tigerleahu.com - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 23.229.190.73, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is tigerleahu.com.

This is the only time tigerleahu.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Rackspace (Online)

Domain & IP information

	IP Address		AS Autonomous System
1	23.229.190.73 23.229.190.73		26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
4	2

1 23.229.190.73 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-23-229-190-73.ip.secureserver.net

tigerleahu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	tigerleahu.com tigerleahu.com	17 KB
4	1

	Domain	Requested by
1	tigerleahu.com
4	1

This site contains links to these domains. Also see Links.

Domain
www.rackspace.com
cp.rackspace.com
apps.rackspace.com

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://tigerleahu.com/Gbrain/rackspaceauto/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-emailx&emailx=
Frame ID: 6CFDCB5D3D4CB3121F518E8CF92AEED9
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Rackspace Webmail: Hosted Email for Business

Page Statistics

4
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

17 kB
Transfer

45 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: http://www.rackspace.com/apps/

Search URL Search Domain Scan URL

URL: https://cp.rackspace.com/
Title: Control Panel

Search URL Search Domain Scan URL

URL: https://apps.rackspace.com/rackspace-email-plus?utm_content=190x294-cloud-drive-affordability&utm_source=webmail-login-ib&utm_medium=display&utm_campaign=rse-plus-growth-ib-13

Search URL Search Domain Scan URL

URL: http://www.rackspace.com/apps/email_hosting/rackspace_email
Title: Hosted Email

Search URL Search Domain Scan URL

URL: http://www.rackspace.com/information/legal/privacystatement
Title: Privacy Statement

Search URL Search Domain Scan URL

URL: http://www.rackspace.com/information/legal/websiteterms
Title: Website Terms

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.php Show response tigerleahu.com/Gbrain/rackspaceauto/	34 KB 17 KB	370ms 185ms	Document text/html	23.229.190.73 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://tigerleahu.com/Gbrain/rackspaceauto/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-emailx&emailx= Protocol HTTP/1.1 Server 23.229.190.73 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-23-229-190-73.ip.secureserver.net Software Apache / PHP/5.6.40 Resource Hash `ab33ac41b514a7db9278f622ca7b192ab3547c96bba22103e2eaba730f210c24` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Thu, 28 Oct 2021 13:06:06 GMT Server Apache X-Powered-By PHP/5.6.40 Upgrade h2,h2c Connection Upgrade, Keep-Alive Vary Accept-Encoding Content-Encoding gzip Content-Length 17441 Keep-Alive timeout=5, max=100 Content-Type text/html; charset=UTF-8
GET BLOB	200 OK	fc720494-3a6f-41e2-94f2-e47f8dc9551a http://tigerleahu.com/	43 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL blob:http://tigerleahu.com/fc720494-3a6f-41e2-94f2-e47f8dc9551a Requested by Host: tigerleahu.com URL: http://tigerleahu.com/Gbrain/rackspaceauto/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-emailx&emailx= Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `2894fa1d1ebe2f99a165317c3c46ea23a7de28590a1c3965508acaf802e9c9a8` Request headers Accept-Language de-DE,de;q=0.9 Referer http://tigerleahu.com/Gbrain/rackspaceauto/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-emailx&emailx= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Content-Length 43 Content-Type image/gif
GET BLOB	200 OK	a8184c0c-581c-4ba3-9c05-564b97431244 http://tigerleahu.com/	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL blob:http://tigerleahu.com/a8184c0c-581c-4ba3-9c05-564b97431244 Requested by Host: tigerleahu.com URL: http://tigerleahu.com/Gbrain/rackspaceauto/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-emailx&emailx= Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `f167dfd881b45166119fce39b1fa639e925f80e4e7391e3cbe83f843490b7b19` Request headers Accept-Language de-DE,de;q=0.9 Referer http://tigerleahu.com/Gbrain/rackspaceauto/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-emailx&emailx= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Content-Length 2080 Content-Type image/png
GET BLOB	200 OK	162ac5cb-0162-42bb-8038-390f977ef5b6 http://tigerleahu.com/	9 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL blob:http://tigerleahu.com/162ac5cb-0162-42bb-8038-390f977ef5b6 Requested by Host: tigerleahu.com URL: http://tigerleahu.com/Gbrain/rackspaceauto/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-emailx&emailx= Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `db18ad437ed30b29a15bb4a394df2f29cd5073ccab904b6ed5e2cf870530dc62` Request headers Accept-Language de-DE,de;q=0.9 Referer http://tigerleahu.com/Gbrain/rackspaceauto/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-emailx&emailx= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Content-Length 9209 Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Rackspace (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

tigerleahu.com
23.229.190.73
2894fa1d1ebe2f99a165317c3c46ea23a7de28590a1c3965508acaf802e9c9a8
ab33ac41b514a7db9278f622ca7b192ab3547c96bba22103e2eaba730f210c24
db18ad437ed30b29a15bb4a394df2f29cd5073ccab904b6ed5e2cf870530dc62
f167dfd881b45166119fce39b1fa639e925f80e4e7391e3cbe83f843490b7b19

tigerleahu.com Open in urlscan Pro 23.229.190.73 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

4 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

17 kBTransfer

45 kBSize

0 Cookies

6 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

Indicators

tigerleahu.com Open in urlscan Pro
23.229.190.73 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

17 kB
Transfer

45 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!