomo.ru

support-rackspace-inc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	support-rackspace-inc.com support-rackspace-inc.com	58 KB
1	cloudflare.com ajax.cloudflare.com	2 KB
1	rounduprealtycebu.com rounduprealtycebu.com	835 B
9	3

	Domain	Requested by
7	support-rackspace-inc.com	support-rackspace-inc.com
1	ajax.cloudflare.com	rounduprealtycebu.com
1	rounduprealtycebu.com
9	3

This site contains no links.

Subject Issuer	Validity	Valid
cloudflare.com CloudFlare Inc ECC CA-2	`2020-01-07` - `2020-10-09`	9 months	crt.sh

This page contains 1 frames:

Primary Page: http://support-rackspace-inc.com/login/
Frame ID: 89F6D64651787610FBD32B6E758BAAB0
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://rounduprealtycebu.com/wp-admin/js/ Page URL
http://support-rackspace-inc.com/login/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

9
Requests

11 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

61 kB
Transfer

138 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://rounduprealtycebu.com/wp-admin/js/ Page URL
http://support-rackspace-inc.com/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://ajax.cloudflare.com/cdn-cgi/nexp/dok3v=fb690a32f5/cloudflare.min.js HTTP 307
https://ajax.cloudflare.com/cdn-cgi/nexp/dok3v=fb690a32f5/cloudflare.min.js

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
rounduprealtycebu.com/wp-admin/js/ 691 B
835 B 386ms
219ms Document
text/html 107.180.29.18
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://rounduprealtycebu.com/wp-admin/js/
Protocol: HTTP/1.1
Server: 107.180.29.18 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-107-180-29-18.ip.secureserver.net
Software: Apache /
Resource Hash: 46cf2fd6c265656ad3a8a28b7a6fba00c94ccc8fe72a6adc2c8114675f03ea95

Request headers

Host: rounduprealtycebu.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 15 Feb 2020 13:14:25 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 15 Feb 2020 02:42:08 GMT
ETag: "a8a20e6-2b3-59e9444af09fc-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 478
Keep-Alive: timeout=5
Content-Type: text/html

GET
H2

200

cloudflare.min.js Show response
ajax.cloudflare.com/cdn-cgi/nexp/dok3v=fb690a32f5/
Redirect Chain

http://ajax.cloudflare.com/cdn-cgi/nexp/dok3v=fb690a32f5/cloudflare.min.js
https://ajax.cloudflare.com/cdn-cgi/nexp/dok3v=fb690a32f5/cloudflare.min.js

3 KB
2 KB

10ms
9ms

Script
application/javascript

2606:4700::6811:4004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.cloudflare.com/cdn-cgi/nexp/dok3v=fb690a32f5/cloudflare.min.js

Requested by

Host: rounduprealtycebu.com
URL: http://rounduprealtycebu.com/wp-admin/js/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79d1744b3148a4b7265a9d2006eb1f6b72fda68490c398e380cb0692aeb8c5e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://rounduprealtycebu.com/wp-admin/js/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 13:14:25 GMT
content-encoding: gzip
last-modified: Mon, 10 Feb 2020 15:55:32 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5e417cf4-c37"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=172800, public
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 56578b76a8a8c2b8-FRA
alt-svc: h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
expires: Mon, 17 Feb 2020 13:14:25 GMT

Redirect headers

Location: https://ajax.cloudflare.com/cdn-cgi/nexp/dok3v=fb690a32f5/cloudflare.min.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK Primary Request / Show response
support-rackspace-inc.com/login/ 2 KB
1 KB 172ms
94ms Document
text/html 185.84.108.232
MAJORDOMO

General

Check archive.org

Show headers Download Go to

Full URL: http://support-rackspace-inc.com/login/
Protocol: HTTP/1.1
Server: 185.84.108.232 , Russian Federation, ASN43362 (MAJORDOMO, RU),
Reverse DNS: web29.majordomo.ru
Software: nginx / PHP/5.5.38
Resource Hash: 1c5a6fa085d8985092ebb8f8d12a5302f7f475230559bb6ea24b82de0f4edfe9

