urlscan.io logo urlscan.io
SecurityTrails logo

rack-space-a32937.owamser.workers.dev Open in urlscan Pro
172.67.182.110  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://rack-space-a32937.owamser.workers.dev/
Submission: On December 23 via api from AU — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 1 countries across 8 domains to perform 11 HTTP transactions. The main IP is 172.67.182.110, located in United States and belongs to CLOUDFLARENET, US. The main domain is rack-space-a32937.owamser.workers.dev.
TLS certificate: Issued by GTS CA 1P5 on November 21st 2023. Valid for: 3 months.
This is the only time rack-space-a32937.owamser.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Rackspace (Online)

Domain & IP information

IP Address AS Autonomous System
1 172.67.182.110 13335 (CLOUDFLAR...)
1 13.35.147.14 16509 (AMAZON-02)
1 69.20.91.24 27357 (RACKSPACE)
4 104.130.182.72 27357 (RACKSPACE)
2 142.250.66.194 15169 (GOOGLE)
1 1 142.250.67.2 15169 (GOOGLE)
1 1 142.250.76.100 15169 (GOOGLE)
1 142.250.204.3 15169 (GOOGLE)
11 7
1    172.67.182.110 (United States)

ASN13335 (CLOUDFLARENET, US)
rack-space-a32937.owamser.workers.dev
1    13.35.147.14 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-147-14.syd1.r.cloudfront.net
www.sitepoint.com
1    69.20.91.24 (United States)

ASN27357 (RACKSPACE, US)
apps.rackspace.com
4    104.130.182.72 (United States)

ASN27357 (RACKSPACE, US)
cp.rackspace.com
2    142.250.66.194 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s23-in-f2.1e100.net
www.googleadservices.com
1    142.250.67.2 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd15s16-in-f2.1e100.net
googleads.g.doubleclick.net
1    142.250.76.100 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s24-in-f4.1e100.net
www.google.com
1    142.250.204.3 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f3.1e100.net
www.google.com.au
Apex Domain
Subdomains		 Transfer
5 rackspace.com
apps.rackspace.com — Cisco Umbrella Rank: 146593
cp.rackspace.com — Cisco Umbrella Rank: 663209
41 KB
2 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 138
20 KB
1 google.com.au
www.google.com.au — Cisco Umbrella Rank: 29909
455 B
1 google.com
www.google.com — Cisco Umbrella Rank: 2
820 B
1 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
892 B
1 sitepoint.com
www.sitepoint.com — Cisco Umbrella Rank: 236695
1 workers.dev
rack-space-a32937.owamser.workers.dev
6 KB
0 ajax.goog Failed
ajax.goog Failed
11 8
Domain Requested by
4 cp.rackspace.com rack-space-a32937.owamser.workers.dev
2 www.googleadservices.com rack-space-a32937.owamser.workers.dev
www.googleadservices.com
1 www.google.com.au rack-space-a32937.owamser.workers.dev
1 www.google.com 1 redirects
1 googleads.g.doubleclick.net 1 redirects
1 apps.rackspace.com rack-space-a32937.owamser.workers.dev
1 www.sitepoint.com rack-space-a32937.owamser.workers.dev
1 rack-space-a32937.owamser.workers.dev
0 ajax.goog Failed rack-space-a32937.owamser.workers.dev
11 9

This site contains links to these domains. Also see Links.

Domain
www.rackspace.com
cp.rackspace.com
apps.rackspace.com
Subject Issuer Validity Valid
owamser.workers.dev
GTS CA 1P5		 2023-11-21 -
2024-02-19		 3 months crt.sh
www.sitepoint.com
Amazon RSA 2048 M03		 2023-08-06 -
2024-09-02		 a year crt.sh
apps.rackspace.com
Thawte EV RSA CA G2		 2023-08-08 -
2024-08-17		 a year crt.sh
cp.rackspace.com
Thawte TLS RSA CA G1		 2023-07-05 -
2024-07-18		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://rack-space-a32937.owamser.workers.dev/
Frame ID: 28C1B59FBD4C1A6701E75392EFCFA1D8
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Rackspace Webmail: Hosted Email for Business

