Report - yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html

Report Overview

Visited public
2025-04-29 12:07:43
Tags
suspicious
URL
yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html
Finishing URL
yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html
IP / ASN
185.199.110.153
#54113 FASTLY
Title
Rackspace Webmail: Hosted Email for Business
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
yomi-daniels.github.io	unknown	2013-03-08	2025-04-29	2025-04-29	2.2 kB	66 kB	185.199.110.153
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-04-23	1.1 kB	82 kB	142.250.74.35
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-04-23	451 B	22 kB	142.250.74.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-04-29	medium	yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html	Detects file containing Telegram Bot API

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Telegram Bot detected

URL
yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html
IP / ASN
185.199.110.153
#54113 FASTLY

Token
7899328025:AAGhxVuPGCyxmTtrRzfglHPDM6Rrpx-XGy0

Bot Overview
User ID 7899328025
Username Gmailtele_bot
First Name yalam
Last Name
Chat Information
Chat ID 7493120433
Chat Type private
Title
User Count 2
Admins 0
Pending Messages 0

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html	ScriptElement	1.2 kB	2025-04-29	2025-04-29
Pretty URL yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html IP 185.199.110.153 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-29 12:07 Last Seen2025-04-29 12:07 Times Seen1 Hash be38fc54d176820b13f697868240ea6f 4cf39aad3efa5b5ed9b2f9497e07139d857416f9 9c9d3ba99d7c5ee1d89876033dd197cc081fd36dbd788b6cfe8932d9163a8cf7 Loading...

HTTP Transactions (7)

URL IP Response Size

yomi-daniels.github.io/favicon.ico

185.199.110.153

404 Not Found

9.1 kB

URL GET
yomi-daniels.github.io/favicon.ico
IP
185.199.110.153:443
ASN
#54113 FASTLY

Requested by
https://yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html
Certificate
IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (3909)
Size
9.1 kB (9115 bytes)
Hash
1eb970ce5a18bec7165f016df8238566
9efd1514af80fe14db4ed28e9bc53975b9ee089c
70d613e3acfba24fd2876fcbacaf639e1e111ef4d54baf70761c47673f37d6a3

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: yomi-daniels.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: GitHub.com
content-type: text/html; charset=utf-8
permissions-policy: interest-cohort=()
etag: W/"680fdf61-239b"
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
content-encoding: gzip
x-github-request-id: BADF:5B075:179638B:17D2F52:6810C0F2
accept-ranges: bytes
age: 0
date: Tue, 29 Apr 2025 12:07:14 GMT
via: 1.1 varnish
x-served-by: cache-hel1410032-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1745928434.264805,VS0,VE134
vary: Accept-Encoding
x-fastly-request-id: 502adefb4e38eb17f1285ba1eb1bfe3562a54f7e
content-length: 5142
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.74.35

200 OK

40 kB

URL GET
fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:27:9C:C9:95:FF:8F:83:34:D0:B1:42:CB:B7:63:C0:8E:6F:3E:F1
ValidityMon, 31 Mar 2025 08:55:41 GMT - Mon, 23 Jun 2025 08:55:40 GMT

File type
Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Size
40 kB (40128 bytes)
Hash
9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://yomi-daniels.github.io
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Apr 2025 10:03:46 GMT
expires: Fri, 24 Apr 2026 10:03:46 GMT
cache-control: public, max-age=31536000
age: 439408
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.74.35

200 OK

40 kB

URL GET
fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:27:9C:C9:95:FF:8F:83:34:D0:B1:42:CB:B7:63:C0:8E:6F:3E:F1
ValidityMon, 31 Mar 2025 08:55:41 GMT - Mon, 23 Jun 2025 08:55:40 GMT

File type
Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Size
40 kB (40128 bytes)
Hash
9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://yomi-daniels.github.io
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Apr 2025 10:03:46 GMT
expires: Fri, 24 Apr 2026 10:03:46 GMT
cache-control: public, max-age=31536000
age: 439408
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html

185.199.110.153

200 OK

14 kB

URL User Request GET
yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html
IP
185.199.110.153:443
ASN
#54113 FASTLY

Certificate
IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (503)
Size
14 kB (13869 bytes)
Hash
b4795df2edd590a2b8813e3bd566c5b4
09cfe3836a0a7e8e8ab5f9282cb890c8dccf6e66
d7582ce6d4f18f9f03317a177bb81edc54e1f26cf2ca3f70ca17e4d4aa7bd749

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
YARAhub by abuse.ch	malware	Detects file containing Telegram Bot API

HTTP Headers

GET /Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html HTTP/1.1
Host: yomi-daniels.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: GitHub.com
content-type: text/html; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Mon, 28 Apr 2025 21:42:06 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"680ff62e-362d"
expires: Tue, 29 Apr 2025 12:17:13 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: B5F5:1A87DE:1889478:18C631C:6810C0F1
accept-ranges: bytes
age: 0
date: Tue, 29 Apr 2025 12:07:13 GMT
via: 1.1 varnish
x-served-by: cache-hel1410032-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1745928434.729667,VS0,VE163
vary: Accept-Encoding
x-fastly-request-id: 4529a9e31c7369daf7e94f1eeb29b829fab60608
content-length: 3443
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:100,400,500,700

