116.212.66.214
Open in
urlscan Pro
116.212.66.214
Malicious Activity!
Public Scan
Submission: On October 27 via automatic, source openphish
Summary
This is the only time 116.212.66.214 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: GMX (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 116.212.66.214 116.212.66.214 | 17889 (INTRACEPT...) (INTRACEPTIVES-AU-AS-AP Intraceptives Pty Ltd) | |
8 | 23.210.249.45 23.210.249.45 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 195.20.250.111 195.20.250.111 | 8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48) | |
1 | 82.165.229.54 82.165.229.54 | 8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48) | |
1 | 195.20.250.183 195.20.250.183 | 8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48) | |
17 | 5 |
ASN17889 (INTRACEPTIVES-AU-AS-AP Intraceptives Pty Ltd, AU)
PTR: 116-212-66-214.i3.net.au
116.212.66.214 |
ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-45.deploy.static.akamaitechnologies.com
js.ui-portal.de | |
img.ui-portal.de |
ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)
PTR: uim-bs.tifbs.net
uim.tifbs.net |
ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)
PTR: t-bs.uimserv.net
t.uimserv.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
ui-portal.de
js.ui-portal.de img.ui-portal.de wa.ui-portal.de |
151 KB |
1 |
uimserv.net
t.uimserv.net |
611 B |
1 |
tifbs.net
uim.tifbs.net |
10 KB |
17 | 3 |
Domain | Requested by | |
---|---|---|
5 | img.ui-portal.de |
js.ui-portal.de
116.212.66.214 |
3 | js.ui-portal.de |
116.212.66.214
|
1 | t.uimserv.net |
116.212.66.214
|
1 | wa.ui-portal.de |
116.212.66.214
|
1 | uim.tifbs.net |
116.212.66.214
|
17 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.gmx.net |
registrierung.gmx.net |
passwort.gmx.net |
service.gmx.net |
newsroom.gmx.net |
agb-server.gmx.net |
www.turnkeylinux.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
img.ui-portal.de GeoTrust RSA CA 2018 |
2020-09-05 - 2021-10-05 |
a year | crt.sh |
*.tifbs.net GeoTrust RSA CA 2018 |
2019-11-26 - 2021-11-25 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://116.212.66.214/gmx/
Frame ID: F0A2C8BF35DA9656AA7E1EBE5DAEFF56
Requests: 17 HTTP requests in this frame
16 Outgoing links
These are links going to different origins than the main page.
Title: GMX
Search URL Search Domain Scan URL
Title: Produkte
Search URL Search Domain Scan URL
Title: Jetzt kostenlos registrieren!
Search URL Search Domain Scan URL
Title: Passwort vergessen?
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Service
Search URL Search Domain Scan URL
Title: Über GMX
Search URL Search Domain Scan URL
Title: Impressum
Search URL Search Domain Scan URL
Title: AGB
Search URL Search Domain Scan URL
Title: Datenschutzhinweise
Search URL Search Domain Scan URL
Title: Joomla25 Appliance
Search URL Search Domain Scan URL
Title: TurnKey Linux
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
116.212.66.214/gmx/ |
9 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
base.css
js.ui-portal.de/ci/gmx/global/20180208/ |
145 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adaptive.css
js.ui-portal.de/ci/gmx/global/20180208/ |
45 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
base-adaptive.js
js.ui-portal.de/ci/gmx/global/20180208/ |
203 KB 63 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
internet_made_in_germany.png
116.212.66.214/gmx/a/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
EmiG.png
116.212.66.214/gmx/a/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cloud_made_in_germany.png
116.212.66.214/gmx/a/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
unicef.png
116.212.66.214/gmx/a/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
de-mail.png
116.212.66.214/gmx/a/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1346.js
uim.tifbs.net/js/ |
31 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logoCI2018_de.png
img.ui-portal.de/ci/gmx/global/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header_home_icon_24_hellgrau.svg
img.ui-portal.de/ci/gmx/global/nav/ |
1018 B 808 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
breadcrumb.gif
img.ui-portal.de/ci/gmx/global/icon/ |
49 B 409 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
l-hero_desktop_1000x496.jpg
img.ui-portal.de/cms/gmx/produkte/grusskarten/ |
27 KB 28 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RobotoCondensed-Regular-webfont.woff
img.ui-portal.de/ci/gmx/global/fonts/roboto/ |
25 KB 25 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s
wa.ui-portal.de/gmx/gmx/ |
43 B 530 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
t.uimserv.net/traffic_p/ |
42 B 611 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: GMX (Online)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| addOnWidthChangeListener function| pageBegin function| pageEnd function| initButtons function| deleteSavedData function| FormValidation function| hashparam function| $ function| jQuery function| layerApv object| jQuery1112019467636144910916 object| bodyElement object| NSfTIF string| szmvars object| iom object| formValidationConfig0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
img.ui-portal.de
js.ui-portal.de
t.uimserv.net
uim.tifbs.net
wa.ui-portal.de
116.212.66.214
195.20.250.111
195.20.250.183
23.210.249.45
82.165.229.54
04582818bc3da38bd59573f71f3c9d1dfed34cecddebdbe8be701886c56bf012
0b546c8297848467d2a26d1f48a00fa3691f2b65edebc4e220b312718e07b46f
19ff286b0fc42c787e805701d2a39a3be91361e9b53e804ba458724464d35652
1b9fec2191fc270b09bd76974d73e73ed5a2ad12717e0dc9c7099f8089c4c431
5db6c1e738317112c38990d5f2586dc1c547bc140798e65b898457bbb6422904
634e8eccad8d3201faf04e702d575aa23057f5f6ce499f25b1dca77f336ae1ef
658e4babe74d0405ded18905cc8b873c0de94b03393707631001d7d5db4b3a2f
7ec51beb961db2999fe41a96a3212edc51d9aeeec5c9d374e39c7313d183d8a6
987951c68e0c376b1b3751afb182729c272b2f77b8beb8be436cd0b4d61c82d9
9c84d35ec71a99f16ce60bfa2977e5ce025e31143fad8736bca43ceb651cffc5
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
bd77bf22bb45184e0bc86eac9100d0e1dbaa8cf7c4e0c4fa94819408249bf80a
c7cf6e45fc63c15df0adc9ac96cd0d503a3ac6d1ce9d89192855e3b623dec2ba
e6782181125e9be5ed53e2d937890999a1d39c50d34127af5bb1b7adf30fa313
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f47999ceb30f952debf5e9aa5f6a86f881da6cb7c4fafca57fce00d18c1f511d
f6d18f1a0126027cf6dbcde0b163fc06d8eeeff86569fb1e08a29037acfb0576