Page Statistics

11
Requests

82 %
HTTPS

0 %
IPv6

8
Domains

9
Subdomains

7
IPs

1
Countries

68 kB
Transfer

137 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040066332/?random=779201120&cv=9&fst=1703329008138&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Frack-space-a32937.owamser.workers.dev%2F&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&hn=www.googleadservices.com&fmt=3&ct_cookie_present=false&ocp_id=8LyGZZDsC5_FmsMP54eJCA&sscte=1&crd=&pscrd=IhMIkKTgg7OlgwMVn6JmAh3nQwIB HTTP 302
  • https://www.google.com/pagead/1p-user-list/1040066332/?random=779201120&cv=9&fst=1703325600000&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&eid=375603261%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Frack-space-a32937.owamser.workers.dev%2F&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ct_cookie_present=false&crd=&is_vtc=1&cid=CAQSGwAvHhf_vawioR2NhCLacSZY0iTy4ZoofabxBw&random=637819687&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.com.au/pagead/1p-user-list/1040066332/?random=779201120&cv=9&fst=1703325600000&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&eid=375603261%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Frack-space-a32937.owamser.workers.dev%2F&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ct_cookie_present=false&crd=&is_vtc=1&cid=CAQSGwAvHhf_vawioR2NhCLacSZY0iTy4ZoofabxBw&random=637819687&resp=GooglemKTybQhCsO&ipr=y

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
rack-space-a32937.owamser.workers.dev/ 		45 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rack-space-a32937.owamser.workers.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.182.110 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
678c7bdfa334cc04afdfdbb1e3e7ebf98ecce178135ab46d4d6791bf70cf6028

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-ray
83a014716d33dfaf-SYD
content-encoding
br
content-type
text/html;charset=UTF-8
date
Sat, 23 Dec 2023 10:56:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LKegOqtPf%2B42ZI6joZQHsmom5%2BolwOvuERGQvdxSCKOT72oMD4PQB9XXgbowlvika1K4YoZ4L9%2F3c4u5IX4co2hY5TlNXvx2QWz9exTWv2sEtQM9sC89CPHF2ZI3SgZGxWqKlXQvvx%2FYXdwhQFXGQ%2BXW23hKweoH"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
MaskedPassword.js
www.sitepoint.com/examples/password/MaskedPassword/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js
Requested by
Host: rack-space-a32937.owamser.workers.dev
URL: https://rack-space-a32937.owamser.workers.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.147.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-147-14.syd1.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://rack-space-a32937.owamser.workers.dev/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers
jquery.min.js
ajax.goog//leapis.com/ajax/libs/jquery/1.10.2/ 		0
0
login.js
apps.rackspace.com/a/js/ 		29 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apps.rackspace.com/a/js/login.js?2230
Requested by
Host: rack-space-a32937.owamser.workers.dev
URL: https://rack-space-a32937.owamser.workers.dev/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.20.91.24 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
openresty /
Resource Hash
254954afb10634ad2eead14d873510c39a68c15d3bf54bf958655962cb7e1450
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://rack-space-a32937.owamser.workers.dev/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Content-Type
application/x-javascript
Date
Sat, 23 Dec 2023 10:56:47 GMT
Server
openresty
Connection
keep-alive
Content-Length
29376
X-Frame-Options
SAMEORIGIN
Expires
Sun, 22 Dec 2024 10:56:47 +0000
blank.gif
cp.rackspace.com/clients/webmail/apps_rackspace_com/images/ 		43 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cp.rackspace.com/clients/webmail/apps_rackspace_com/images/blank.gif
Requested by
Host: rack-space-a32937.owamser.workers.dev
URL: https://rack-space-a32937.owamser.workers.dev/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.130.182.72 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
openresty / ASP.NET
Resource Hash
2894fa1d1ebe2f99a165317c3c46ea23a7de28590a1c3965508acaf802e9c9a8

