Report - ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=

Report Overview

Submitted URL
ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=
IP
216.58.207.230
ASN
#15169 GOOGLE
Submitted
2024-04-24 13:28:51
Access
public
Website Title
Rackspace Webmail: Hosted Email for Business
Final URL
cloudflare-ipfs.com/ipfs/QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop/Rackspace+AdminPanel.html#jdubena@forestcitytech.com
Tags
phishing
urlquery detections
Phishing - Generic phishing

Detections

urlquery
2
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ad.doubleclick.net	186	1996-01-16	2012-05-24	2024-04-22	915 B	1.3 kB	216.58.207.230
static.emailsrvr.com	114055	2003-01-14	2018-03-02	2024-04-17	989 B	41 kB	152.199.21.175
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-04-24	434 B	31 kB	142.250.74.10
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-24	446 B	6.7 kB	142.250.74.74
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-23	1.0 kB	33 kB	216.58.207.227
i.ibb.co	13485	2010-07-20	2018-11-25	2024-04-24	424 B	1.2 kB	162.19.58.156
cloudflare-ipfs.com	75147	2018-05-30	2021-01-20	2024-03-15	553 B	34 kB	104.17.64.14
stackpath.bootstrapcdn.com	2467	2012-05-25	2018-06-15	2024-04-24	442 B	52 kB	104.18.11.207

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-14	medium	cloudflare-ipfs.com/ipfs/QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop/Rackspace+AdminPanel.html	Rackspace

PhishTank

Scan Date	Severity	Indicator	Alert
2024-03-31	medium	cloudflare-ipfs.com/ipfs/QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop/Rackspace+AdminPanel.html	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js	86 kB	2023-03-07	2024-05-06
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js IP 142.250.74.10 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-06 00:15:44 Times Seen388557 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	51 kB	2023-03-07	2024-05-06
Pretty URL stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js IP 104.18.11.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-05-06 00:15:44 Times Seen246707 Hash 67176c242e1bdc20603c878dee836df3 27a71b00383d61ef3c489326b3564d698fc1227c 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Loading...

	cloudflare-ipfs.com/ipfs/QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop/Rackspace+AdminPanel.html#jdubena@forestcitytech.com	3.5 kB	2024-03-30	2024-04-24
Pretty URL cloudflare-ipfs.com/ipfs/QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop/Rackspace+AdminPanel.html#jdubena@forestcitytech.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 06:36:37 Last Seen2024-04-24 16:15:04 Times Seen17 Hash 6128360b95b92f81686ccf09820ec8d2 415d99e554b0d58c7e16ed4a162f0c775419ad28 aea1b0d47d6049476afdf46aae57ced6b536b2c9d278aa7499a64c3c2456995a Loading...

HTTP Transactions (10)

URL IP Response Size

ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=

216.58.207.230

0 B

URL
ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=
IP
216.58.207.230:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /clk;265186560;90846275;t;pc=[TPAS_ID]?//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20= HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: //galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=//galaxyboote.ch/dorkeyslopewdf/bhwgydklrpifffqe/hugysdghsduyjsd/amR1YmVuYUBmb3Jlc3RjaXR5dGVjaC5jb20=
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 24 Apr 2024 13:28:26 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: IDE=AHWqTUn6DyeFMzKWNrGDIj1w3_IGT0pFvVjgYYazi0XLtIA-6ansuVsGhJQCZV0QIKI; expires=Fri, 24-Apr-2026 13:28:26 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
FLC=COeSAhDD6KgrGIDauX4omdVHMPqRpLEGcADauAQcMho6GAoWKDCYF739wTqCGAILDJobBgj6kaSxBg; expires=Wed, 24-Apr-2024 13:28:36 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.emailsrvr.com/beta_apps_rackspace_com/images/Rackspace_Technology_Logo_RGB_WHT.png

152.199.21.175

200 OK

8.2 kB

URL GET HTTP/2
static.emailsrvr.com/beta_apps_rackspace_com/images/Rackspace_Technology_Logo_RGB_WHT.png
IP
152.199.21.175:443
ASN
#15133 EDGECAST

Requested by
https://cloudflare-ipfs.com/ipfs/QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop/Rackspace+AdminPanel.html#jdubena@forestcitytech.com
Certificate
IssuerDigiCert Inc
Subjectsni9278gl.wpc.edgecastcdn.net
Fingerprint09:B9:46:2E:35:CB:D9:7B:2E:BF:E7:A6:5E:9F:05:94:00:02:CD:5F
ValidityWed, 27 Mar 2024 00:00:00 GMT - Sun, 27 Apr 2025 23:59:59 GMT

