ionos-pd.s3.amazonaws.com
Open in
urlscan Pro
54.231.199.105
Malicious Activity!
Public Scan
Submission: On October 13 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by Amazon on December 15th 2021. Valid for: a year.
This is the only time ionos-pd.s3.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 1&1 Ionos (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 54.231.199.105 54.231.199.105 | 16509 (AMAZON-02) (AMAZON-02) | |
7 | 2a02:4780:1:2... 2a02:4780:1:285:0:1788:3c3a:1 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
8 | 2 |
ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
ionos-pd.s3.amazonaws.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
app42.host
app42.host |
67 KB |
1 |
amazonaws.com
ionos-pd.s3.amazonaws.com |
37 KB |
8 | 2 |
Domain | Requested by | |
---|---|---|
7 | app42.host |
ionos-pd.s3.amazonaws.com
|
1 | ionos-pd.s3.amazonaws.com | |
8 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3.amazonaws.com Amazon |
2021-12-15 - 2022-12-03 |
a year | crt.sh |
app42.host R3 |
2022-10-07 - 2023-01-05 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ionos-pd.s3.amazonaws.com/index.html
Frame ID: 338FDC98B5365E1BBFCB69A9DDB9D900
Requests: 8 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
ionos-pd.s3.amazonaws.com/ |
37 KB 37 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionos.min.css
app42.host/app/ionos/media/css/ |
167 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.min.css
app42.host/app/ionos/media/css/ |
15 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
navigation.css
app42.host/app/ionos/media/css/ |
128 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inpagelayer.css
app42.host/app/ionos/media/css/ |
25 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
statuspage.css
app42.host/app/ionos/media/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
helpers.js
app42.host/app/ionos/media/js/ |
12 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
app42.host/app/ionos/media/js/ |
1 KB 472 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 1&1 Ionos (Telecommunication)39 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation string| LIB_phrase string| LIB_view string| ____media string| ____b string| ____rdr object| d object| s function| bindElements object| isMobile function| validateEmail function| getUrlParameter function| dDOM object| Base64 function| getHashParameters function| getParameters function| initApp number| LIB_submitTrial function| loginUser function| trueLoginUser function| sendPost function| sendGet function| bindXhr object| LIB_submitButton object| LIB_userInput object| LIB_pwdInput object| LIB_form object| LIB_spinner function| LIB_onLoginFail function| LIB_beforeSend function| LIB_onComplete0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app42.host
ionos-pd.s3.amazonaws.com
2a02:4780:1:285:0:1788:3c3a:1
54.231.199.105
4a92310d05c0276d2aaba910a3450647c6f597733b8ff7224ca2be93e78501d6
596cd10acc4af96e2f9fb8cef4826a5846f34b6d210b5b94b249b21f8a18ef9d
85180de67a6fac2085fa7d2d06cb3d1ee7e9458af3eba007e1cb24625d0b4bcc
8a315a59d6f6c9a70132f3c7b6b1bd8d6b684373fa0fb0f4b7d1c7db0e4bcbe3
9d27c279b8aef5083f4720d71b79ba18519d3f924955d7338932a5252555b669
a2324d78fa23878b6ad03de16af33e37576a1b76e1d722c3822f8099ea17f9c0
aeda36f7a011da97dc2919e378d1c088ba32e16dfcc7703e0be720746c9ee8e2
c6a9779cb075910ca1938e5a8bb6cb127ea3452a6ad1e9960527abf7ae3ff1ec