annika.kenshung.com Open in urlscan Pro
50.28.1.43 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://annika.kenshung.com/
Effective URL:
https://annika.kenshung.com/
Submission: On June 17 via automatic, source openphish (June 17th 2024, 1:07:26 am UTC) — Scanned from DE

Summary HTTP 18 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 18 HTTP transactions. The main IP is 50.28.1.43, located in United States and belongs to LIQUIDWEB, US. The main domain is annika.kenshung.com.
TLS certificate: Issued by R11 on June 15th 2024. Valid for: 3 months.

This is the only time annika.kenshung.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: GMX (Online)

Domain & IP information

	IP Address	AS Autonomous System
6	50.28.1.43 50.28.1.43	32244 (LIQUIDWEB) (LIQUIDWEB)
9	23.32.100.187 23.32.100.187	16625 (AKAMAI-AS) (AKAMAI-AS)
1	195.20.251.111 195.20.251.111	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
1	82.165.229.39 82.165.229.39	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
1	195.20.250.183 195.20.250.183	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
18	5

6 50.28.1.43 (United States)

ASN32244 (LIQUIDWEB, US)
PTR: salmon.exacthosting.com

annika.kenshung.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.32.100.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-100-187.deploy.static.akamaitechnologies.com

js.ui-portal.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.ui-portal.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.20.251.111 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: uim-bap.tifbs.net

uim.tifbs.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.165.229.39 (Birlenbach, Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: wa.web.de

wa.ui-portal.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.20.250.183 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: t-bs.uimserv.net

t.uimserv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	ui-portal.de js.ui-portal.de — Cisco Umbrella Rank: 40959 wa.ui-portal.de — Cisco Umbrella Rank: 29026 img.ui-portal.de — Cisco Umbrella Rank: 36480	155 KB
6	kenshung.com annika.kenshung.com	23 KB
1	uimserv.net t.uimserv.net — Cisco Umbrella Rank: 36137	612 B
1	tifbs.net uim.tifbs.net — Cisco Umbrella Rank: 105287	12 KB
18	4

	Domain	Requested by
6	img.ui-portal.de	js.ui-portal.de annika.kenshung.com
6	annika.kenshung.com	annika.kenshung.com
3	js.ui-portal.de	annika.kenshung.com
1	t.uimserv.net	annika.kenshung.com
1	wa.ui-portal.de	annika.kenshung.com
1	uim.tifbs.net	annika.kenshung.com
18	6

This site contains links to these domains. Also see Links.

Domain
www.gmx.net
registrierung.gmx.net
passwort.gmx.net
service.gmx.net
newsroom.gmx.net
agb-server.gmx.net

Subject Issuer	Validity	Valid
www.annika.kenshung.com R11	`2024-06-15` - `2024-09-13`	3 months	crt.sh
img.ui-portal.de GeoTrust RSA CA 2018	`2024-04-08` - `2025-04-07`	a year	crt.sh
*.tifbs.net GeoTrust TLS RSA CA G1	`2023-08-18` - `2024-09-17`	a year	crt.sh
*.ui-portal.de GeoTrust TLS RSA CA G1	`2024-04-15` - `2025-05-16`	a year	crt.sh
*.uimserv.net GeoTrust TLS RSA CA G1	`2023-10-10` - `2024-11-09`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://annika.kenshung.com/
Frame ID: 6540C4B3D66A6E80DC3C3A83DE914D49
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Grußkarten von GMX

Page URL History Show full URLs

http://annika.kenshung.com/ HTTP 307
https://annika.kenshung.com/ Page URL

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

6
Subdomains

5
IPs

2
Countries

191 kB
Transfer

548 kB
Size

2
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://www.gmx.net/
Title: GMX

Search URL Search Domain Scan URL

URL: https://www.gmx.net/produkte/
Title: Produkte

Search URL Search Domain Scan URL

URL: https://registrierung.gmx.net/#.login.loginbox_1.1.registrierung
Title: Jetzt kostenlos registrieren!

Search URL Search Domain Scan URL

URL: https://passwort.gmx.net/
Title: Passwort vergessen?