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://rack-space-a32937.owamser.workers.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 23 Dec 2023 10:56:47 GMT
Last-Modified
Mon, 28 Feb 2011 22:29:24 GMT
Server
openresty
ETag
"03a78f396d7cb1:0"
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
no-cache
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
conversion.js
www.googleadservices.com/pagead/ 		50 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: rack-space-a32937.owamser.workers.dev
URL: https://rack-space-a32937.owamser.workers.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.66.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s23-in-f2.1e100.net
Software
cafe /
Resource Hash
16b4cf2b9a4908b20dff3b6c586bc3209fdf4bf53ea4f1fa2827cbffe4ceb070
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://rack-space-a32937.owamser.workers.dev/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Sat, 23 Dec 2023 10:56:46 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18842
x-xss-protection
0
server
cafe
etag
9826982868918577658
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 23 Dec 2023 10:56:46 GMT
blank.gif
cp.rackspace.com/clients/webmail/apps_rackspace_com/images/ 		43 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cp.rackspace.com/clients/webmail/apps_rackspace_com/images/blank.gif
Requested by
Host: rack-space-a32937.owamser.workers.dev
URL: https://rack-space-a32937.owamser.workers.dev/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.130.182.72 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
openresty / ASP.NET
Resource Hash
2894fa1d1ebe2f99a165317c3c46ea23a7de28590a1c3965508acaf802e9c9a8

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://rack-space-a32937.owamser.workers.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 23 Dec 2023 10:56:48 GMT
Last-Modified
Mon, 28 Feb 2011 22:29:24 GMT
Server
openresty
ETag
"03a78f396d7cb1:0"
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
no-cache
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
/
www.googleadservices.com/pagead/conversion/1040066332/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/1040066332/?random=1703329008138&cv=9&fst=1703329008138&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Frack-space-a32937.owamser.workers.dev%2F&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.66.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s23-in-f2.1e100.net
Software
cafe /
Resource Hash
1dbb5260e027f2d2a204248a56ae6cf4c82988e4e978904b02649ab1ffe43ff9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://rack-space-a32937.owamser.workers.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 23 Dec 2023 10:56:48 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1441
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
logo_20141002.png
cp.rackspace.com/clients/webmail/apps_rackspace_com/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cp.rackspace.com/clients/webmail/apps_rackspace_com/images/logo_20141002.png
Requested by
Host: rack-space-a32937.owamser.workers.dev
URL: https://rack-space-a32937.owamser.workers.dev/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.130.182.72 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
openresty / ASP.NET
Resource Hash
f167dfd881b45166119fce39b1fa639e925f80e4e7391e3cbe83f843490b7b19

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://rack-space-a32937.owamser.workers.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 23 Dec 2023 10:56:48 GMT
Last-Modified
Thu, 02 Oct 2014 17:24:37 GMT
Server
openresty
ETag
"4924cebd65decf1:0"
X-Powered-By
ASP.NET
Content-Type
image/png
Cache-Control
no-cache
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2080
plus-anytime_anywhere-190x294.png
cp.rackspace.com/clients/webmail/apps_rackspace_com/images/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cp.rackspace.com/clients/webmail/apps_rackspace_com/images/plus-anytime_anywhere-190x294.png
Requested by
Host: rack-space-a32937.owamser.workers.dev
URL: https://rack-space-a32937.owamser.workers.dev/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.130.182.72 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
openresty / ASP.NET
Resource Hash
db18ad437ed30b29a15bb4a394df2f29cd5073ccab904b6ed5e2cf870530dc62

