support-rackspace-inc.com
Open in
urlscan Pro
185.84.108.232
Malicious Activity!
Public Scan
Effective URL: http://support-rackspace-inc.com/login/
Submission: On February 15 via manual from IN
Summary
This is the only time support-rackspace-inc.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Rackspace (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 107.180.29.18 107.180.29.18 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
1 | 2606:4700::68... 2606:4700::6811:4004 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 185.84.108.232 185.84.108.232 | 43362 (MAJORDOMO) (MAJORDOMO) | |
9 | 3 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-107-180-29-18.ip.secureserver.net
rounduprealtycebu.com |
ASN43362 (MAJORDOMO, RU)
PTR: web29.majordomo.ru
support-rackspace-inc.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
support-rackspace-inc.com
support-rackspace-inc.com |
58 KB |
1 |
cloudflare.com
ajax.cloudflare.com |
2 KB |
1 |
rounduprealtycebu.com
rounduprealtycebu.com |
835 B |
9 | 3 |
Domain | Requested by | |
---|---|---|
7 | support-rackspace-inc.com |
support-rackspace-inc.com
|
1 | ajax.cloudflare.com |
rounduprealtycebu.com
|
1 | rounduprealtycebu.com | |
9 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cloudflare.com CloudFlare Inc ECC CA-2 |
2020-01-07 - 2020-10-09 |
9 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://support-rackspace-inc.com/login/
Frame ID: 89F6D64651787610FBD32B6E758BAAB0
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://rounduprealtycebu.com/wp-admin/js/ Page URL
- http://support-rackspace-inc.com/login/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://rounduprealtycebu.com/wp-admin/js/ Page URL
- http://support-rackspace-inc.com/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- http://ajax.cloudflare.com/cdn-cgi/nexp/dok3v=fb690a32f5/cloudflare.min.js HTTP 307
- https://ajax.cloudflare.com/cdn-cgi/nexp/dok3v=fb690a32f5/cloudflare.min.js
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
rounduprealtycebu.com/wp-admin/js/ |
691 B 835 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cloudflare.min.js
ajax.cloudflare.com/cdn-cgi/nexp/dok3v=fb690a32f5/ Redirect Chain
|
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
support-rackspace-inc.com/login/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
support-rackspace-inc.com/login/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
support-rackspace-inc.com/login/ |
84 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
support-rackspace-inc.com/login/media/ |
19 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-appstore.svg
support-rackspace-inc.com/login/media/ |
12 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-playstore.png
support-rackspace-inc.com/login/media/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
support-rackspace-inc.com/login/ |
747 B 656 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Rackspace (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| validateInput0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.cloudflare.com
rounduprealtycebu.com
support-rackspace-inc.com
107.180.29.18
185.84.108.232
2606:4700::6811:4004
1c5a6fa085d8985092ebb8f8d12a5302f7f475230559bb6ea24b82de0f4edfe9
215e46442382af6784b854e56f70c527d0d205a367c58567c308d3c3fbe31cc2
46cf2fd6c265656ad3a8a28b7a6fba00c94ccc8fe72a6adc2c8114675f03ea95
4cfabcfdbec9a5cd903190f150028743f38c3533b53ea21c6e4dd35a52a80383
5de57d878173443ace04bdb74b0016aa4e7e2b63c5abc50f92a95fb120cd19fb
79d1744b3148a4b7265a9d2006eb1f6b72fda68490c398e380cb0692aeb8c5e5
c1b48cebe4518523df4febda89d387a211652786c4b9e4ad33f34a1ce62bc88b
f22d2d062732ffa6a3eeb7bfab6c4c86b2e91ae93a7ba5a02594e9ad15a1554e
fdce77a6d0053f32d231518a84a71bcab5c86045ed52369da00b89d4284aef46