pub-cf73fa7e01284538bb1be2168285b168.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pub-cf73fa7e01284538bb1be2168285b168.r2.dev/3D6231bfbe-8d5b-423a-b48a-4e10976454de.html
Submission: On March 22 via api (March 22nd 2024, 3:26:37 pm UTC) from US — Scanned from US

Summary HTTP 23 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 10 IPs in 2 countries across 7 domains to perform 23 HTTP transactions. The main IP is 2606:4700::6812:223, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-cf73fa7e01284538bb1be2168285b168.r2.dev.
TLS certificate: Issued by E1 on February 6th 2024. Valid for: 3 months.

This is the only time pub-cf73fa7e01284538bb1be2168285b168.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: 1&1 Ionos (Telecommunication) Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
3	2606:4700::68... 2606:4700::6812:223	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	217.160.86.27 217.160.86.27	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
5	213.165.66.58 213.165.66.58	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
1	217.160.86.148 217.160.86.148	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
2	217.160.86.59 217.160.86.59	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
3	18.238.49.60 18.238.49.60	16509 (AMAZON-02) (AMAZON-02)
2	217.160.86.61 217.160.86.61	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
1	195.20.250.190 195.20.250.190	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
1	195.20.250.183 195.20.250.183	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
23	10

3 2606:4700::6812:223 (United States)

ASN13335 (CLOUDFLARENET, US)

pub-cf73fa7e01284538bb1be2168285b168.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.160.86.27 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: ias.uicdn.net

ias.uicdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 213.165.66.58 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: ce1.uicdn.net

ce1.uicdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.160.86.148 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: ias.ionos.de

ias.ionos.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.160.86.59 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: var.uicdn.net

var.uicdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.238.49.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-49-60.jfk52.r.cloudfront.net

4tdc8ll7wtnf.statuspage.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.160.86.61 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: frontend-services.ionos.com

frontend-services.ionos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.20.250.190 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: t-bs.ionos.de

t.ionos.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.20.250.183 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: t-bs.uimserv.net

t.uimserv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	uicdn.net ias.uicdn.net — Cisco Umbrella Rank: 956157 ce1.uicdn.net — Cisco Umbrella Rank: 307733 var.uicdn.net — Cisco Umbrella Rank: 240271	292 KB
3	statuspage.io 4tdc8ll7wtnf.statuspage.io — Cisco Umbrella Rank: 514735	3 KB
3	r2.dev pub-cf73fa7e01284538bb1be2168285b168.r2.dev	1 MB
2	ionos.com frontend-services.ionos.com — Cisco Umbrella Rank: 172669 pet.ionos.com Failed	30 KB
2	ionos.de ias.ionos.de — Cisco Umbrella Rank: 605804 t.ionos.de	2 KB
1	uimserv.net t.uimserv.net — Cisco Umbrella Rank: 18547	720 B
0	Failed function sub() { [native code] }. Failed
23	7

	Domain	Requested by
5	ce1.uicdn.net	pub-cf73fa7e01284538bb1be2168285b168.r2.dev
3	4tdc8ll7wtnf.statuspage.io	pub-cf73fa7e01284538bb1be2168285b168.r2.dev
3	pub-cf73fa7e01284538bb1be2168285b168.r2.dev	pub-cf73fa7e01284538bb1be2168285b168.r2.dev
2	frontend-services.ionos.com	pub-cf73fa7e01284538bb1be2168285b168.r2.dev frontend-services.ionos.com
2	var.uicdn.net	pub-cf73fa7e01284538bb1be2168285b168.r2.dev
1	t.uimserv.net	pub-cf73fa7e01284538bb1be2168285b168.r2.dev
1	t.ionos.de	pub-cf73fa7e01284538bb1be2168285b168.r2.dev
1	ias.ionos.de	pub-cf73fa7e01284538bb1be2168285b168.r2.dev
1	ias.uicdn.net	pub-cf73fa7e01284538bb1be2168285b168.r2.dev
0	pet.ionos.com Failed	pub-cf73fa7e01284538bb1be2168285b168.r2.dev
0	undefined Failed	pub-cf73fa7e01284538bb1be2168285b168.r2.dev
23	11

This site contains links to these domains. Also see Links.

Domain
www.ionos.co.uk
contact.ionos.com
my.ionos.co.uk
hidrive.ionos.com
archive.ionos.co.uk
www.ionos-status.de
www.ionos.com
www.ionos.de

Subject Issuer	Validity	Valid
*.r2.dev E1	`2024-02-06` - `2024-05-06`	3 months	crt.sh
ias.uicdn.net GeoTrust TLS RSA CA G1	`2023-05-15` - `2024-06-14`	a year	crt.sh
ce1.uicdn.net GeoTrust RSA CA 2018	`2023-03-03` - `2024-04-02`	a year	crt.sh
ias.ionos.de GeoTrust TLS RSA CA G1	`2024-03-15` - `2024-08-22`	5 months	crt.sh
var.uicdn.net GeoTrust TLS RSA CA G1	`2023-07-21` - `2024-08-07`	a year	crt.sh
*.statuspage.io Amazon RSA 2048 M03	`2023-10-18` - `2024-11-16`	a year	crt.sh
frontend-services.ionos.com GeoTrust TLS RSA CA G1	`2023-05-19` - `2024-06-05`	a year	crt.sh
*.ionos.de GeoTrust TLS RSA CA G1	`2023-08-18` - `2024-09-17`	a year	crt.sh
*.uimserv.net GeoTrust TLS RSA CA G1	`2023-10-10` - `2024-11-09`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://pub-cf73fa7e01284538bb1be2168285b168.r2.dev/3D6231bfbe-8d5b-423a-b48a-4e10976454de.html
Frame ID: F71C443B76A054F3E85D4A6B541D8A46
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Webmail Login | IONOS by 1&1

Page Statistics

23
Requests

83 %
HTTPS

11 %
IPv6

7
Domains

11
Subdomains

10
IPs

2
Countries

1756 kB
Transfer

1931 kB
Size

2
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ionos.co.uk/
Title: Webmail

Search URL Search Domain Scan URL

URL: https://contact.ionos.com/contact?linkid=nav.top.support.Overlay

Search URL Search Domain Scan URL

URL: https://www.ionos.co.uk/help/index.php?id=2327&utm_term=2327&utm_campaign=forgotpw&utm_medium=help-and-learn&utm_source=login_frontend_hosting&utm_content=flyin
Title: Forgot your password?

Search URL Search Domain Scan URL

URL: https://www.ionos.co.uk/help/index.php?id=4083&utm_term=4083&utm_campaign=staysignedin&utm_medium=help-and-learn&utm_source=login_frontend_hosting&utm_content=flyin
Title: Remember me

Search URL Search Domain Scan URL

URL: https://www.ionos.co.uk/help/index.php?id=2442&utm_term=2442&utm_campaign=mobile-ios&utm_medium=help-and-learn&utm_source=login_frontend_hosting&utm_content=article
Title: iOS

Search URL Search Domain Scan URL

URL: https://www.ionos.co.uk/help/index.php?id=2444&utm_term=2444&utm_campaign=mobile-android&utm_medium=help-and-learn&utm_source=login_frontend_hosting&utm_content=article
Title: Android

Search URL Search Domain Scan URL

URL: https://www.ionos.co.uk/help/index.php?id=2436&utm_term=2436&utm_campaign=desktop-thunderbird&utm_medium=help-and-learn&utm_source=login_frontend_hosting&utm_content=article
Title: Thunderbird

Search URL Search Domain Scan URL

URL: https://www.ionos.co.uk/help/index.php?id=2462&utm_term=2462&utm_campaign=desktop-outlook&utm_medium=help-and-learn&utm_source=login_frontend_hosting&utm_content=article
Title: Outlook