Request headers

Host: support-rackspace-inc.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://rounduprealtycebu.com/wp-admin/js/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://rounduprealtycebu.com/wp-admin/js/

Response headers

Server: nginx
Date: Sat, 15 Feb 2020 13:14:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 828
Connection: keep-alive
X-Powered-By: PHP/5.5.38
Vary: Accept-Encoding
Content-Encoding: gzip

GET
H/1.1 200
OK style.css
support-rackspace-inc.com/login/ 3 KB
1 KB 53ms
52ms Stylesheet
text/css 185.84.108.232
MAJORDOMO

General

Check archive.org

Show headers Download Go to

Full URL: http://support-rackspace-inc.com/login/style.css
Requested by: Host: support-rackspace-inc.com
URL: http://support-rackspace-inc.com/login/
Protocol: HTTP/1.1
Server: 185.84.108.232 , Russian Federation, ASN43362 (MAJORDOMO, RU),
Reverse DNS: web29.majordomo.ru
Software: nginx /
Resource Hash: f22d2d062732ffa6a3eeb7bfab6c4c86b2e91ae93a7ba5a02594e9ad15a1554e

Request headers

Referer: http://support-rackspace-inc.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 15 Feb 2020 13:14:25 GMT
Content-Encoding: gzip
Last-Modified: Sat, 15 Feb 2020 02:40:13 GMT
Server: nginx
ETag: W/"5e475a0d-bfc"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK jquery.min.js Show response
support-rackspace-inc.com/login/ 84 KB
29 KB 104ms
91ms Script
application/javascript 185.84.108.232
MAJORDOMO

General

Check archive.org

Show headers Download Go to

Full URL: http://support-rackspace-inc.com/login/jquery.min.js
Requested by: Host: support-rackspace-inc.com
URL: http://support-rackspace-inc.com/login/
Protocol: HTTP/1.1
Server: 185.84.108.232 , Russian Federation, ASN43362 (MAJORDOMO, RU),
Reverse DNS: web29.majordomo.ru
Software: nginx /
Resource Hash: fdce77a6d0053f32d231518a84a71bcab5c86045ed52369da00b89d4284aef46

Request headers

Referer: http://support-rackspace-inc.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 15 Feb 2020 13:14:25 GMT
Content-Encoding: gzip
Last-Modified: Sat, 15 Feb 2020 02:40:09 GMT
Server: nginx
ETag: W/"5e475a09-14e49"
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK logo.svg
support-rackspace-inc.com/login/media/ 19 KB
7 KB 99ms
85ms Image
image/svg+xml 185.84.108.232
MAJORDOMO

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://support-rackspace-inc.com/login/media/logo.svg
Requested by: Host: support-rackspace-inc.com
URL: http://support-rackspace-inc.com/login/
Protocol: HTTP/1.1
Server: 185.84.108.232 , Russian Federation, ASN43362 (MAJORDOMO, RU),
Reverse DNS: web29.majordomo.ru
Software: nginx /
Resource Hash: 5de57d878173443ace04bdb74b0016aa4e7e2b63c5abc50f92a95fb120cd19fb

Request headers

Referer: http://support-rackspace-inc.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 15 Feb 2020 13:14:25 GMT
Content-Encoding: gzip
Last-Modified: Sat, 15 Feb 2020 02:40:15 GMT
Server: nginx
ETag: W/"5e475a0f-4be6"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK logo-appstore.svg
support-rackspace-inc.com/login/media/ 12 KB
5 KB 108ms
94ms Image
image/svg+xml 185.84.108.232
MAJORDOMO