File type
PNG image data, 800 x 247, 8-bit colormap, non-interlaced
Size
8.2 kB (8173 bytes)
Hash
28263b070e6cc2fc679f2b4dac7d1d69
82b6ea53695926e0d9fe8e10aacd02a228df53e3
97669a98a4d13725fbefcfd567ea8adf12fc3c06eef40e71d824bb47267ccb18

HTTP Headers

GET /beta_apps_rackspace_com/images/Rackspace_Technology_Logo_RGB_WHT.png HTTP/1.1
Host: static.emailsrvr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
age: 209054
cache-control: max-age=300
content-type: image/png
date: Wed, 24 Apr 2024 13:28:27 GMT
etag: "ffe73fd4e59d61:0"
expires: Wed, 24 Apr 2024 13:33:27 GMT
last-modified: Mon, 13 Jul 2020 19:51:24 GMT
server: ECAcc (ska/F760)
x-cache: HIT
x-powered-by: ASP.NET
content-length: 8173
X-Firefox-Spdy: h2

static.emailsrvr.com/apps_rackspace_com/images/Suspicious-Email-Banner.jpg

152.199.21.175

200 OK

32 kB

URL GET HTTP/2
static.emailsrvr.com/apps_rackspace_com/images/Suspicious-Email-Banner.jpg
IP
152.199.21.175:443
ASN
#15133 EDGECAST

Requested by
https://cloudflare-ipfs.com/ipfs/QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop/Rackspace+AdminPanel.html#jdubena@forestcitytech.com
Certificate
IssuerDigiCert Inc
Subjectsni9278gl.wpc.edgecastcdn.net
Fingerprint09:B9:46:2E:35:CB:D9:7B:2E:BF:E7:A6:5E:9F:05:94:00:02:CD:5F
ValidityWed, 27 Mar 2024 00:00:00 GMT - Sun, 27 Apr 2025 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 190x294, components 3
Size
32 kB (31715 bytes)
Hash
9a457ecb967c34f7b32732c0b2b2209f
b51b39359e84580e17153f4a9826788d9ab3d252
ee608b4a41a47f8df45dd1d505afb39cb7293e7a33c094b756764a85d67fca47

HTTP Headers

GET /apps_rackspace_com/images/Suspicious-Email-Banner.jpg HTTP/1.1
Host: static.emailsrvr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
age: 208562
cache-control: max-age=300
content-type: image/jpeg
date: Wed, 24 Apr 2024 13:28:27 GMT
etag: "5b1d4cae5757d41:0"
expires: Wed, 24 Apr 2024 13:33:27 GMT
last-modified: Fri, 28 Sep 2018 18:18:39 GMT
server: ECAcc (ska/F749)
x-cache: HIT
x-powered-by: ASP.NET
content-length: 31715
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

142.250.74.10

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://cloudflare-ipfs.com/ipfs/QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop/Rackspace+AdminPanel.html#jdubena@forestcitytech.com
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
JavaScript source, ASCII text, with very long lines (32065)
Size
30 kB (30028 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 20 Apr 2024 13:58:14 GMT
expires: Sun, 20 Apr 2025 13:58:14 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 343813
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:100,400,500,700

142.250.74.74

200 OK

6.1 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:100,400,500,700
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://cloudflare-ipfs.com/ipfs/QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop/Rackspace+AdminPanel.html#jdubena@forestcitytech.com
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
gzip compressed data, max compression
Size
6.1 kB (6119 bytes)
Hash
342501221f71fc5de6c545b0ca89710a
b3e8384b994a4efb25ef937e54ed6de50982f0df
05bb06b132e9766190c7f446d1d381d03188b7a7a30151d705f3e0ebc5c9a3cd

HTTP Headers

GET /css?family=Roboto:100,400,500,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 24 Apr 2024 13:28:27 GMT
date: Wed, 24 Apr 2024 13:28:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxIIzI.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxIIzI.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://cloudflare-ipfs.com/ipfs/QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop/Rackspace+AdminPanel.html#jdubena@forestcitytech.com
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15764, version 1.0
Size
16 kB (15764 bytes)
Hash
603b8950590bf833546eee7cbc79944a
ebbde06eb829868c5f689afe2d48377608be1e7b
0f303f31706d39866cced9dcc17b61fb8423674278d7f6051d66b3a79ffbca18