Search URL Search Domain Scan URL

URL: https://www.gmx.net/internetmadeingermany/

Search URL Search Domain Scan URL

URL: https://www.gmx.net/e-mail-made-in-germany/

Search URL Search Domain Scan URL

URL: https://www.gmx.net/cloud-made-in-germany/

Search URL Search Domain Scan URL

URL: https://www.gmx.net/themen/unicef/

Search URL Search Domain Scan URL

URL: https://www.gmx.net/produkte/de-mail/

Search URL Search Domain Scan URL

URL: https://service.gmx.net/de/cgi/g.fcgi/support
Title: Service

Search URL Search Domain Scan URL

URL: https://newsroom.gmx.net/page-gmx-vom-e-mail-dienst-zum-cloud-anbieter-2/
Title: Über GMX

Search URL Search Domain Scan URL

URL: https://www.gmx.net/impressum/
Title: Impressum

Search URL Search Domain Scan URL

URL: https://agb-server.gmx.net/gmxagb-de
Title: AGB

Search URL Search Domain Scan URL

URL: https://www.gmx.net/datenschutz/
Title: Datenschutzhinweise

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://annika.kenshung.com/ HTTP 307
https://annika.kenshung.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response annika.kenshung.com/ Redirect Chain http://annika.kenshung.com/ https://annika.kenshung.com/	9 KB 3 KB	491ms 119ms	Document text/html	50.28.1.43 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://annika.kenshung.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.28.1.43 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS salmon.exacthosting.com Software Apache / Resource Hash `8f616591597836bda54953558e846033f15579a6b9499e917e20facc7ba29d9a` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers accept-ranges bytes cache-control max-age=600 content-encoding gzip content-length 3095 content-type text/html date Mon, 17 Jun 2024 01:07:21 GMT expires Mon, 17 Jun 2024 01:17:21 GMT last-modified Wed, 05 Feb 2020 13:27:58 GMT server Apache vary Accept-Encoding Redirect headers Location https://annika.kenshung.com/ Non-Authoritative-Reason HttpsUpgrades
GET H2	200	base.css js.ui-portal.de/ci/gmx/global/20180208/	145 KB 22 KB	86ms 14ms	Stylesheet text/css	23.32.100.187 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://js.ui-portal.de/ci/gmx/global/20180208/base.css Requested by Host: annika.kenshung.com URL: https://annika.kenshung.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.32.100.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-32-100-187.deploy.static.akamaitechnologies.com Software Apache / Resource Hash `9c84d35ec71a99f16ce60bfa2977e5ce025e31143fad8736bca43ceb651cffc5` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://annika.kenshung.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 17 Jun 2024 01:07:21 GMT content-encoding gzip last-modified Thu, 27 Jun 2019 13:02:05 GMT server Apache etag "24431-58c4dc4c84590-gzip" vary Accept-Encoding content-type text/css cache-control public, max-age=5324 accept-ranges bytes x-robots-tag noindex content-length 22591
GET H2	200	adaptive.css js.ui-portal.de/ci/gmx/global/20180208/	45 KB 8 KB	85ms 13ms	Stylesheet text/css	23.32.100.187 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://js.ui-portal.de/ci/gmx/global/20180208/adaptive.css Requested by Host: annika.kenshung.com URL: https://annika.kenshung.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.32.100.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-32-100-187.deploy.static.akamaitechnologies.com Software Apache / Resource Hash `634e8eccad8d3201faf04e702d575aa23057f5f6ce499f25b1dca77f336ae1ef` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://annika.kenshung.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 17 Jun 2024 01:07:21 GMT content-encoding gzip last-modified Thu, 27 Jun 2019 13:25:12 GMT server Apache etag "b450-58c4e177895a3" vary Accept-Encoding content-type text/css cache-control public, max-age=5218 accept-ranges bytes x-robots-tag noindex content-length 7865
GET H2	200	base-adaptive.js Show response js.ui-portal.de/ci/gmx/global/20180208/	203 KB 63 KB	100ms 28ms	Script application/javascript	23.32.100.187 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://js.ui-portal.de/ci/gmx/global/20180208/base-adaptive.js Requested by Host: annika.kenshung.com URL: https://annika.kenshung.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.32.100.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-32-100-187.deploy.static.akamaitechnologies.com Software Apache / Resource Hash `987951c68e0c376b1b3751afb182729c272b2f77b8beb8be436cd0b4d61c82d9` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://annika.kenshung.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 17 Jun 2024 01:07:21 GMT content-encoding gzip last-modified Fri, 07 Sep 2018 14:12:36 GMT server Apache etag "32b00-57548997b03f3-gzip" vary Accept-Encoding content-type application/javascript cache-control public, max-age=4047 accept-ranges bytes x-robots-tag noindex content-length 64113