142.250.74.10

200 OK

22 kB

URL GET
fonts.googleapis.com/css?family=Roboto:100,400,500,700
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint7E:14:87:08:DF:BA:04:65:17:BA:3B:4F:BA:EA:BC:8C:3F:0A:A4:00
ValidityMon, 31 Mar 2025 08:55:43 GMT - Mon, 23 Jun 2025 08:55:42 GMT

File type
ASCII text, with very long lines (1572)
Size
22 kB (21548 bytes)
Hash
1259ec64be82b4ac34a247a8fe3cc72c
6a6f9d788f60baecca04bd8e905cedc0a209197b
e7d3456a36699ee3cf0e0d319530aee132fc6c19c37c65c0b4b986152f7c9547

HTTP Headers

GET /css?family=Roboto:100,400,500,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yomi-daniels.github.io/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 29 Apr 2025 12:07:14 GMT
date: Tue, 29 Apr 2025 12:07:14 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

yomi-daniels.github.io/Racker/static.emailsrvr.com/beta_apps_rackspace_com/images/Rackspace_Technology_Logo_RGB_WHT.png

185.199.110.153

200 OK

8.2 kB

URL GET
yomi-daniels.github.io/Racker/static.emailsrvr.com/beta_apps_rackspace_com/images/Rackspace_Technology_Logo_RGB_WHT.png
IP
185.199.110.153:443
ASN
#54113 FASTLY

Requested by
https://yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html
Certificate
IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT

File type
PNG image data, 800 x 247, 8-bit colormap, non-interlaced
Size
8.2 kB (8173 bytes)
Hash
28263b070e6cc2fc679f2b4dac7d1d69
82b6ea53695926e0d9fe8e10aacd02a228df53e3
97669a98a4d13725fbefcfd567ea8adf12fc3c06eef40e71d824bb47267ccb18

HTTP Headers

GET /Racker/static.emailsrvr.com/beta_apps_rackspace_com/images/Rackspace_Technology_Logo_RGB_WHT.png HTTP/1.1
Host: yomi-daniels.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: GitHub.com
content-type: image/png
permissions-policy: interest-cohort=()
last-modified: Mon, 28 Apr 2025 21:42:06 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: "680ff62e-1fed"
expires: Tue, 29 Apr 2025 12:17:14 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: BADF:5B075:1796358:17D2F07:6810C0F1
accept-ranges: bytes
age: 0
date: Tue, 29 Apr 2025 12:07:14 GMT
via: 1.1 varnish
x-served-by: cache-hel1410032-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1745928434.088815,VS0,VE152
vary: Accept-Encoding
x-fastly-request-id: fcf525e0fd84586fc515fcac606ade3c95844993
content-length: 8173
X-Firefox-Spdy: h2

yomi-daniels.github.io/Racker/static.emailsrvr.com/apps_rackspace_com/images/Suspicious-Email-Banner.jpg

185.199.110.153

200 OK

32 kB

URL GET
yomi-daniels.github.io/Racker/static.emailsrvr.com/apps_rackspace_com/images/Suspicious-Email-Banner.jpg
IP
185.199.110.153:443
ASN
#54113 FASTLY

Requested by
https://yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html
Certificate
IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 190x294, components 3
Size
32 kB (31715 bytes)
Hash
9a457ecb967c34f7b32732c0b2b2209f
b51b39359e84580e17153f4a9826788d9ab3d252
ee608b4a41a47f8df45dd1d505afb39cb7293e7a33c094b756764a85d67fca47

HTTP Headers

GET /Racker/static.emailsrvr.com/apps_rackspace_com/images/Suspicious-Email-Banner.jpg HTTP/1.1
Host: yomi-daniels.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yomi-daniels.github.io/Racker/apps.rackspace.com/wmidentity/Account/Login5b8a.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: GitHub.com
content-type: image/jpeg
permissions-policy: interest-cohort=()
last-modified: Mon, 28 Apr 2025 21:42:06 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: "680ff62e-7be3"
expires: Tue, 29 Apr 2025 12:17:14 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 1421:23D3AB:180C2CB:1849129:6810C0F1
accept-ranges: bytes
age: 0
date: Tue, 29 Apr 2025 12:07:14 GMT
via: 1.1 varnish
x-served-by: cache-hel1410032-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1745928434.090200,VS0,VE151
vary: Accept-Encoding
x-fastly-request-id: 6bb176c08dc475a6f9c80354edeb4d43b03a1d66
content-length: 31715
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Telegram Bot detected

Token

Bot Overview

Chat Information

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP