one-app-1und1.neocities.org
Open in
urlscan Pro
2620:2:6000::a:1
Malicious Activity!
Public Scan
Submission: On July 08 via automatic, source phishtank
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 1st 2019. Valid for: 2 years.
This is the only time one-app-1und1.neocities.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 1&1 Ionos (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 2620:2:6000::a:1 2620:2:6000::a:1 | 395409 (NEOCITIES) (NEOCITIES - Neocities) | |
3 | 217.160.86.157 217.160.86.157 | 8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48) | |
1 | 195.20.250.237 195.20.250.237 | 8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48) | |
26 | 4 |
ASN395409 (NEOCITIES - Neocities, US)
one-app-1und1.neocities.org |
ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)
PTR: ias.static-1and1.com
ias.static-1and1.com |
ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)
PTR: x.uimserv.net
uir.uimserv.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
neocities.org
one-app-1und1.neocities.org |
193 KB |
3 |
static-1and1.com
ias.static-1and1.com |
20 KB |
1 |
uimserv.net
uir.uimserv.net |
603 B |
0 |
Failed
function sub() { [native code] }. Failed |
|
0 |
uicdn.net
Failed
cors.uicdn.net Failed ce1.uicdn.net Failed |
|
26 | 5 |
Domain | Requested by | |
---|---|---|
11 | one-app-1und1.neocities.org |
one-app-1und1.neocities.org
|
3 | ias.static-1and1.com |
one-app-1und1.neocities.org
|
1 | uir.uimserv.net |
one-app-1und1.neocities.org
|
0 | undefined Failed |
one-app-1und1.neocities.org
|
0 | ce1.uicdn.net Failed |
one-app-1und1.neocities.org
|
0 | cors.uicdn.net Failed |
one-app-1und1.neocities.org
|
26 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
navigation.1und1.de |
hilfe-center.1und1.de |
account.1und1.de |
as.1und1.de |
webmail.1und1.de |
www.1und1.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.neocities.org Sectigo RSA Domain Validation Secure Server CA |
2019-06-01 - 2021-05-31 |
2 years | crt.sh |
ias.static-1and1.com GeoTrust RSA CA 2018 |
2018-04-23 - 2020-05-08 |
2 years | crt.sh |
*.uimserv.net GeoTrust RSA CA 2018 |
2018-02-19 - 2021-02-18 |
3 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://one-app-1und1.neocities.org/1und1/1und1/de/login/index.htm
Frame ID: 79C79228F45E78534DE0916762E79E9E
Requests: 27 HTTP requests in this frame
15 Outgoing links
These are links going to different origins than the main page.
Title: Login
Search URL Search Domain Scan URL
Title: Mehr erfahren
Search URL Search Domain Scan URL
Title: Control-Center
Search URL Search Domain Scan URL
Title: Webmail
Search URL Search Domain Scan URL
Title: Weitere Information
Search URL Search Domain Scan URL
Title: Passwort vergessen?
Search URL Search Domain Scan URL
Title: Weitere Informationen
Search URL Search Domain Scan URL
Title: Jetzt Kunde werden und von unseren Angeboten profitieren.
Search URL Search Domain Scan URL
Title: Webmail
Search URL Search Domain Scan URL
Title: Online-Speicher
Search URL Search Domain Scan URL
Title: Ich brauche Hilfe zum Login
Search URL Search Domain Scan URL
Title: Jetzt informieren!
Search URL Search Domain Scan URL
Title: Jetzt informieren!
Search URL Search Domain Scan URL
Title: Jetzt informieren!
