paddocksmillhoa.com Open in urlscan Pro
72.34.46.198  Malicious Activity! Public Scan

URL: http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/login.php
Submission: On May 24 via api from US — Scanned from DE

Summary

This website contacted 3 IPs in 2 countries across 5 domains to perform 8 HTTP transactions. The main IP is 72.34.46.198, located in United States and belongs to IHNET, US. The main domain is paddocksmillhoa.com.
This is the only time paddocksmillhoa.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Rackspace (Online)

Domain & IP information

IP Address AS Autonomous System
6 72.34.46.198 33494 (IHNET)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2001:4802:7a0... 27357 (RACKSPACE)
8 3
Apex Domain
Subdomains
Transfer
6 paddocksmillhoa.com
paddocksmillhoa.com
198 KB
2 rackspace.com
cp.rackspace.com — Cisco Umbrella Rank: 414763
9 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 5483
548 B
1 google.com
www.google.com — Cisco Umbrella Rank: 7
904 B
1 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 44
979 B
8 5
Domain Requested by
6 paddocksmillhoa.com paddocksmillhoa.com
2 cp.rackspace.com 1 redirects paddocksmillhoa.com
1 www.google.de paddocksmillhoa.com
1 www.google.com 1 redirects
1 googleads.g.doubleclick.net 1 redirects
8 5

This site contains links to these domains. Also see Links.

Domain
www.rackspace.com
cp.rackspace.com
apps.rackspace.com
Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/login.php
Frame ID: 916D5F0E333B556C2A9E8B6592BECEF6
Requests: 8 HTTP requests in this frame

Screenshot

Page Title

Rackspace Webmail: Hosted Email for Business

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

0 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

3
IPs

2
Countries

208 kB
Transfer

205 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040066332/?random=1959838549&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=50&u_tz=60&u_java=false&u_nplug=4&u_nmime=5&frm=0&url=https://apps.rackspace.com/index.php&ref=https://apps.rackspace.com/&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&jaid=AJHaeXJIoNvd5Ak2R5Zj3Lew6nc84sO1o9haSyt_eeEtOJFlkT0wzQ&ocp_id=tuyGWsHyB8WnzAbwt4DYCQ HTTP 302
  • https://www.google.com/pagead/1p-user-list/1040066332/?random=1959838549&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=50&u_tz=60&u_java=false&u_nplug=4&u_nmime=5&frm=0&url=https://apps.rackspace.com/index.php&ref=https://apps.rackspace.com/&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&jaid=AJHaeXJIoNvd5Ak2R5Zj3Lew6nc84sO1o9haSyt_eeEtOJFlkT0wzQ&is_vtc=1&random=1205102514&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-user-list/1040066332/?random=1959838549&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=50&u_tz=60&u_java=false&u_nplug=4&u_nmime=5&frm=0&url=https://apps.rackspace.com/index.php&ref=https://apps.rackspace.com/&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&jaid=AJHaeXJIoNvd5Ak2R5Zj3Lew6nc84sO1o9haSyt_eeEtOJFlkT0wzQ&is_vtc=1&random=1205102514&resp=GooglemKTybQhCsO&ipr=y
Request Chain 6
  • http://cp.rackspace.com/clients/webmail/apps_rackspace_com/images/plus-anytime_anywhere-190x294.png HTTP 302
  • https://cp.rackspace.com/clients/webmail/apps_rackspace_com/images/plus-anytime_anywhere-190x294.png

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login.php
paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/
13 KB
13 KB
Document
General
Full URL
http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/login.php
Protocol
HTTP/1.1
Server
72.34.46.198 , United States, ASN33494 (IHNET, US),
Reverse DNS
mail.tigers.unisonplatform.com
Software
Apache /
Resource Hash
e663736da01a2cc020031b6fdf3cea351b70011446be8ec9f5270510f4b01369

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Tue, 24 May 2022 02:03:53 GMT
Keep-Alive
timeout=5, max=200
Server
Apache
Transfer-Encoding
chunked
jquery.min.js.download
paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/index_files/
91 KB
91 KB
Script
General
Full URL
http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/index_files/jquery.min.js.download
Requested by
Host: paddocksmillhoa.com
URL: http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/login.php
Protocol
HTTP/1.1
Server
72.34.46.198 , United States, ASN33494 (IHNET, US),
Reverse DNS
mail.tigers.unisonplatform.com
Software
Apache /
Resource Hash
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 02:03:53 GMT
Last-Modified
Thu, 31 Jan 2019 19:58:17 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=200
Content-Length
93100
saved_resource
paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/index_files/
2 KB
2 KB
Script
General
Full URL
http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/index_files/saved_resource
Requested by
Host: paddocksmillhoa.com
URL: http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/login.php
Protocol
HTTP/1.1
Server
72.34.46.198 , United States, ASN33494 (IHNET, US),
Reverse DNS
mail.tigers.unisonplatform.com
Software
Apache /
Resource Hash
92fa0541866bf8ba690ac1fe98fa67cf922777d9c9c57d43f4ee10fa20c2bb2e

