one-app-1und1.neocities.org
Open in
urlscan Pro
2620:2:6000::a:1
Malicious Activity!
Public Scan
Submission: On July 10 via api from IL
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 1st 2019. Valid for: 2 years.
This is the only time one-app-1und1.neocities.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 1&1 Ionos (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 2620:2:6000::a:1 2620:2:6000::a:1 | 395409 (NEOCITIES) (NEOCITIES - Neocities) | |
3 | 217.160.86.157 217.160.86.157 | 8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48) | |
2 | 213.165.66.58 213.165.66.58 | 8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48) | |
1 | 195.20.250.237 195.20.250.237 | 8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48) | |
1 | 217.160.86.75 217.160.86.75 | 8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48) | |
29 | 6 |
ASN395409 (NEOCITIES - Neocities, US)
one-app-1und1.neocities.org |
ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)
PTR: ias.static-1and1.com
ias.static-1and1.com |
ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)
PTR: ce1.uicdn.net
ce1.uicdn.net |
ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)
PTR: x.uimserv.net
uir.uimserv.net |
ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)
PTR: pixel.1und1.de
pixel.1und1.de |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
neocities.org
one-app-1und1.neocities.org |
193 KB |
3 |
static-1and1.com
ias.static-1and1.com |
20 KB |
2 |
uicdn.net
cors.uicdn.net Failed ce1.uicdn.net |
110 KB |
1 |
1und1.de
ias.1und1.de Failed pixel.1und1.de |
503 B |
1 |
uimserv.net
uir.uimserv.net |
622 B |
0 |
Failed
function sub() { [native code] }. Failed |
|
29 | 6 |
Domain | Requested by | |
---|---|---|
11 | one-app-1und1.neocities.org |
one-app-1und1.neocities.org
|
3 | ias.static-1and1.com |
one-app-1und1.neocities.org
|
2 | ce1.uicdn.net |
one-app-1und1.neocities.org
|
1 | pixel.1und1.de |
one-app-1und1.neocities.org
|
1 | uir.uimserv.net |
one-app-1und1.neocities.org
|
0 | ias.1und1.de Failed |
one-app-1und1.neocities.org
|
0 | undefined Failed |
one-app-1und1.neocities.org
|
0 | cors.uicdn.net Failed |
one-app-1und1.neocities.org
|
29 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
navigation.1und1.de |
hilfe-center.1und1.de |
account.1und1.de |
as.1und1.de |
webmail.1und1.de |
www.1und1.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.neocities.org Sectigo RSA Domain Validation Secure Server CA |
2019-06-01 - 2021-05-31 |
2 years | crt.sh |
ias.static-1and1.com GeoTrust RSA CA 2018 |
2018-04-23 - 2020-05-08 |
2 years | crt.sh |
ce1.uicdn.net GeoTrust RSA CA 2018 |
2018-03-13 - 2020-03-12 |
2 years | crt.sh |
*.uimserv.net GeoTrust RSA CA 2018 |
2018-02-19 - 2021-02-18 |
3 years | crt.sh |
pixel.1und1.de GeoTrust RSA CA 2018 |
2018-04-17 - 2020-05-02 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://one-app-1und1.neocities.org/1und1/1und1/de/login/index.htm
Frame ID: 42F511F988E5D23570DA94C4E5D38E40
Requests: 30 HTTP requests in this frame
15 Outgoing links
These are links going to different origins than the main page.
Title: Login
Search URL Search Domain Scan URL
Title: Mehr erfahren
Search URL Search Domain Scan URL
Title: Control-Center
Search URL Search Domain Scan URL
Title: Webmail
Search URL Search Domain Scan URL
Title: Weitere Information
Search URL Search Domain Scan URL
Title: Passwort vergessen?
Search URL Search Domain Scan URL
Title: Weitere Informationen
Search URL Search Domain Scan URL
Title: Jetzt Kunde werden und von unseren Angeboten profitieren.
Search URL Search Domain Scan URL
Title: Webmail
Search URL Search Domain Scan URL
Title: Online-Speicher
Search URL Search Domain Scan URL
Title: Ich brauche Hilfe zum Login
Search URL Search Domain Scan URL
Title: Jetzt informieren!
Search URL Search Domain Scan URL
Title: Jetzt informieren!
Search URL Search Domain Scan URL
Title: Jetzt informieren!