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://support-rackspace-inc.com/login/media/logo-appstore.svg
Requested by: Host: support-rackspace-inc.com
URL: http://support-rackspace-inc.com/login/
Protocol: HTTP/1.1
Server: 185.84.108.232 , Russian Federation, ASN43362 (MAJORDOMO, RU),
Reverse DNS: web29.majordomo.ru
Software: nginx /
Resource Hash: 4cfabcfdbec9a5cd903190f150028743f38c3533b53ea21c6e4dd35a52a80383

Request headers

Referer: http://support-rackspace-inc.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 15 Feb 2020 13:14:25 GMT
Content-Encoding: gzip
Last-Modified: Sat, 15 Feb 2020 02:40:15 GMT
Server: nginx
ETag: W/"5e475a0f-2fc0"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK logo-playstore.png
support-rackspace-inc.com/login/media/ 14 KB
14 KB 49ms
49ms Image
image/png 185.84.108.232
MAJORDOMO

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://support-rackspace-inc.com/login/media/logo-playstore.png
Requested by: Host: support-rackspace-inc.com
URL: http://support-rackspace-inc.com/login/
Protocol: HTTP/1.1
Server: 185.84.108.232 , Russian Federation, ASN43362 (MAJORDOMO, RU),
Reverse DNS: web29.majordomo.ru
Software: nginx /
Resource Hash: 215e46442382af6784b854e56f70c527d0d205a367c58567c308d3c3fbe31cc2

Request headers

Referer: http://support-rackspace-inc.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 15 Feb 2020 13:14:25 GMT
Last-Modified: Sat, 15 Feb 2020 02:40:15 GMT
Server: nginx
ETag: "5e475a0f-3685"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13957

GET
H/1.1 200
OK login.js Show response
support-rackspace-inc.com/login/ 747 B
656 B 59ms
59ms Script
application/javascript 185.84.108.232
MAJORDOMO

General

Check archive.org

Show headers Download Go to

Full URL: http://support-rackspace-inc.com/login/login.js
Requested by: Host: support-rackspace-inc.com
URL: http://support-rackspace-inc.com/login/
Protocol: HTTP/1.1
Server: 185.84.108.232 , Russian Federation, ASN43362 (MAJORDOMO, RU),
Reverse DNS: web29.majordomo.ru
Software: nginx /
Resource Hash: c1b48cebe4518523df4febda89d387a211652786c4b9e4ad33f34a1ce62bc88b

Request headers

Referer: http://support-rackspace-inc.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 15 Feb 2020 13:14:26 GMT
Content-Encoding: gzip
Last-Modified: Sat, 15 Feb 2020 02:40:10 GMT
Server: nginx
ETag: W/"5e475a0a-2eb"
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Rackspace (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.cloudflare.com
rounduprealtycebu.com
support-rackspace-inc.com
107.180.29.18
185.84.108.232
2606:4700::6811:4004
1c5a6fa085d8985092ebb8f8d12a5302f7f475230559bb6ea24b82de0f4edfe9
215e46442382af6784b854e56f70c527d0d205a367c58567c308d3c3fbe31cc2
46cf2fd6c265656ad3a8a28b7a6fba00c94ccc8fe72a6adc2c8114675f03ea95
4cfabcfdbec9a5cd903190f150028743f38c3533b53ea21c6e4dd35a52a80383
5de57d878173443ace04bdb74b0016aa4e7e2b63c5abc50f92a95fb120cd19fb
79d1744b3148a4b7265a9d2006eb1f6b72fda68490c398e380cb0692aeb8c5e5
c1b48cebe4518523df4febda89d387a211652786c4b9e4ad33f34a1ce62bc88b
f22d2d062732ffa6a3eeb7bfab6c4c86b2e91ae93a7ba5a02594e9ad15a1554e
fdce77a6d0053f32d231518a84a71bcab5c86045ed52369da00b89d4284aef46

support-rackspace-inc.com Open in urlscan Pro 185.84.108.232 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

11 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

61 kBTransfer

138 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

Indicators

support-rackspace-inc.com Open in urlscan Pro
185.84.108.232 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

11 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

61 kB
Transfer

138 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!