pub-cf73fa7e01284538bb1be2168285b168.r2.dev
Open in
urlscan Pro
2606:4700::6812:223
Malicious Activity!
Public Scan
Submission: On March 22 via api from US — Scanned from US
Summary
TLS certificate: Issued by E1 on February 6th 2024. Valid for: 3 months.
This is the only time pub-cf73fa7e01284538bb1be2168285b168.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 1&1 Ionos (Telecommunication) Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 2606:4700::68... 2606:4700::6812:223 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 217.160.86.27 217.160.86.27 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
5 | 213.165.66.58 213.165.66.58 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
1 | 217.160.86.148 217.160.86.148 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
2 | 217.160.86.59 217.160.86.59 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
3 | 18.238.49.60 18.238.49.60 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 217.160.86.61 217.160.86.61 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
1 | 195.20.250.190 195.20.250.190 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
1 | 195.20.250.183 195.20.250.183 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
23 | 10 |
ASN13335 (CLOUDFLARENET, US)
pub-cf73fa7e01284538bb1be2168285b168.r2.dev |
ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: ias.uicdn.net
ias.uicdn.net |
ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: ce1.uicdn.net
ce1.uicdn.net |
ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: ias.ionos.de
ias.ionos.de |
ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: var.uicdn.net
var.uicdn.net |
ASN16509 (AMAZON-02, US)
PTR: server-18-238-49-60.jfk52.r.cloudfront.net
4tdc8ll7wtnf.statuspage.io |
ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: frontend-services.ionos.com
frontend-services.ionos.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
uicdn.net
ias.uicdn.net — Cisco Umbrella Rank: 956157 ce1.uicdn.net — Cisco Umbrella Rank: 307733 var.uicdn.net — Cisco Umbrella Rank: 240271 |
292 KB |
3 |
statuspage.io
4tdc8ll7wtnf.statuspage.io — Cisco Umbrella Rank: 514735 |
3 KB |
3 |
r2.dev
pub-cf73fa7e01284538bb1be2168285b168.r2.dev |
1 MB |
2 |
ionos.com
frontend-services.ionos.com — Cisco Umbrella Rank: 172669 pet.ionos.com Failed |
30 KB |
2 |
ionos.de
ias.ionos.de — Cisco Umbrella Rank: 605804 t.ionos.de |
2 KB |
1 |
uimserv.net
t.uimserv.net — Cisco Umbrella Rank: 18547 |
720 B |
0 |
Failed
function sub() { [native code] }. Failed |
|
23 | 7 |
Domain | Requested by | |
---|---|---|
5 | ce1.uicdn.net |
pub-cf73fa7e01284538bb1be2168285b168.r2.dev
|
3 | 4tdc8ll7wtnf.statuspage.io |
pub-cf73fa7e01284538bb1be2168285b168.r2.dev
|
3 | pub-cf73fa7e01284538bb1be2168285b168.r2.dev |
pub-cf73fa7e01284538bb1be2168285b168.r2.dev
|
2 | frontend-services.ionos.com |
pub-cf73fa7e01284538bb1be2168285b168.r2.dev
frontend-services.ionos.com |
2 | var.uicdn.net |
pub-cf73fa7e01284538bb1be2168285b168.r2.dev
|
1 | t.uimserv.net |
pub-cf73fa7e01284538bb1be2168285b168.r2.dev
|
1 | t.ionos.de |
pub-cf73fa7e01284538bb1be2168285b168.r2.dev
|
1 | ias.ionos.de |
pub-cf73fa7e01284538bb1be2168285b168.r2.dev
|
1 | ias.uicdn.net |
pub-cf73fa7e01284538bb1be2168285b168.r2.dev
|
0 | pet.ionos.com Failed |
pub-cf73fa7e01284538bb1be2168285b168.r2.dev
|
0 | undefined Failed |
pub-cf73fa7e01284538bb1be2168285b168.r2.dev
|
23 | 11 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ionos.co.uk |
contact.ionos.com |
my.ionos.co.uk |
hidrive.ionos.com |
archive.ionos.co.uk |
www.ionos-status.de |
www.ionos.com |
www.ionos.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.r2.dev E1 |
2024-02-06 - 2024-05-06 |