Search URL Search Domain Scan URL

URL: https://www.ionos.co.uk/help/index.php?id=2445&utm_term=2445&utm_campaign=desktop-applemail&utm_medium=help-and-learn&utm_source=login_frontend_hosting&utm_content=article
Title: Apple Mail

Search URL Search Domain Scan URL

URL: https://www.ionos.co.uk/help/index.php?id=2490&utm_term=2490&utm_campaign=other-assistants&utm_medium=help-and-learn&utm_source=login_frontend_hosting&utm_content=article
Title: email programs (POP/IMAP)

Search URL Search Domain Scan URL

URL: https://my.ionos.co.uk/
Title: My IONOS

Search URL Search Domain Scan URL

URL: https://hidrive.ionos.com/
Title: HiDrive

Search URL Search Domain Scan URL

URL: https://archive.ionos.co.uk/
Title: Email archiving

Search URL Search Domain Scan URL

URL: https://www.ionos-status.de/?utm_medium=footer&utm_content=none&utm_source=WEBMAIL_LOGIN&utm_campaign=login&utm_term=no_search
Title: All Systems Operational

Search URL Search Domain Scan URL

URL: https://www.ionos.co.uk/about
Title: 1&1 IONOS Ltd. • 2024

Search URL Search Domain Scan URL

URL: https://www.ionos.co.uk/terms-gtc/terms-privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.ionos.com/cookies
Title: Richtlinie zur Verwendung von Cookies

Search URL Search Domain Scan URL

URL: https://www.ionos.com/terms-gtc/terms-privacy
Title: Datenschutzhinweisen

Search URL Search Domain Scan URL

URL: https://www.ionos.de/impressum
Title: Impressum

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 3D6231bfbe-8d5b-423a-b48a-4e10976454de.html Show response
pub-cf73fa7e01284538bb1be2168285b168.r2.dev/ 1 MB
1 MB 357ms
174ms Document
text/html 2606:4700::6812:223
CLOUDFLARENET

General

			Domain/Path	Expires	Name / Value
			.uimserv.net/	1970-01-21 04:04:17	Name: NGUserID Value: TGP-OPT-OUT
			.ionos.de/	1970-01-21 04:04:17	Name: ionosid Value: TGP-OPT-OUT

Source	Level	URL Text
network	error	URL: https://pub-cf73fa7e01284538bb1be2168285b168.r2.dev/false Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://undefined/navi/css/navigation.css?v=3.17.10-20200622-163115 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://undefined/statuspage/css/statuspage.css?v=1.5.0 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://pub-cf73fa7e01284538bb1be2168285b168.r2.dev/maintenance/status.json Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://ias.uicdn.net/fileadmin/ONEANDONE_HOSTING/user_upload/mail-archiving-de-warning-promo.svg?h=d5c961f85b2fc061379faf77b4566f4dbeb0c83c Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://pet.ionos.com/pet/error/TAG_MANAGER?v=UNKNOWN Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
other	warning	URL: https://pub-cf73fa7e01284538bb1be2168285b168.r2.dev/3D6231bfbe-8d5b-423a-b48a-4e10976454de.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-cf73fa7e01284538bb1be2168285b168.r2.dev/3D6231bfbe-8d5b-423a-b48a-4e10976454de.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.

pub-cf73fa7e01284538bb1be2168285b168.r2.dev Open in urlscan Pro 2606:4700::6812:223 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

23 Requests

83 %HTTPS

11 %IPv6

7 Domains

11 Subdomains

10 IPs

2 Countries

1756 kBTransfer

1931 kBSize

2 Cookies

19 Outgoing links

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

33 JavaScript Global Variables

2 Cookies

8 Console Messages

Indicators

pub-cf73fa7e01284538bb1be2168285b168.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

83 %
HTTPS

11 %
IPv6

7
Domains

11
Subdomains

10
IPs

2
Countries

1756 kB
Transfer

1931 kB
Size

2
Cookies

23 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!