HTTP Headers

GET /s/roboto/v30/KFOkCnqEu92Fr1MmgVxIIzI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cloudflare-ipfs.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15764
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 08:37:16 GMT
expires: Wed, 23 Apr 2025 08:37:16 GMT
cache-control: public, max-age=31536000
age: 103871
last-modified: Wed, 11 May 2022 19:24:35 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://cloudflare-ipfs.com/ipfs/QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop/Rackspace+AdminPanel.html#jdubena@forestcitytech.com
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cloudflare-ipfs.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 16:27:38 GMT
expires: Wed, 23 Apr 2025 16:27:38 GMT
cache-control: public, max-age=31536000
age: 75649
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

i.ibb.co/KDsD7F9/icon.png

162.19.58.156

404 Not Found

1.0 kB

URL GET HTTP/2
i.ibb.co/KDsD7F9/icon.png
IP
162.19.58.156:443
ASN
#16276 OVH SAS

Requested by
https://cloudflare-ipfs.com/ipfs/QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop/Rackspace+AdminPanel.html#jdubena@forestcitytech.com
Certificate
IssuerLet's Encrypt
Subjectibb.co
Fingerprint0C:8B:6F:2F:B8:9F:91:1E:3A:DD:B1:1B:45:47:B4:65:FD:56:73:3D
ValidityMon, 22 Apr 2024 06:29:44 GMT - Sun, 21 Jul 2024 06:29:43 GMT

File type
PNG image data, 180 x 180, 4-bit colormap, non-interlaced
Size
1.0 kB (1031 bytes)
Hash
7325e2012a6cf941a6ea14f0061ff764
0d2ba63e280b979a98bc431bec8a7af985578769
63e3696c5e5e8b037e28e8fbef871184b0d1d60a7314c965b1426d9cce84dd69

HTTP Headers

GET /KDsD7F9/icon.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Wed, 24 Apr 2024 13:28:27 GMT
content-type: image/png
content-length: 1031
X-Firefox-Spdy: h2

cloudflare-ipfs.com/ipfs/QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop/Rackspace+AdminPanel.html

104.17.64.14

200 OK

33 kB

URL User Request GET HTTP/2
cloudflare-ipfs.com/ipfs/QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop/Rackspace+AdminPanel.html
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectcloudflare-ipfs.com
FingerprintAF:BC:14:E3:55:D9:D8:F0:3C:8E:26:A0:4E:4A:C8:E6:13:58:A0:59
ValidityWed, 24 Apr 2024 02:22:22 GMT - Tue, 23 Jul 2024 02:22:21 GMT

File type
ASCII text, with very long lines (3218), with CRLF line terminators
Size
33 kB (33165 bytes)
Hash
e4c05ab0ca6f58268e20e1accfacb0a2
bbb939c8287d4771549b276495cd52ded30e7d9b
8d5c03e447ef200d524c5daba9f1c820b8cdf1f72967aebe9e3856ed7509e520

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Rackspace
PhishTank	phishing	Other

HTTP Headers

GET /ipfs/QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop/Rackspace+AdminPanel.html HTTP/1.1
Host: cloudflare-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 13:28:26 GMT
content-type: text/html
cf-ray: 87966fbfb9300b4d-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 944
cache-control: public, max-age=29030400, immutable
etag: W/"QmVqw4scLYr2SxDATnCY6Ti8bPogTmUbN1LqtLDHQMYff6"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: hit
x-ipfs-path: /ipfs/QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop/Rackspace+AdminPanel.html
x-ipfs-roots: QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop,QmVqw4scLYr2SxDATnCY6Ti8bPogTmUbN1LqtLDHQMYff6
set-cookie: __cf_bm=oCdjLLScW1his2T54RiXSyMm0c2RmJyc4sGt6_w8pRQ-1713965306-1.0.1.1-G.2HyjeCulW8828nX6KffJ1Opev.G8JauaZLniuUo4rSEPHoKN2s0Yip4zwKIdsEtRhBd001dAzkQzOlGo0CZw; path=/; expires=Wed, 24-Apr-24 13:58:26 GMT; domain=.cloudflare-ipfs.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

104.18.11.207

200 OK

51 kB

URL GET HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/QmSyCXuBWeeYqjJQSpn16tXFAYCLLtczatf52cZtioCJop/Rackspace+AdminPanel.html#jdubena@forestcitytech.com
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63
ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT

File type
JavaScript source, ASCII text, with very long lines (50758)
Size
51 kB (51039 bytes)
Hash
67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

HTTP Headers

GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 13:28:27 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 11/15/2021 23:30:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: a35b0179a28ed953258d0fb41376a09c
cdn-cache: HIT
cf-cache-status: HIT
age: 1879908
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87966fc13e2c56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (10)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size