3 months | crt.sh |
ias.uicdn.net GeoTrust TLS RSA CA G1 |
2023-05-15 - 2024-06-14 |
a year | crt.sh |
ce1.uicdn.net GeoTrust RSA CA 2018 |
2023-03-03 - 2024-04-02 |
a year | crt.sh |
ias.ionos.de GeoTrust TLS RSA CA G1 |
2024-03-15 - 2024-08-22 |
5 months | crt.sh |
var.uicdn.net GeoTrust TLS RSA CA G1 |
2023-07-21 - 2024-08-07 |
a year | crt.sh |
*.statuspage.io Amazon RSA 2048 M03 |
2023-10-18 - 2024-11-16 |
a year | crt.sh |
frontend-services.ionos.com GeoTrust TLS RSA CA G1 |
2023-05-19 - 2024-06-05 |
a year | crt.sh |
*.ionos.de GeoTrust TLS RSA CA G1 |
2023-08-18 - 2024-09-17 |
a year | crt.sh |
*.uimserv.net GeoTrust TLS RSA CA G1 |
2023-10-10 - 2024-11-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://pub-cf73fa7e01284538bb1be2168285b168.r2.dev/3D6231bfbe-8d5b-423a-b48a-4e10976454de.html
Frame ID: F71C443B76A054F3E85D4A6B541D8A46
Requests: 24 HTTP requests in this frame
19 Outgoing links
These are links going to different origins than the main page.
Title: Webmail
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Forgot your password?
Search URL Search Domain Scan URL
Title: Remember me
Search URL Search Domain Scan URL
Title: iOS
Search URL Search Domain Scan URL
Title: Android
Search URL Search Domain Scan URL
Title: Thunderbird
Search URL Search Domain Scan URL
Title: Outlook
Search URL Search Domain Scan URL
Title: Apple Mail
Search URL Search Domain Scan URL
Title: email programs (POP/IMAP)
Search URL Search Domain Scan URL
Title: My IONOS
Search URL Search Domain Scan URL
Title: HiDrive
Search URL Search Domain Scan URL
Title: Email archiving
Search URL Search Domain Scan URL
Title: All Systems Operational
Search URL Search Domain Scan URL
Title: 1&1 IONOS Ltd. • 2024
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Richtlinie zur Verwendung von Cookies
Search URL Search Domain Scan URL
Title: Datenschutzhinweisen
Search URL Search Domain Scan URL
Title: Impressum
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
3D6231bfbe-8d5b-423a-b48a-4e10976454de.html
pub-cf73fa7e01284538bb1be2168285b168.r2.dev/ |
1 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
false
pub-cf73fa7e01284538bb1be2168285b168.r2.dev/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mail-archiving-de-warning-promo.svg
ias.uicdn.net/fileadmin/ONEANDONE_HOSTING/user_upload/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-regular.woff
ce1.uicdn.net/exos/fonts/open-sans/ |
62 KB 63 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
320 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
exos-icon-font.woff
ce1.uicdn.net/exos/icons/ |
50 KB 50 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overpass-regular.woff
ce1.uicdn.net/exos/fonts/overpass/ |
42 KB 42 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-bold.woff
ce1.uicdn.net/exos/fonts/open-sans/ |
62 KB 62 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overpass-bold.woff
ce1.uicdn.net/exos/fonts/overpass/ |
41 KB 41 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zones
ias.ionos.de/ias/ |
2 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.css
var.uicdn.net/shopsshort/privacy/v1/ |
25 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle-modern.js
var.uicdn.net/shopsshort/privacy/v1/ |
123 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
statuspage.css
undefined/statuspage/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
status.json
4tdc8ll7wtnf.statuspage.io/api/v2/ |
227 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
active.json
4tdc8ll7wtnf.statuspage.io/api/v2/scheduled-maintenances/ |
185 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
unresolved.json
4tdc8ll7wtnf.statuspage.io/api/v2/incidents/ |
