rack-space-a32937.owamser.workers.dev
Open in
urlscan Pro
172.67.182.110
Malicious Activity!
Public Scan
Submission: On July 17 via api from BY — Scanned from US
Summary
TLS certificate: Issued by WE1 on July 14th 2024. Valid for: 3 months.
This is the only time rack-space-a32937.owamser.workers.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Rackspace (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 172.67.182.110 172.67.182.110 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4802:7a0... 2001:4802:7a01:10::4 | 27357 (RACKSPACE) (RACKSPACE) | |
3 | 2001:4802:7a0... 2001:4802:7a01:10::7 | 27357 (RACKSPACE) (RACKSPACE) | |
2 | 172.253.115.156 172.253.115.156 | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 142.251.179.157 142.251.179.157 | 15169 (GOOGLE) (GOOGLE) | |
1 | 172.253.62.147 172.253.62.147 | 15169 (GOOGLE) (GOOGLE) | |
11 | 6 |
ASN15169 (GOOGLE, US)
PTR: bg-in-f156.1e100.net
www.googleadservices.com |
ASN15169 (GOOGLE, US)
PTR: pd-in-f157.1e100.net
googleads.g.doubleclick.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
rackspace.com
apps.rackspace.com — Cisco Umbrella Rank: 188012 cp.rackspace.com |
41 KB |
2 |
googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 176 |
22 KB |
2 |
workers.dev
rack-space-a32937.owamser.workers.dev |
13 KB |
1 |
google.com
www.google.com — Cisco Umbrella Rank: 10 |
64 B |
1 |
doubleclick.net
1 redirects
googleads.g.doubleclick.net — Cisco Umbrella Rank: 77 |
24 B |
0 |
ajax.goog
Failed
ajax.goog Failed |
|
0 |
sitepoint.com
Failed
www.sitepoint.com Failed |
|
11 | 7 |
Domain | Requested by | |
---|---|---|
3 | cp.rackspace.com |
rack-space-a32937.owamser.workers.dev
|
2 | www.googleadservices.com |
rack-space-a32937.owamser.workers.dev
www.googleadservices.com |
2 | rack-space-a32937.owamser.workers.dev | |
1 | www.google.com |
rack-space-a32937.owamser.workers.dev
|
1 | googleads.g.doubleclick.net | 1 redirects |
1 | apps.rackspace.com |
rack-space-a32937.owamser.workers.dev
|
0 | ajax.goog Failed |
rack-space-a32937.owamser.workers.dev
|
0 | www.sitepoint.com Failed |
rack-space-a32937.owamser.workers.dev
|
11 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.rackspace.com |
cp.rackspace.com |
apps.rackspace.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
owamser.workers.dev WE1 |
2024-07-14 - 2024-10-12 |
3 months | crt.sh |
apps.rackspace.com Thawte EV RSA CA G2 |
2023-08-08 - 2024-08-17 |
a year | crt.sh |
cp.rackspace.com Thawte TLS RSA CA G1 |
2024-07-01 - 2025-07-23 |
a year | crt.sh |
*.googleadservices.com WR2 |
2024-06-24 - 2024-09-16 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://rack-space-a32937.owamser.workers.dev/
Frame ID: 904B453CFBC44B664843C0184E19DC88
Requests: 11 HTTP requests in this frame
6 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Control Panel
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Hosted Email
Search URL Search Domain Scan URL
Title: Privacy Statement
Search URL Search Domain Scan URL
Title: Website Terms
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 8- https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040066332/?random=1242732529&cv=9&fst=1721216352400&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Frack-space-a32937.owamser.workers.dev%2F&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&capi=1&hn=www.googleadservices.com&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSidldmVudC1zb3VyY2UsIHRyaWdnZXI7bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMI7bqVyv6thwMVw4uDCB332AgEMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6Lmh0dHBzOi8vcmFjay1zcGFjZS1hMzI5Mzcub3dhbXNlci53b3JrZXJzLmRldi8 HTTP 302
- https://www.google.com/pagead/1p-user-list/1040066332/?random=1242732529&cv=9&fst=1721214000000&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Frack-space-a32937.owamser.workers.dev%2F&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&capi=1&hn=www.googleadservices.com&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSidldmVudC1zb3VyY2UsIHRyaWdnZXI7bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMI7bqVyv6thwMVw4uDCB332AgEMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6Lmh0dHBzOi8vcmFjay1zcGFjZS1hMzI5Mzcub3dhbXNlci53b3JrZXJzLmRldi8&is_vtc=1&cid=CAQSGwDaQooLXqalWHwtsZCkpWQiQtQauXjqmzNI3A&random=2367357355&resp=GooglemKTybQhCsO
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
rack-space-a32937.owamser.workers.dev/ |
45 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
MaskedPassword.js
www.sitepoint.com/examples/password/MaskedPassword/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery.min.js
ajax.goog//leapis.com/ajax/libs/jquery/1.10.2/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
apps.rackspace.com/a/js/ |
29 KB 29 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blank.gif
cp.rackspace.com/clients/webmail/apps_rackspace_com/images/ |
43 B 313 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
conversion.js
www.googleadservices.com/pagead/ |
57 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.googleadservices.com/pagead/conversion/1040066332/ |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_20141002.png
cp.rackspace.com/clients/webmail/apps_rackspace_com/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plus-anytime_anywhere-190x294.png
cp.rackspace.com/clients/webmail/apps_rackspace_com/images/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.google.com/pagead/1p-user-list/1040066332/ Redirect Chain
|
42 B 64 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
rack-space-a32937.owamser.workers.dev/ |
45 KB 6 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.sitepoint.com
- URL
- https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js
- Domain
- ajax.goog
- URL
- https://ajax.goog//leapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Rackspace (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| onFormSubmit object| Webmail object| $Login object| $TEAEncrypt object| google_tag_data function| GooglemKTybQhCsO number| google_conversion_snippets number| google_conversion_first_time1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.doubleclick.net/ | Name: test_cookie Value: CheckForPermission |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.goog
apps.rackspace.com
cp.rackspace.com
googleads.g.doubleclick.net
rack-space-a32937.owamser.workers.dev
www.google.com
www.googleadservices.com
www.sitepoint.com
ajax.goog
www.sitepoint.com
142.251.179.157
172.253.115.156
172.253.62.147
172.67.182.110
2001:4802:7a01:10::4
2001:4802:7a01:10::7
184011b264b77cdb8b17caa6a712a67e3ef6c573853a751aa212858d7f2ba1e6
254954afb10634ad2eead14d873510c39a68c15d3bf54bf958655962cb7e1450
2894fa1d1ebe2f99a165317c3c46ea23a7de28590a1c3965508acaf802e9c9a8
678c7bdfa334cc04afdfdbb1e3e7ebf98ecce178135ab46d4d6791bf70cf6028
db18ad437ed30b29a15bb4a394df2f29cd5073ccab904b6ed5e2cf870530dc62
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef9025a043d2d92730696cd33b7216fd4a33e8d4f5d3ad4b17243b415f1ab766
f167dfd881b45166119fce39b1fa639e925f80e4e7391e3cbe83f843490b7b19