urlscan.io logo urlscan.io
SecurityTrails logo

bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com Open in urlscan Pro
2606:4700::6812:1909  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com/homefront.html/
Submission: On July 10 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 8 HTTP transactions. The main IP is 2606:4700::6812:1909, located in United States and belongs to CLOUDFLARENET, US. The main domain is bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 3rd 2023. Valid for: a year.
This is the only time bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Rackspace (Online)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:2800:233... 15133 (EDGECAST)
2 2a00:1450:400... 15169 (GOOGLE)
8 5
Domain Requested by
2 fonts.gstatic.com fonts.googleapis.com
2 static.emailsrvr.com bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com
1 fonts.googleapis.com bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com
1 bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com
0 stackpath.bootstrapcdn.com Failed bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com
0 ajax.googleapis.com Failed bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com
8 6

This site contains no links.

Subject Issuer Validity Valid
thirdwebstorage.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-01		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-06-19 -
2023-09-11		 3 months crt.sh
sni9278gl.wpc.edgecastcdn.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-04-27 -
2024-05-27		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-06-19 -
2023-09-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com/homefront.html/
Frame ID: FACA76969CCCB53A4E8350249F7A9265
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Rackspace Webmail: Hosted Email for Business

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

8
Requests

75 %
HTTPS

100 %
IPv6

5
Domains

6
Subdomains

5
IPs

2
Countries

80 kB
Transfer

110 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com/homefront.html/ 		32 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com/homefront.html/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1909 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
435e39aaddcea39e4de24b36e403a4571b18dd4222c9c1ccc9af90b181a2e790
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src * data: blob:; media-src * data: blob:; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; frame-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; connect-src * data: blob:; worker-src 'self' blob:; block-all-mixed-content;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-allow-methods
GET, OPTIONS, HEAD
access-control-allow-origin
*
access-control-expose-headers
Content-Range, X-Chunked-Output, X-Stream-Output
age
36549
cache-control
public, max-age=29030400
cf-cache-status
HIT
cf-ray
7e495666f8b79189-FRA
content-encoding
gzip
content-security-policy
default-src 'self'; img-src * data: blob:; media-src * data: blob:; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; frame-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; connect-src * data: blob:; worker-src 'self' blob:; block-all-mixed-content;
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Mon, 10 Jul 2023 14:01:14 GMT
expires
Mon, 10 Jun 2024 14:01:14 GMT
last-modified
Mon, 10 Jul 2023 03:52:05 GMT
referrer-policy
origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
timing-allow-origin
*
vary
Origin, Accept-Encoding
x-bfid
301762c871a069eaee797a599bebb4c9
x-dns-prefetch-control
on
x-frame-options
SAMEORIGIN
x-ipfs-datasize
33168
x-ipfs-gateway-host
ipfs-bank7-fr2
x-ipfs-lb-pop
gateway-bank2-fr2
x-ipfs-path
/ipfs/bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi/homefront.html/
x-ipfs-pop
ipfs-bank7-fr2
x-ipfs-roots
bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi,QmfRDNQ5gwAhDTmDufUUmEyRYqRqtJNt2uBMjPLx7vCyCM
x-proxy-cache
MISS
x-xss-protection
1; mode=block
css
fonts.googleapis.com/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:100,400,500,700
Requested by
Host: bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com
URL: https://bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com/homefront.html/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0771512c57f3416f6cc6a7b15d2104ef02565621b7707e15ecbbcb1f95a13275
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 10 Jul 2023 14:01:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 10 Jul 2023 14:01:14 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 10 Jul 2023 14:01:14 GMT
Rackspace_Technology_Logo_RGB_WHT.png
static.emailsrvr.com/beta_apps_rackspace_com/images/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.emailsrvr.com/beta_apps_rackspace_com/images/Rackspace_Technology_Logo_RGB_WHT.png
Requested by
Host: bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com
URL: https://bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com/homefront.html/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CA4) / ASP.NET
Resource Hash
97669a98a4d13725fbefcfd567ea8adf12fc3c06eef40e71d824bb47267ccb18

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 10 Jul 2023 14:01:14 GMT
last-modified
Mon, 13 Jul 2020 19:51:24 GMT
server
ECAcc (frc/4CA4)
age
374105
etag
"ffe73fd4e59d61:0"
x-powered-by
ASP.NET
x-cache
HIT
content-type
image/png
cache-control
max-age=300
accept-ranges
bytes
content-length
8173
expires
Mon, 10 Jul 2023 14:06:14 GMT
Suspicious-Email-Banner.jpg
static.emailsrvr.com/apps_rackspace_com/images/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.emailsrvr.com/apps_rackspace_com/images/Suspicious-Email-Banner.jpg
Requested by
Host: bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com
URL: https://bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com/homefront.html/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CE1) / ASP.NET
Resource Hash
ee608b4a41a47f8df45dd1d505afb39cb7293e7a33c094b756764a85d67fca47

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 10 Jul 2023 14:01:14 GMT
last-modified
Fri, 28 Sep 2018 18:18:39 GMT
server
ECAcc (frc/4CE1)
age
375142
etag
"5b1d4cae5757d41:0"
x-powered-by
ASP.NET
x-cache
HIT
content-type
image/jpeg
cache-control
max-age=300
accept-ranges
bytes
content-length
31715
expires
Mon, 10 Jul 2023 14:06:14 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 		0
0
KFOkCnqEu92Fr1MmgVxIIzI.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxIIzI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,400,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0f303f31706d39866cced9dcc17b61fb8423674278d7f6051d66b3a79ffbca18
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 08 Jul 2023 19:41:55 GMT
x-content-type-options
nosniff
age
152359
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15764
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:35 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 07 Jul 2024 19:41:55 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,400,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 08 Jul 2023 03:30:27 GMT
x-content-type-options
nosniff
age
210647
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 07 Jul 2024 03:30:27 GMT
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ajax.googleapis.com
URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Domain
stackpath.bootstrapcdn.com
URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Rackspace (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

0 Cookies

2 Console Messages

Source Level URL
Text
security error URL: https://bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com/homefront.html/
Message:
Refused to load the script 'https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://bafybeif66f3rjo7qq6w3ccrgvn5cbmyze7korokglhyydwq443smbabfqi.ipfs.thirdwebstorage.com/homefront.html/
Message:
Refused to load the script 'https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; img-src * data: blob:; media-src * data: blob:; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; frame-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; connect-src * data: blob:; worker-src 'self' blob:; block-all-mixed-content;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block