172 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
navigation.css
undefined/navi/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webmail-login.js
frontend-services.ionos.com/t/tag/IONOS/ |
30 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
status.json
pub-cf73fa7e01284538bb1be2168285b168.r2.dev/maintenance/ |
27 KB 27 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
TAG_MANAGER
pet.ionos.com/pet/error/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS |
TAG_MANAGER
pet.ionos.com/pet/error/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bundle.min.js
frontend-services.ionos.com/t/sentry/ |
65 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
t.ionos.de/optout_p/ |
42 B 716 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
t.uimserv.net/mam_optout_p/ |
42 B 720 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
587 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- undefined
- URL
- https://undefined/statuspage/css/statuspage.css?v=1.5.0
- Domain
- undefined
- URL
- https://undefined/navi/css/navigation.css?v=3.17.10-20200622-163115
- Domain
- pet.ionos.com
- URL
- https://pet.ionos.com/pet/error/TAG_MANAGER?v=UNKNOWN
- Domain
- pet.ionos.com
- URL
- https://pet.ionos.com/pet/error/TAG_MANAGER?v=UNKNOWN
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 1&1 Ionos (Telecommunication) Generic Email (Online)33 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| OAO object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate function| Dict function| delay function| _ object| NSfTIF object| Tap object| EXOS string| oao_market_tld string| oao_market_language undefined| oao_hostName object| oaoTranslationLib object| translationDictionary object| stay_logged_in object| oao_moc_login object| $buoop function| $buo function| $ function| jQuery object| op undefined| $bu function| addToHomescreen object| IAS function| PrivacyConsent object| PrivacyConsentEnum object| Sentry2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.uimserv.net/ | Name: NGUserID Value: TGP-OPT-OUT |
|
.ionos.de/ | Name: ionosid Value: TGP-OPT-OUT |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
4tdc8ll7wtnf.statuspage.io
ce1.uicdn.net
frontend-services.ionos.com
ias.ionos.de
ias.uicdn.net
pet.ionos.com
pub-cf73fa7e01284538bb1be2168285b168.r2.dev
t.ionos.de
t.uimserv.net
undefined
var.uicdn.net
pet.ionos.com
undefined
18.238.49.60
195.20.250.183
195.20.250.190
213.165.66.58
217.160.86.148
217.160.86.27
217.160.86.59
217.160.86.61
2606:4700::6812:223
2d647996f6cf408a0ba66a6ecfcdf2d2e224ae053998f0915aa886da4e0bf7fb
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b
35538b399f40d6db114f64b970fb8a612d88d833906f95f4cb8675c0277ecfb3
3d4b48f1e632bc90ef3b7b76d5a0ca0f301e4e1388f4501cee0a0bb901303430
446e661df3f91198c9bf3aa78539687f88da3e4385bd817d4a0436b694c72003
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499
7214fb2a9e53af4d3b86b1715e48d3b2292fc5e2ee7d5b362c9af398d5e3d655
7948d8ed9f32dc3dbe6bdd1aec68e42e321b2bfde8fe8b39bae91e989626654c
7afccd9150b0fcbf1a1056e6cc6051c9b6d85a55da7bf1a7fb0f475c0b22facc
7d7a1a8ec55f31a6674fd2e2c41bcc6421a9aeb5cf161c6e93363f31347160f9
7fa9f84962947af5c645c9fbdce53e570e42d8887d535b8b3513a39812e64550
ae33f2f9faa1e83d7291687e59ae49353f6cc57a848d17d75a9067c2139c9cef
b6d9020b68f195bed0b06fb3da3c044adcef85ac7635ec24e3608dfb0bcf2b4d
c8e1724edab4d29c68d698c71f04db98774a5ba4fb432e4d37bfb0beecdac987
d78e7ad4838a9fb4db11451b1db78ccd0b0c7b28f5787684ce2870918ce27bb5
de3a60946ff5386574a119cf03fb01bed78831555e7f043c3016573ea14b2f68
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f869d4673e10f58d4e42962faffaf262380f3339374b1221f1d1c61ae6475f13