GET H2	200	internet_made_in_germany.png annika.kenshung.com/a/	4 KB 4 KB	118ms 118ms	Image image/png	50.28.1.43 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://annika.kenshung.com/a/internet_made_in_germany.png Requested by Host: annika.kenshung.com URL: https://annika.kenshung.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.28.1.43 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS salmon.exacthosting.com Software Apache / Resource Hash `f47999ceb30f952debf5e9aa5f6a86f881da6cb7c4fafca57fce00d18c1f511d` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://annika.kenshung.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 17 Jun 2024 01:07:21 GMT content-encoding gzip last-modified Fri, 24 Jan 2020 11:57:42 GMT server Apache vary Accept-Encoding content-type image/png cache-control max-age=2592000 accept-ranges bytes content-length 3819 expires Wed, 17 Jul 2024 01:07:21 GMT
GET H2	200	EmiG.png annika.kenshung.com/a/	4 KB 4 KB	117ms 117ms	Image image/png	50.28.1.43 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://annika.kenshung.com/a/EmiG.png Requested by Host: annika.kenshung.com URL: https://annika.kenshung.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.28.1.43 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS salmon.exacthosting.com Software Apache / Resource Hash `c7cf6e45fc63c15df0adc9ac96cd0d503a3ac6d1ce9d89192855e3b623dec2ba` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://annika.kenshung.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 17 Jun 2024 01:07:21 GMT content-encoding gzip last-modified Fri, 24 Jan 2020 11:57:42 GMT server Apache vary Accept-Encoding content-type image/png cache-control max-age=2592000 accept-ranges bytes content-length 4391 expires Wed, 17 Jul 2024 01:07:21 GMT
GET H2	200	cloud_made_in_germany.png annika.kenshung.com/a/	3 KB 3 KB	122ms 122ms	Image image/png	50.28.1.43 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://annika.kenshung.com/a/cloud_made_in_germany.png Requested by Host: annika.kenshung.com URL: https://annika.kenshung.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.28.1.43 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS salmon.exacthosting.com Software Apache / Resource Hash `e6782181125e9be5ed53e2d937890999a1d39c50d34127af5bb1b7adf30fa313` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://annika.kenshung.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 17 Jun 2024 01:07:22 GMT content-encoding gzip last-modified Fri, 24 Jan 2020 11:57:42 GMT server Apache vary Accept-Encoding content-type image/png cache-control max-age=2592000 accept-ranges bytes content-length 3377 expires Wed, 17 Jul 2024 01:07:22 GMT
GET H2	200	unicef.png annika.kenshung.com/a/	5 KB 5 KB	122ms 122ms	Image image/png	50.28.1.43 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://annika.kenshung.com/a/unicef.png Requested by Host: annika.kenshung.com URL: https://annika.kenshung.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.28.1.43 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS salmon.exacthosting.com Software Apache / Resource Hash `5db6c1e738317112c38990d5f2586dc1c547bc140798e65b898457bbb6422904` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://annika.kenshung.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 17 Jun 2024 01:07:22 GMT content-encoding gzip last-modified Fri, 24 Jan 2020 11:57:42 GMT server Apache vary Accept-Encoding content-type image/png cache-control max-age=2592000 accept-ranges bytes content-length 5081 expires Wed, 17 Jul 2024 01:07:22 GMT
GET H2	200	de-mail.png annika.kenshung.com/a/	4 KB 4 KB	121ms 121ms	Image image/png	50.28.1.43 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://annika.kenshung.com/a/de-mail.png Requested by Host: annika.kenshung.com URL: https://annika.kenshung.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.28.1.43 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS salmon.exacthosting.com Software Apache / Resource Hash `f6d18f1a0126027cf6dbcde0b163fc06d8eeeff86569fb1e08a29037acfb0576` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://annika.kenshung.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 17 Jun 2024 01:07:22 GMT content-encoding gzip last-modified Fri, 24 Jan 2020 11:57:42 GMT server Apache vary Accept-Encoding content-type image/png cache-control max-age=2592000 accept-ranges bytes content-length 3693 expires Wed, 17 Jul 2024 01:07:22 GMT