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 02:03:53 GMT
Last-Modified
Thu, 31 Jan 2019 19:58:17 GMT
Server
Apache
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=199
Content-Length
1679
logo.png
paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/index_files/
2 KB
2 KB
Image
General
Full URL
http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/index_files/logo.png
Requested by
Host: paddocksmillhoa.com
URL: http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/login.php
Protocol
HTTP/1.1
Server
72.34.46.198 , United States, ASN33494 (IHNET, US),
Reverse DNS
mail.tigers.unisonplatform.com
Software
Apache /
Resource Hash
f167dfd881b45166119fce39b1fa639e925f80e4e7391e3cbe83f843490b7b19

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 02:03:54 GMT
Last-Modified
Thu, 31 Jan 2019 19:58:17 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=198
Content-Length
2080
spacer.png
paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/index_files/
89 KB
89 KB
Image
General
Full URL
http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/index_files/spacer.png
Requested by
Host: paddocksmillhoa.com
URL: http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/login.php
Protocol
HTTP/1.1
Server
72.34.46.198 , United States, ASN33494 (IHNET, US),
Reverse DNS
mail.tigers.unisonplatform.com
Software
Apache /
Resource Hash
c158d79537524fc8d07d79398f3b14933a5408ed5695297d5c114c8b93b59058

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 02:03:54 GMT
Last-Modified
Thu, 31 Jan 2019 19:58:17 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=197
Content-Length
90871
blank.gif
paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/index_files/
43 B
284 B
Image
General
Full URL
http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/index_files/blank.gif
Requested by
Host: paddocksmillhoa.com
URL: http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/login.php
Protocol
HTTP/1.1
Server
72.34.46.198 , United States, ASN33494 (IHNET, US),
Reverse DNS
mail.tigers.unisonplatform.com
Software
Apache /
Resource Hash
2894fa1d1ebe2f99a165317c3c46ea23a7de28590a1c3965508acaf802e9c9a8

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 02:03:54 GMT
Last-Modified
Thu, 31 Jan 2019 19:58:17 GMT
Server
Apache
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=199
Content-Length
43
/
www.google.de/pagead/1p-user-list/1040066332/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040066332/?random=1959838549&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=7...
  • https://www.google.com/pagead/1p-user-list/1040066332/?random=1959838549&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his...
  • https://www.google.de/pagead/1p-user-list/1040066332/?random=1959838549&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=...
42 B
548 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/1040066332/?random=1959838549&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=50&u_tz=60&u_java=false&u_nplug=4&u_nmime=5&frm=0&url=https://apps.rackspace.com/index.php&ref=https://apps.rackspace.com/&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&jaid=AJHaeXJIoNvd5Ak2R5Zj3Lew6nc84sO1o9haSyt_eeEtOJFlkT0wzQ&is_vtc=1&random=1205102514&resp=GooglemKTybQhCsO&ipr=y
Requested by
Host: paddocksmillhoa.com
URL: http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/login.php
Protocol
H2
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://paddocksmillhoa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 May 2022 02:03:54 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 24 May 2022 02:03:54 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.de/pagead/1p-user-list/1040066332/?random=1959838549&cv=9&fst=*&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=50&u_tz=60&u_java=false&u_nplug=4&u_nmime=5&frm=0&url=https://apps.rackspace.com/index.php&ref=https://apps.rackspace.com/&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&jaid=AJHaeXJIoNvd5Ak2R5Zj3Lew6nc84sO1o9haSyt_eeEtOJFlkT0wzQ&is_vtc=1&random=1205102514&resp=GooglemKTybQhCsO&ipr=y
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
plus-anytime_anywhere-190x294.png
cp.rackspace.com/clients/webmail/apps_rackspace_com/images/
Redirect Chain
  • http://cp.rackspace.com/clients/webmail/apps_rackspace_com/images/plus-anytime_anywhere-190x294.png
  • https://cp.rackspace.com/clients/webmail/apps_rackspace_com/images/plus-anytime_anywhere-190x294.png
9 KB
9 KB
Image
General
Full URL
https://cp.rackspace.com/clients/webmail/apps_rackspace_com/images/plus-anytime_anywhere-190x294.png
Requested by
Host: paddocksmillhoa.com
URL: http://paddocksmillhoa.com/plugin/54a5bd36f79f7b06bf8b2077d34ddd5b/login.php
Protocol
HTTP/1.1
Server
2001:4802:7a01:10::7 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
db18ad437ed30b29a15bb4a394df2f29cd5073ccab904b6ed5e2cf870530dc62

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://paddocksmillhoa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 02:03:55 GMT
Last-Modified
Tue, 31 Oct 2017 20:00:35 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
ETag
"af449aea8252d31:0"
Content-Type
image/png
Cache-Control
no-cache
Accept-Ranges
bytes
Content-Length
9209

Redirect headers

Location
https://cp.rackspace.com/clients/webmail/apps_rackspace_com/images/plus-anytime_anywhere-190x294.png
Server
BigIP
Connection
Keep-Alive
Content-Length
0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Rackspace (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| $ function| jQuery boolean| _wm_redirect

1 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission