universal-exim.com - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 103.83.81.80, located in India and belongs to ZINIOSS-AS-IN Zinios Information Technology Pvt Ltd, IN. The main domain is universal-exim.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on February 10th 2020. Valid for: 3 months.

This is the only time universal-exim.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Web.de (Online)

Domain & IP information

	IP Address	AS Autonomous System
5	103.83.81.80 103.83.81.80	138251 (ZINIOSS-A...) (ZINIOSS-AS-IN Zinios Information Technology Pvt Ltd)
2	23.213.164.199 23.213.164.199	16625 (AKAMAI-AS) (AKAMAI-AS)
7	2

5 103.83.81.80 (India)

ASN138251 (ZINIOSS-AS-IN Zinios Information Technology Pvt Ltd, IN)
PTR: server.dooblecoin.org

universal-exim.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.213.164.199 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-213-164-199.deploy.static.akamaitechnologies.com

img.ui-portal.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	universal-exim.com universal-exim.com	157 KB
2	ui-portal.de img.ui-portal.de	36 KB
7	2

	Domain	Requested by
5	universal-exim.com	universal-exim.com
2	img.ui-portal.de	universal-exim.com
7	2

This site contains links to these domains. Also see Links.

Domain
passwort.web.de
registrierung.web.de
web.de
agb-server.web.de

Subject Issuer	Validity	Valid
universal-exim.com Let's Encrypt Authority X3	`2020-02-10` - `2020-05-10`	3 months	crt.sh
img.ui-portal.de GeoTrust RSA CA 2018	`2019-08-06` - `2020-11-04`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://universal-exim.com/js/web.de/update.htm
Frame ID: DD7BBB49EB4E7CABDCC2D4F962089E84
Requests: 6 HTTP requests in this frame

Frame: https://universal-exim.com/js/web.de/Mobile%20Login_files/pl-m-frame-asp_2.html
Frame ID: 414F63F87062B8F739878637FF3A6270
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

193 kB
Transfer

521 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://passwort.web.de/
Title: Passwort vergessen?

Search URL Search Domain Scan URL

URL: https://registrierung.web.de/?isMobile=true#.pc_page.mm.login.textlink.registrierung
Title: Jetzt kostenlos registrieren!

Search URL Search Domain Scan URL

URL: https://web.de/Impressum/
Title: Impressum

Search URL Search Domain Scan URL

URL: https://agb-server.web.de/webdeagb
Title: AGB

Search URL Search Domain Scan URL

URL: https://agb-server.web.de/datenschutz
Title: Datenschutz

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request update.htm Show response universal-exim.com/js/web.de/	436 KB 139 KB	1367ms 682ms	Document text/html	103.83.81.80 ZINIOSS-AS-IN Zin...
General Check archive.org Show headers Download Go to Full URL https://universal-exim.com/js/web.de/update.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 103.83.81.80 , India, ASN138251 (ZINIOSS-AS-IN Zinios Information Technology Pvt Ltd, IN), Reverse DNS server.dooblecoin.org Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `6af0d349bb31803d9301e9ab2398fe063b85d0259e0ba161dd0f4d6a26638924` Request headers Host universal-exim.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Response headers Transfer-Encoding chunked Content-Type text/html Content-Encoding gzip Last-Modified Sat, 28 Mar 2020 19:52:21 GMT Accept-Ranges bytes ETag "3138e653a5d61:0" Vary Accept-Encoding Server Microsoft-IIS/8.5 X-Powered-By ASP.NET X-Powered-By-Plesk PleskWin Date Wed, 08 Apr 2020 00:19:53 GMT
GET H/1.1	200 OK	de_style.css universal-exim.com/js/web.de/files/	45 KB 13 KB	366ms 366ms	Stylesheet text/css	103.83.81.80 ZINIOSS-AS-IN Zin...
General Check archive.org Show headers Download Go to Full URL https://universal-exim.com/js/web.de/files/de_style.css Requested by Host: universal-exim.com URL: https://universal-exim.com/js/web.de/update.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 103.83.81.80 , India, ASN138251 (ZINIOSS-AS-IN Zinios Information Technology Pvt Ltd, IN), Reverse DNS server.dooblecoin.org Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `cedc77a8a08c43cbaeb1f1b715dc40b49e46b65a85b42ea9b92d2acdbcb51b85` Request headers Referer https://universal-exim.com/js/web.de/update.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers X-Powered-By-Plesk PleskWin Date Wed, 08 Apr 2020 00:19:54 GMT Content-Encoding gzip ETag "4b12e8643a5d61:0" Last-Modified Sat, 28 Mar 2020 19:52:21 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET Vary Accept-Encoding Content-Type text/css Cache-Control no-cache Accept-Ranges bytes Content-Length 12494
GET H/1.1	404 Not Found	eic.js.download universal-exim.com/js/web.de/Mobile%20Login_files/	0 0	497ms 167ms	Script text/html	103.83.81.80 ZINIOSS-AS-IN Zin...
General Check archive.org Show headers Download Go to Full URL https://universal-exim.com/js/web.de/Mobile%20Login_files/eic.js.download Requested by Host: universal-exim.com URL: https://universal-exim.com/js/web.de/update.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 103.83.81.80 , India, ASN138251 (ZINIOSS-AS-IN Zinios Information Technology Pvt Ltd, IN), Reverse DNS server.dooblecoin.org Software Microsoft-IIS/8.5 / ASP.NET Resource Hash Request headers Referer https://universal-exim.com/js/web.de/update.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers X-Powered-By-Plesk PleskWin Date Wed, 08 Apr 2020 00:19:54 GMT Cache-Control private Server Microsoft-IIS/8.5 X-Powered-By ASP.NET Content-Length 4955 Content-Type text/html; charset=utf-8
GET H/1.1	404 Not Found	mobile-apps_2.js.download universal-exim.com/js/web.de/Mobile%20Login_files/	0 0	501ms 168ms	Script text/html	103.83.81.80 ZINIOSS-AS-IN Zin...
General Check archive.org Show headers Download Go to Full URL https://universal-exim.com/js/web.de/Mobile%20Login_files/mobile-apps_2.js.download Requested by Host: universal-exim.com URL: https://universal-exim.com/js/web.de/update.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 103.83.81.80 , India, ASN138251 (ZINIOSS-AS-IN Zinios Information Technology Pvt Ltd, IN), Reverse DNS server.dooblecoin.org Software Microsoft-IIS/8.5 / ASP.NET Resource Hash Request headers Referer https://universal-exim.com/js/web.de/update.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers X-Powered-By-Plesk PleskWin Date Wed, 08 Apr 2020 00:19:54 GMT Cache-Control private Server Microsoft-IIS/8.5 X-Powered-By ASP.NET Content-Length 4975 Content-Type text/html; charset=utf-8
GET H2	200	web.de-sans-light.woff img.ui-portal.de/ci/webde/global/fonts/web.de-sans/	18 KB 18 KB	123ms 40ms	Font application/font-woff	23.213.164.199 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://img.ui-portal.de/ci/webde/global/fonts/web.de-sans/web.de-sans-light.woff Requested by Host: universal-exim.com URL: https://universal-exim.com/js/web.de/update.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.213.164.199 , United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-213-164-199.deploy.static.akamaitechnologies.com Software Apache / Resource Hash `7676e0d97793004054c4ec3e7cbd2d98c52fabc90479b7e3d5cfbb62f4e7a5af` Request headers Referer https://universal-exim.com/js/web.de/files/de_style.css Origin https://universal-exim.com Sec-Fetch-Dest font User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 08 Apr 2020 00:20:49 GMT last-modified Tue, 30 Jun 2015 08:59:54 GMT server Apache access-control-allow-origin * etag "46a0-519b86e043680" content-type application/font-woff status 200 cache-control public, max-age=278688 accept-ranges bytes x-robots-tag noindex content-length 18080
GET H2	200	web.de-sans-medium.woff img.ui-portal.de/ci/webde/global/fonts/web.de-sans/	18 KB 18 KB	143ms 60ms	Font application/font-woff	23.213.164.199 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://img.ui-portal.de/ci/webde/global/fonts/web.de-sans/web.de-sans-medium.woff Requested by Host: universal-exim.com URL: https://universal-exim.com/js/web.de/update.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.213.164.199 , United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-213-164-199.deploy.static.akamaitechnologies.com Software Apache / Resource Hash `01e773facc13e915276219573795dcf3f2a0fe00fca0841af95b21769872ff48` Request headers Referer https://universal-exim.com/js/web.de/files/de_style.css Origin https://universal-exim.com Sec-Fetch-Dest font User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 08 Apr 2020 00:20:49 GMT last-modified Tue, 30 Jun 2015 08:59:54 GMT server Apache access-control-allow-origin * etag "4684-519b86e043680" content-type application/font-woff status 200 cache-control public, max-age=719491 accept-ranges bytes x-robots-tag noindex content-length 18052
GET H/1.1	404 Not Found	pl-m-frame-asp_2.html Show response universal-exim.com/js/web.de/Mobile%20Login_files/ Frame 414F	5 KB 5 KB	170ms 168ms	Document text/html	103.83.81.80 ZINIOSS-AS-IN Zin...
General Check archive.org Show headers Download Go to Full URL https://universal-exim.com/js/web.de/Mobile%20Login_files/pl-m-frame-asp_2.html Requested by Host: universal-exim.com URL: https://universal-exim.com/js/web.de/update.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 103.83.81.80 , India, ASN138251 (ZINIOSS-AS-IN Zinios Information Technology Pvt Ltd, IN), Reverse DNS server.dooblecoin.org Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `c01b8aaef9fc9464ccad85377034ea68717305ad04e67e7ec5577218181e9326` Request headers Host universal-exim.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest iframe Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site same-origin Sec-Fetch-Mode navigate Referer https://universal-exim.com/js/web.de/update.htm Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest iframe Referer https://universal-exim.com/js/web.de/update.htm Response headers Cache-Control private Content-Type text/html; charset=utf-8 Server Microsoft-IIS/8.5 X-Powered-By ASP.NET X-Powered-By-Plesk PleskWin Date Wed, 08 Apr 2020 00:19:54 GMT Content-Length 4967

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Web.de (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

img.ui-portal.de
universal-exim.com
103.83.81.80
23.213.164.199
01e773facc13e915276219573795dcf3f2a0fe00fca0841af95b21769872ff48
6af0d349bb31803d9301e9ab2398fe063b85d0259e0ba161dd0f4d6a26638924
7676e0d97793004054c4ec3e7cbd2d98c52fabc90479b7e3d5cfbb62f4e7a5af
c01b8aaef9fc9464ccad85377034ea68717305ad04e67e7ec5577218181e9326
cedc77a8a08c43cbaeb1f1b715dc40b49e46b65a85b42ea9b92d2acdbcb51b85

universal-exim.com Open in urlscan Pro 103.83.81.80 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

193 kBTransfer

521 kBSize

0 Cookies

5 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

universal-exim.com Open in urlscan Pro
103.83.81.80 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

193 kB
Transfer

521 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!