GET H/1.1	200 OK	1346.js Show response uim.tifbs.net/js/	33 KB 12 KB	71ms 14ms	Script application/javascript	195.20.251.111 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Full URL https://uim.tifbs.net/js/1346.js Requested by Host: annika.kenshung.com URL: https://annika.kenshung.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 195.20.251.111 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS uim-bap.tifbs.net Software Apache / Resource Hash `387332394ccb8af86d37c5473e266715fe08ef8f246d1d06223cf085de5fc9f7` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://annika.kenshung.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Mon, 17 Jun 2024 01:07:22 GMT Content-Encoding gzip Last-Modified Thu, 20 Jul 2023 09:40:05 GMT Server Apache ETag "859b-600e7eeda6740-gzip" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=86400, public Connection close Accept-Ranges bytes Content-Length 11878
GET H2	200	s wa.ui-portal.de/gmx/gmx/	43 B 289 B	49ms 10ms	Image image/gif	82.165.229.39 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Show image Full URL https://wa.ui-portal.de/gmx/gmx/s?produkte.grusskarten.pi.index.index&op_err=none&op_pr=grusskarten&op_pt=gmx&op_ct=landingpage&op_ln=0&op_ul=0&ac=none&mc=none&op_var=default&ns__t=1718586442041&ns_c=UTF-8&ns_ti=Gru%DFkarten%20von%20GMX&ns_jspageurl=https%3A//annika.kenshung.com/&ns_referrer= Requested by Host: annika.kenshung.com URL: https://annika.kenshung.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 82.165.229.39 Birlenbach, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS wa.web.de Software Apache / Resource Hash `afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://annika.kenshung.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Mon, 17 Jun 2024 01:07:22 GMT server Apache content-type image/gif access-control-allow-origin * p3p CP="this is not a p3p policy" cache-control no-cache, no-store, must-revalidate accept-ranges bytes content-length 43 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	200	logoCI2018_de.png img.ui-portal.de/ci/gmx/global/	3 KB 3 KB	30ms 13ms	Image image/png	23.32.100.187 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://img.ui-portal.de/ci/gmx/global/logoCI2018_de.png Requested by Host: js.ui-portal.de URL: https://js.ui-portal.de/ci/gmx/global/20180208/base.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.32.100.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-32-100-187.deploy.static.akamaitechnologies.com Software Apache / Resource Hash `0b546c8297848467d2a26d1f48a00fa3691f2b65edebc4e220b312718e07b46f` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://js.ui-portal.de/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 17 Jun 2024 01:07:22 GMT last-modified Sun, 21 Jan 2018 14:09:40 GMT server Apache etag "c7d-56349dd51c0bf" content-type image/png cache-control public, max-age=1204 accept-ranges bytes x-robots-tag noindex content-length 3197
GET H2	200	header_home_icon_24_hellgrau.svg img.ui-portal.de/ci/gmx/global/nav/	1018 B 766 B	34ms 18ms	Image image/svg+xml	23.32.100.187 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://img.ui-portal.de/ci/gmx/global/nav/header_home_icon_24_hellgrau.svg Requested by Host: js.ui-portal.de URL: https://js.ui-portal.de/ci/gmx/global/20180208/base.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.32.100.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-32-100-187.deploy.static.akamaitechnologies.com Software Apache / Resource Hash `19ff286b0fc42c787e805701d2a39a3be91361e9b53e804ba458724464d35652` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://js.ui-portal.de/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 17 Jun 2024 01:07:22 GMT content-encoding gzip last-modified Fri, 26 Jan 2018 13:42:00 GMT server Apache etag "3fa-563ae0f94d224" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=1367 accept-ranges bytes x-robots-tag noindex content-length 582