Search URL Search Domain Scan URL
Title: Datenschutzhinweise
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.htm
one-app-1und1.neocities.org/1und1/1und1/de/login/ |
60 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zones.js
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ias.js
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
65 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inpagelayer.js
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
53 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
navigation.js
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
244 KB 61 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
account-webapp.js
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
28 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inpagelayer.css
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
25 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
navigation.css
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
94 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
143 KB 46 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
opensans-regular.woff2
cors.uicdn.net/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LOGIN_DOMAIN_DEFAULT_domain_ntld_2014_11.png
ias.static-1and1.com/media/de/LOGIN_DOMAIN/DEFAULT/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LOGIN_DIY_DEFAULT_BKS_kachel_eshop_INT.png
ias.static-1and1.com/media/de/LOGIN_DIY/DEFAULT/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LOGIN_OFFICE365_DEFAULT_office-small.png
ias.static-1and1.com/media/de/LOGIN_OFFICE365/DEFAULT/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
globalnavigation.woff
cors.uicdn.net/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ciso-styleguide-icons.woff2
cors.uicdn.net/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
opensans-regular.woff
cors.uicdn.net/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
globalnavigation.woff2
cors.uicdn.net/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ciso-styleguide-icons.woff
cors.uicdn.net/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
globalnavigation.ttf
cors.uicdn.net/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ciso-styleguide-icons.ttf
cors.uicdn.net/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
320 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
exos-icon-font.woff
ce1.uicdn.net/exos/icons/ |
46 KB 47 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
opensans-regular.woff
ce1.uicdn.net/exos/fonts/open-sans/ |
62 KB 63 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
false
one-app-1und1.neocities.org/1und1/1und1/de/login/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
inpagelayer.css
undefined/inpagelayer/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
navigation.css
undefined/navi/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
uir.uimserv.net/sid/ |
46 B 622 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
zones
ias.1und1.de/ias/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rum
pixel.1und1.de/ |
126 B 503 B |
XHR
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cors.uicdn.net
- URL
- https://cors.uicdn.net/fonts/opensans-regular.woff2
- Domain
- cors.uicdn.net
- URL
- https://cors.uicdn.net/fonts/globalnavigation.woff
- Domain
- cors.uicdn.net
- URL
- https://cors.uicdn.net/fonts/ciso-styleguide-icons.woff2
- Domain
- cors.uicdn.net
- URL
- https://cors.uicdn.net/fonts/opensans-regular.woff
- Domain
- cors.uicdn.net
- URL
- https://cors.uicdn.net/fonts/globalnavigation.woff2?v={{VERSION}}
- Domain
- cors.uicdn.net
- URL
- https://cors.uicdn.net/fonts/ciso-styleguide-icons.woff
- Domain
- cors.uicdn.net
- URL
- https://cors.uicdn.net/fonts/globalnavigation.ttf
- Domain
- cors.uicdn.net
- URL
- https://cors.uicdn.net/fonts/ciso-styleguide-icons.ttf
- Domain
- undefined
- URL
- https://undefined/inpagelayer/css/inpagelayer.css?v=1.0.2
- Domain
- undefined
- URL
- https://undefined/navi/css/navigation.css?v=2.1.6
- Domain
- ias.1und1.de
- URL
- https://ias.1und1.de/ias/zones?zones=%5B%7B%22zoneId%22%3A%22login_offerlink%22%2C%22container%22%3A%22ias.zone0%22%7D%2C%7B%22zoneId%22%3A%22login_teaser_slot1%22%2C%22container%22%3A%22ias.zone1%22%7D%2C%7B%22zoneId%22%3A%22login_teaser_slot2%22%2C%22container%22%3A%22ias.zone2%22%7D%2C%7B%22zoneId%22%3A%22login_teaser_slot3%22%2C%22container%22%3A%22ias.zone3%22%7D%5D&nc=1562793214204&v=2.1.39&subset=false&application=ACCOUNT_WEBAPP&page=1und1&pageCategories=%5B%5D&data=%7B%22domainCount%22%3A0%2C%22subdomainCount%22%3A0%7D&screenWidth=1600&screenHeight=1200&callback=__iascbr7CtC
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 1&1 Ionos (Telecommunication)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| OAO object| jQBrowser object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate function| Dict function| delay object| _ string| __UI_nguserid object| IAS function| __iascbr7CtC1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.neocities.org/ | Name: NG_USERID Value: ac13e480-48277-1562793214-0 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * |
Strict-Transport-Security | max-age=63072000; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ce1.uicdn.net
cors.uicdn.net
ias.1und1.de
ias.static-1and1.com
one-app-1und1.neocities.org
pixel.1und1.de
uir.uimserv.net
undefined
cors.uicdn.net
ias.1und1.de
undefined
195.20.250.237
213.165.66.58
217.160.86.157
217.160.86.75
2620:2:6000::a:1
20b9334c092550bebfa10565aaf2e4cb9e3ab5f7e2c23257027614cc4b3d47f0
275f96bf13c333a4dc1a70a3ff8f46ae29158c7c2e9519c1e2e3fee991477300
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b
35908fc68fb8df3af3617bffaf9a03d6ad67711a15c967f6475893107bc51f08
3d8c393e558609285cd0868e1e516921eb3b34e23f0c314851779af0dd05b382
4ad9480c74f136c5ed4eabebf173b3c1018e8a8a34e5f1b15dee77cc413c6138
4f3922e45a7dfdb2b8b086a74fe1d1f0f4777062d89b572819349e43e4691bcd
5c9f3ab59a15087fd0d6013d4b20294f91a8151acaccdcd8925abf1c2cd04b48
629fc344b47a7bc26ae207e1091d2eb827c1371219f8367ebf841f1a1af58e54
828968e9526c41af5ef113d07f040c6991f4afd302db659b3e9cd6171f32ec22
98d317e0d147338e6f290512b85f5ff97578b943c1c992f8398895ca06852a3e
a607b3c3e0d09d7f339e0035f16f99bf93637dee0eb27b2b9c447701fefa2ace
a6e957332a60b8f1faf36f4a5816579236eb8a3d954727a4643788d2eaae1a6f
be5612cdee078f1c15a27ab82fa8e94de681db9ea0e0351f2ab19bd1aabc722d
c2c3a9262270543c31dba20ab93bbb67bf25b842c39fcc36929e2d11da5aac74
c8e3413ccf4e639bd00d8e25b5f12b2e63bac1ade35cf659dbb705cafda5dbea
cf1c2954d5ae1b447835b7569e6471e79bc74fa5cd6f9ba4e962894c814540d2