slot-888.com
Open in
urlscan Pro
94.74.108.136
Malicious Activity!
Public Scan
Submission Tags: 7328042
Submission: On October 23 via api from NL — Scanned from DE
Summary
TLS certificate: Issued by R3 on August 10th 2021. Valid for: 3 months.
This is the only time slot-888.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 1&1 Ionos (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 94.74.108.136 94.74.108.136 | 136907 (HWCLOUDS-...) (HWCLOUDS-AS-AP HUAWEI CLOUDS) | |
5 | 213.165.66.58 213.165.66.58 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
1 | 2001:8d8:5ff:... 2001:8d8:5ff:7::1:3 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
2 | 104.75.88.194 104.75.88.194 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 3.124.201.165 3.124.201.165 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 35.156.65.226 35.156.65.226 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 35.156.212.124 35.156.212.124 | 16509 (AMAZON-02) (AMAZON-02) | |
13 | 7 |
ASN136907 (HWCLOUDS-AS-AP HUAWEI CLOUDS, HK)
PTR: ecs-94-74-108-136.compute.hwclouds-dns.com
slot-888.com |
ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: ce1.uicdn.net
ce1.uicdn.net |
ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
www.1und1.de |
ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-194.deploy.static.akamaitechnologies.com
tags.tiqcdn.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-201-165.eu-central-1.compute.amazonaws.com
collect.tealiumiq.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-65-226.eu-central-1.compute.amazonaws.com
collect-eu-central-1.tealiumiq.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-212-124.eu-central-1.compute.amazonaws.com
visitor-service-eu-central-1.tealiumiq.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
uicdn.net
ce1.uicdn.net |
247 KB |
3 |
tealiumiq.com
collect.tealiumiq.com collect-eu-central-1.tealiumiq.com visitor-service-eu-central-1.tealiumiq.com |
2 KB |
2 |
tiqcdn.com
tags.tiqcdn.com |
82 KB |
2 |
slot-888.com
slot-888.com |
9 KB |
1 |
1und1.de
www.1und1.de |
5 KB |
13 | 5 |
Domain | Requested by | |
---|---|---|
5 | ce1.uicdn.net |
slot-888.com
ce1.uicdn.net |
2 | tags.tiqcdn.com |
www.1und1.de
tags.tiqcdn.com |
2 | slot-888.com |
slot-888.com
|
1 | visitor-service-eu-central-1.tealiumiq.com |
tags.tiqcdn.com
|
1 | collect-eu-central-1.tealiumiq.com |
tags.tiqcdn.com
|
1 | collect.tealiumiq.com |
slot-888.com
|
1 | www.1und1.de |
slot-888.com
|
13 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ionos.de |
login.ionos.de |
www.1und1.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
slot-888.com R3 |
2021-08-10 - 2021-11-08 |
3 months | crt.sh |
ce1.uicdn.net GeoTrust RSA CA 2018 |
2020-03-03 - 2022-03-08 |
2 years | crt.sh |
1und1.de GeoTrust EV RSA CA 2018 |
2021-08-04 - 2022-08-04 |
a year | crt.sh |
*.tiqcdn.com DigiCert SHA2 Secure Server CA |
2021-04-19 - 2022-04-27 |
a year | crt.sh |
*.tealiumiq.com Amazon |
2021-09-24 - 2022-10-23 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://slot-888.com/GAtt/App/app/
Frame ID: 9F654A3350604C524F837E22DBC890DB
Requests: 7 HTTP requests in this frame
Frame:
https://www.1und1.de/cookiecheck
Frame ID: BF4AB10DA190D4B31009EA79881CBF5F
Requests: 6 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
Title: Mehr erfahren
Search URL Search Domain Scan URL
Title: » login.ionos.de
Search URL Search Domain Scan URL
Title: » Gespeicherte Login-Daten übernehmen
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
slot-888.com/GAtt/App/app/ |
49 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionos.min.css
ce1.uicdn.net/exos/framework/1.1/ |
227 KB 32 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cp2x.png
slot-888.com/GAtt/App/app/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookiecheck
www.1und1.de/ Frame BF4A |
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overpass-regular.woff
ce1.uicdn.net/exos/fonts/overpass/ |
42 KB 42 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-regular.woff
ce1.uicdn.net/exos/fonts/open-sans/ |
62 KB 63 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
exos-icon-font.woff
ce1.uicdn.net/exos/icons/ |
48 KB 48 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-bold.woff
ce1.uicdn.net/exos/fonts/open-sans/ |
62 KB 62 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.js
tags.tiqcdn.com/utag/1und1/onlineshop/prod/ Frame BF4A |
627 KB 82 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
event
collect.tealiumiq.com/ Frame BF4A |
0 510 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ Frame BF4A |
2 B 202 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
i.gif
collect-eu-central-1.tealiumiq.com/1und1/main/2/ Frame BF4A |
43 B 750 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
017cac956ab40001333aae5f2a4503072002006a00b08
visitor-service-eu-central-1.tealiumiq.com/1und1/main/ Frame BF4A |
425 B 643 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 1&1 Ionos (Telecommunication)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect boolean| originAgentCluster2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.tealiumiq.com/ | Name: TAPID Value: 1und1/main>017cac956ab40001333aae5f2a4503072002006a00b08| |
|
.1und1.de/ | Name: utag_main Value: v_id:017cac956ab40001333aae5f2a4503072002006a00b08$_sn:1$_se:1$_ss:1$_st:1634984848859$ses_id:1634983045813%3Bexp-session$_pn:1%3Bexp-session$consentsplit:consent-layer-wall$optimizely:false%3Bexp-session$fbem:8cf4fd4b4609a495dfda325772043ad816b0b5e82b00a1af6b47cf376f233854%3Bexp-session$qualifiedvisit:false%3Bexp-session$prevpage:%7Cundefined%7Cundefined%7C%3Bexp-session$dc_visit:1$dc_event:1%3Bexp-session$dc_region:eu-central-1%3Bexp-session |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ce1.uicdn.net
collect-eu-central-1.tealiumiq.com
collect.tealiumiq.com
slot-888.com
tags.tiqcdn.com
visitor-service-eu-central-1.tealiumiq.com
www.1und1.de
104.75.88.194
2001:8d8:5ff:7::1:3
213.165.66.58
3.124.201.165
35.156.212.124
35.156.65.226
94.74.108.136
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b
3d422148ad463af2e6195b9b970dbed4496d15f580f776f1e7373e818c62e6e7
4417524f4acea7e19d74048db5edd9c57a7fc6133ed3f495dcd52c73cf67ccc7
4c6f30f2c1d847050e3e033e042793d446d6558bed0686ff38e5939e09565ecc
52676278cfe6926adafcf57f86b1613ff067e825f626231e839facf3747fe083
541a0247ee4871224b70dc91d39a7c5a64616f50db8ff022e3f0d77b3781310e
7d7a1a8ec55f31a6674fd2e2c41bcc6421a9aeb5cf161c6e93363f31347160f9
89c964e03155b72a17f17d877ce96b4644b6cfd4715bb0cf5032fc195aec0c0d
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
d78e7ad4838a9fb4db11451b1db78ccd0b0c7b28f5787684ce2870918ce27bb5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fc19ec4d2e4c71e98b7f41584b7b452ff1de941b5d5c27384a8008db3649c218