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://rack-space-a32937.owamser.workers.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 23 Dec 2023 10:56:49 GMT
Last-Modified
Tue, 31 Oct 2017 20:00:35 GMT
Server
openresty
ETag
"af449aea8252d31:0"
X-Powered-By
ASP.NET
Content-Type
image/png
Cache-Control
no-cache
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
9209
/
www.google.com.au/pagead/1p-user-list/1040066332/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040066332/?random=779201120&cv=9&fst=1703329008138&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&resp=GooglemKTyb...
  • https://www.google.com/pagead/1p-user-list/1040066332/?random=779201120&cv=9&fst=1703325600000&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&eid=375603261%2C466465926%2C512247838&...
  • https://www.google.com.au/pagead/1p-user-list/1040066332/?random=779201120&cv=9&fst=1703325600000&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&eid=375603261%2C466465926%2C5122478...
42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com.au/pagead/1p-user-list/1040066332/?random=779201120&cv=9&fst=1703325600000&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&eid=375603261%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Frack-space-a32937.owamser.workers.dev%2F&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ct_cookie_present=false&crd=&is_vtc=1&cid=CAQSGwAvHhf_vawioR2NhCLacSZY0iTy4ZoofabxBw&random=637819687&resp=GooglemKTybQhCsO&ipr=y
Requested by
Host: rack-space-a32937.owamser.workers.dev
URL: https://rack-space-a32937.owamser.workers.dev/
Protocol
H2
Server
142.250.204.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s25-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://rack-space-a32937.owamser.workers.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 23 Dec 2023 10:56:49 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 23 Dec 2023 10:56:49 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.com.au/pagead/1p-user-list/1040066332/?random=779201120&cv=9&fst=1703325600000&num=1&value=0&label=gyhyCL7-6AEQnM747wM&bg=666666&hl=en&guid=ON&eid=375603261%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Frack-space-a32937.owamser.workers.dev%2F&tiba=Rackspace%20Webmail%3A%20Hosted%20Email%20for%20Business&fmt=3&ct_cookie_present=false&crd=&is_vtc=1&cid=CAQSGwAvHhf_vawioR2NhCLacSZY0iTy4ZoofabxBw&random=637819687&resp=GooglemKTybQhCsO&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ajax.goog
URL
https://ajax.goog//leapis.com/ajax/libs/jquery/1.10.2/jquery.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Rackspace (Online)

55 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture boolean| _wm_redirect function| onFormSubmit object| Webmail object| $Login object| $TEAEncrypt object| google_conversion_id object| google_conversion_language object| google_conversion_format object| google_conversion_color object| google_conversion_label object| google_conversion_value object| google_tag_data function| GooglemKTybQhCsO object| google_conversion_date object| google_conversion_time number| google_conversion_snippets number| google_conversion_first_time object| google_conversion_js_version object| google_enable_display_cookie_match object| google_conversion_type object| google_conversion_order_id object| google_conversion_currency object| google_conversion_domain object| google_disable_viewthrough object| google_gtag_event_data object| google_remarketing_only object| google_conversion_linker object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_allow_ad_personalization_signals object| google_restricted_data_processing object| google_conversion_items object| google_conversion_merchant_id object| google_user_id object| google_custom_params object| onload_callback object| opt_image_generator object| google_gtm_url_processor object| google_conversion_page_url object| google_conversion_referrer_url object| google_gcl_cookie_prefix object| google_gcl_cookie_path object| google_gcl_cookie_flags object| google_gcl_cookie_domain object| google_gcl_cookie_max_age_seconds object| google_read_gcl_cookie_opt_out object| google_basket_feed_country object| google_basket_feed_language object| google_basket_discount object| google_basket_transaction_type object| google_additional_conversion_params object| google_additional_params object| google_transport_url object| google_gtm_experiments

1 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission

7 Console Messages

Source Level URL
Text
javascript warning URL: https://rack-space-a32937.owamser.workers.dev/(Line 5)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://rack-space-a32937.owamser.workers.dev/(Line 5)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://rack-space-a32937.owamser.workers.dev/(Line 5)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.goog//leapis.com/ajax/libs/jquery/1.10.2/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://rack-space-a32937.owamser.workers.dev/(Line 5)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://apps.rackspace.com/a/js/login.js?2230, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://rack-space-a32937.owamser.workers.dev/(Line 5)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://ajax.goog//leapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js
Message:
Failed to load resource: the server responded with a status of 503 ()