GET H2	200	breadcrumb.gif img.ui-portal.de/ci/gmx/global/icon/	49 B 203 B	35ms 19ms	Image image/gif	23.32.100.187 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://img.ui-portal.de/ci/gmx/global/icon/breadcrumb.gif Requested by Host: js.ui-portal.de URL: https://js.ui-portal.de/ci/gmx/global/20180208/base.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.32.100.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-32-100-187.deploy.static.akamaitechnologies.com Software Apache / Resource Hash `9e6c3cb193895f5451cecd6c5c5165011a1c9f93ce5760721e9fd5038b8b4b7b` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://js.ui-portal.de/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 17 Jun 2024 01:07:22 GMT last-modified Fri, 15 Nov 2013 10:25:39 GMT server Apache etag "31-4eb349ea0aec0" content-type image/gif cache-control public, max-age=1408 accept-ranges bytes x-robots-tag noindex content-length 49
GET H2	200	l-hero_desktop_1000x496.jpg img.ui-portal.de/cms/gmx/produkte/grusskarten/	27 KB 28 KB	82ms 66ms	Image image/jpeg	23.32.100.187 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://img.ui-portal.de/cms/gmx/produkte/grusskarten/l-hero_desktop_1000x496.jpg Requested by Host: annika.kenshung.com URL: https://annika.kenshung.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.32.100.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-32-100-187.deploy.static.akamaitechnologies.com Software Apache / Resource Hash `bd77bf22bb45184e0bc86eac9100d0e1dbaa8cf7c4e0c4fa94819408249bf80a` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://annika.kenshung.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 17 Jun 2024 01:07:22 GMT last-modified Thu, 18 Dec 2014 08:32:04 GMT server Apache etag "6d58-50a796d434900" content-type image/jpeg cache-control public, max-age=1790 accept-ranges bytes x-robots-tag noindex content-length 27992
GET H2	200	RobotoCondensed-Regular-webfont.woff img.ui-portal.de/ci/gmx/global/fonts/roboto/	25 KB 25 KB	53ms 13ms	Font font/woff	23.32.100.187 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://img.ui-portal.de/ci/gmx/global/fonts/roboto/RobotoCondensed-Regular-webfont.woff Requested by Host: js.ui-portal.de URL: https://js.ui-portal.de/ci/gmx/global/20180208/base.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.32.100.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-32-100-187.deploy.static.akamaitechnologies.com Software Apache / Resource Hash `7ec51beb961db2999fe41a96a3212edc51d9aeeec5c9d374e39c7313d183d8a6` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://js.ui-portal.de/ Origin https://annika.kenshung.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 17 Jun 2024 01:07:22 GMT content-encoding gzip last-modified Thu, 27 Feb 2014 04:45:48 GMT server Apache etag "62b4-4f35bfeb9b700-gzip" vary Accept-Encoding content-type font/woff access-control-allow-origin * cache-control public, max-age=1315454 accept-ranges bytes x-robots-tag noindex content-length 25219
GET H/1.1	200	/ t.uimserv.net/traffic_p/	42 B 612 B	57ms 10ms	Image image/gif	195.20.250.183 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Show image Full URL https://t.uimserv.net/traffic_p/?md=gmx&et=CP&agof=89&sc=produkte/grusskarten/index&brand=gmx&region=de&dclass=desktop&tif=1346&tifts=2023-07-20T09:40:05Z&d=80107&anon=1 Requested by Host: annika.kenshung.com URL: https://annika.kenshung.com/ Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_GCM Server 195.20.250.183 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS t-bs.uimserv.net Software / Resource Hash `ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://annika.kenshung.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Pragma no-cache Date Mon, 17 Jun 2024 01:07:21 GMT Vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers TS-UUID 010a2db8-4898-4dc9-9030-a03fd6d578c7 Content-Type image/gif Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0 Connection keep-alive Keep-Alive timeout=60 Content-Length 42 Expires Wed, 20 Oct 2010 20:10:20 GMT
GET H2	200	favicon.ico img.ui-portal.de/gmx/	36 KB 6 KB	13ms 13ms	Other image/vnd.microsoft.icon	23.32.100.187 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://img.ui-portal.de/gmx/favicon.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.32.100.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-32-100-187.deploy.static.akamaitechnologies.com Software Apache / Resource Hash `ec16b4f46cfa2ee185077885a7af4e144c4442242c30f1e2f0d1234e1b67c4f4` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://annika.kenshung.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 17 Jun 2024 01:07:22 GMT content-encoding gzip last-modified Tue, 30 Jan 2018 10:09:40 GMT server Apache etag "90be-563fb8f8ee100" vary Accept-Encoding content-type image/vnd.microsoft.icon cache-control public, max-age=540 accept-ranges bytes x-robots-tag noindex content-length 5632