Search URL Search Domain Scan URL
Title: Datenschutzhinweise
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.htm
one-app-1und1.neocities.org/1und1/1und1/de/login/ |
60 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zones.js
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ias.js
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
65 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inpagelayer.js
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
53 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
navigation.js
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
244 KB 61 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
account-webapp.js
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
28 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inpagelayer.css
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
25 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
navigation.css
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
94 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
one-app-1und1.neocities.org/1und1/1und1/de/login/index_files/ |
143 KB 46 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
opensans-regular.woff2
cors.uicdn.net/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LOGIN_DOMAIN_DEFAULT_domain_ntld_2014_11.png
ias.static-1and1.com/media/de/LOGIN_DOMAIN/DEFAULT/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LOGIN_DIY_DEFAULT_BKS_kachel_eshop_INT.png
ias.static-1and1.com/media/de/LOGIN_DIY/DEFAULT/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LOGIN_OFFICE365_DEFAULT_office-small.png
ias.static-1and1.com/media/de/LOGIN_OFFICE365/DEFAULT/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
globalnavigation.woff
cors.uicdn.net/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ciso-styleguide-icons.woff2
cors.uicdn.net/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
320 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
exos-icon-font.woff
ce1.uicdn.net/exos/icons/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
false
one-app-1und1.neocities.org/1und1/1und1/de/login/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
navigation.css
undefined/navi/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
uir.uimserv.net/sid/ |
46 B 603 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
globalnavigation.woff2
cors.uicdn.net/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
opensans-regular.woff
cors.uicdn.net/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ciso-styleguide-icons.woff
cors.uicdn.net/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
globalnavigation.ttf
cors.uicdn.net/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
opensans-regular.woff
ce1.uicdn.net/exos/fonts/open-sans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ciso-styleguide-icons.ttf
cors.uicdn.net/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cors.uicdn.net
- URL
- https://cors.uicdn.net/fonts/opensans-regular.woff2
- Domain
- cors.uicdn.net
- URL
- https://cors.uicdn.net/fonts/globalnavigation.woff
- Domain
- cors.uicdn.net
- URL
- https://cors.uicdn.net/fonts/ciso-styleguide-icons.woff2
- Domain
- ce1.uicdn.net
- URL
- https://ce1.uicdn.net/exos/icons/exos-icon-font.woff?v=1
- Domain
- undefined
- URL
- https://undefined/navi/css/navigation.css?v=2.1.6
- Domain
- cors.uicdn.net
- URL
- https://cors.uicdn.net/fonts/globalnavigation.woff2?v={{VERSION}}
- Domain
- cors.uicdn.net
- URL
- https://cors.uicdn.net/fonts/opensans-regular.woff
- Domain
- cors.uicdn.net
- URL
- https://cors.uicdn.net/fonts/ciso-styleguide-icons.woff
- Domain
- cors.uicdn.net
- URL
- https://cors.uicdn.net/fonts/globalnavigation.ttf
- Domain
- ce1.uicdn.net
- URL
- https://ce1.uicdn.net/exos/fonts/open-sans/opensans-regular.woff
- Domain
- cors.uicdn.net
- URL
- https://cors.uicdn.net/fonts/ciso-styleguide-icons.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 1&1 Ionos (Telecommunication)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| OAO object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate function| Dict function| delay object| _ object| jQBrowser string| __UI_nguserid0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * |
Strict-Transport-Security | max-age=63072000; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ce1.uicdn.net
cors.uicdn.net
ias.static-1and1.com
one-app-1und1.neocities.org
uir.uimserv.net
undefined
ce1.uicdn.net
cors.uicdn.net
undefined
195.20.250.237
217.160.86.157
2620:2:6000::a:1
20b9334c092550bebfa10565aaf2e4cb9e3ab5f7e2c23257027614cc4b3d47f0
35908fc68fb8df3af3617bffaf9a03d6ad67711a15c967f6475893107bc51f08
3d8c393e558609285cd0868e1e516921eb3b34e23f0c314851779af0dd05b382
4ad9480c74f136c5ed4eabebf173b3c1018e8a8a34e5f1b15dee77cc413c6138
4f3922e45a7dfdb2b8b086a74fe1d1f0f4777062d89b572819349e43e4691bcd
5c9f3ab59a15087fd0d6013d4b20294f91a8151acaccdcd8925abf1c2cd04b48
629fc344b47a7bc26ae207e1091d2eb827c1371219f8367ebf841f1a1af58e54
828968e9526c41af5ef113d07f040c6991f4afd302db659b3e9cd6171f32ec22
98d317e0d147338e6f290512b85f5ff97578b943c1c992f8398895ca06852a3e
be5612cdee078f1c15a27ab82fa8e94de681db9ea0e0351f2ab19bd1aabc722d
c0c8626259eb6f0e3aac8aa8d8c64d77066f94c2892344f2c19fdbfbdd7516a5
c2c3a9262270543c31dba20ab93bbb67bf25b842c39fcc36929e2d11da5aac74
c8e3413ccf4e639bd00d8e25b5f12b2e63bac1ade35cf659dbb705cafda5dbea
cf1c2954d5ae1b447835b7569e6471e79bc74fa5cd6f9ba4e962894c814540d2