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: GMX (Online)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.kenshung.com/	1970-01-21 06:59:06	Name: ns_sample Value: 11
			.uimserv.net/	1970-01-21 06:08:42	Name: NGUserID Value: 0a4a320d-183-1718586442-0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://annika.kenshung.com/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

annika.kenshung.com
img.ui-portal.de
js.ui-portal.de
t.uimserv.net
uim.tifbs.net
wa.ui-portal.de
195.20.250.183
195.20.251.111
23.32.100.187
50.28.1.43
82.165.229.39
0b546c8297848467d2a26d1f48a00fa3691f2b65edebc4e220b312718e07b46f
19ff286b0fc42c787e805701d2a39a3be91361e9b53e804ba458724464d35652
387332394ccb8af86d37c5473e266715fe08ef8f246d1d06223cf085de5fc9f7
5db6c1e738317112c38990d5f2586dc1c547bc140798e65b898457bbb6422904
634e8eccad8d3201faf04e702d575aa23057f5f6ce499f25b1dca77f336ae1ef
7ec51beb961db2999fe41a96a3212edc51d9aeeec5c9d374e39c7313d183d8a6
8f616591597836bda54953558e846033f15579a6b9499e917e20facc7ba29d9a
987951c68e0c376b1b3751afb182729c272b2f77b8beb8be436cd0b4d61c82d9
9c84d35ec71a99f16ce60bfa2977e5ce025e31143fad8736bca43ceb651cffc5
9e6c3cb193895f5451cecd6c5c5165011a1c9f93ce5760721e9fd5038b8b4b7b
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
bd77bf22bb45184e0bc86eac9100d0e1dbaa8cf7c4e0c4fa94819408249bf80a
c7cf6e45fc63c15df0adc9ac96cd0d503a3ac6d1ce9d89192855e3b623dec2ba
e6782181125e9be5ed53e2d937890999a1d39c50d34127af5bb1b7adf30fa313
ec16b4f46cfa2ee185077885a7af4e144c4442242c30f1e2f0d1234e1b67c4f4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f47999ceb30f952debf5e9aa5f6a86f881da6cb7c4fafca57fce00d18c1f511d
f6d18f1a0126027cf6dbcde0b163fc06d8eeeff86569fb1e08a29037acfb0576

annika.kenshung.com Open in urlscan Pro 50.28.1.43 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

18 Requests

100 %HTTPS

0 %IPv6

4 Domains

6 Subdomains

5 IPs

2 Countries

191 kBTransfer

548 kBSize

2 Cookies

14 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

19 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

annika.kenshung.com Open in urlscan Pro
50.28.1.43 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

6
Subdomains

5
IPs

2
Countries

191 kB
Transfer

548 kB
Size

2
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!