universal-exim.com
Open in
urlscan Pro
103.83.81.80
Malicious Activity!
Public Scan
Submission: On April 08 via automatic, source phishtank
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on February 10th 2020. Valid for: 3 months.
This is the only time universal-exim.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Web.de (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 103.83.81.80 103.83.81.80 | 138251 (ZINIOSS-A...) (ZINIOSS-AS-IN Zinios Information Technology Pvt Ltd) | |
2 | 23.213.164.199 23.213.164.199 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
7 | 2 |
ASN138251 (ZINIOSS-AS-IN Zinios Information Technology Pvt Ltd, IN)
PTR: server.dooblecoin.org
universal-exim.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-213-164-199.deploy.static.akamaitechnologies.com
img.ui-portal.de |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
universal-exim.com
universal-exim.com |
157 KB |
2 |
ui-portal.de
img.ui-portal.de |
36 KB |
7 | 2 |
Domain | Requested by | |
---|---|---|
5 | universal-exim.com |
universal-exim.com
|
2 | img.ui-portal.de |
universal-exim.com
|
7 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
passwort.web.de |
registrierung.web.de |
web.de |
agb-server.web.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
universal-exim.com Let's Encrypt Authority X3 |
2020-02-10 - 2020-05-10 |
3 months | crt.sh |
img.ui-portal.de GeoTrust RSA CA 2018 |
2019-08-06 - 2020-11-04 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://universal-exim.com/js/web.de/update.htm
Frame ID: DD7BBB49EB4E7CABDCC2D4F962089E84
Requests: 6 HTTP requests in this frame
Frame:
https://universal-exim.com/js/web.de/Mobile%20Login_files/pl-m-frame-asp_2.html
Frame ID: 414F63F87062B8F739878637FF3A6270
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Passwort vergessen?
Search URL Search Domain Scan URL
Title: Jetzt kostenlos registrieren!
Search URL Search Domain Scan URL
Title: Impressum
Search URL Search Domain Scan URL
Title: AGB
Search URL Search Domain Scan URL
Title: Datenschutz
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
update.htm
universal-exim.com/js/web.de/ |
436 KB 139 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
de_style.css
universal-exim.com/js/web.de/files/ |
45 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
eic.js.download
universal-exim.com/js/web.de/Mobile%20Login_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile-apps_2.js.download
universal-exim.com/js/web.de/Mobile%20Login_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web.de-sans-light.woff
img.ui-portal.de/ci/webde/global/fonts/web.de-sans/ |
18 KB 18 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web.de-sans-medium.woff
img.ui-portal.de/ci/webde/global/fonts/web.de-sans/ |
18 KB 18 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pl-m-frame-asp_2.html
universal-exim.com/js/web.de/Mobile%20Login_files/ Frame 414F |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Web.de (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| email object| pass object| email_error object| pass_error function| Validate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
img.ui-portal.de
universal-exim.com
103.83.81.80
23.213.164.199
01e773facc13e915276219573795dcf3f2a0fe00fca0841af95b21769872ff48
6af0d349bb31803d9301e9ab2398fe063b85d0259e0ba161dd0f4d6a26638924
7676e0d97793004054c4ec3e7cbd2d98c52fabc90479b7e3d5cfbb62f4e7a5af
c01b8aaef9fc9464ccad85377034ea68717305ad04e67e7ec5577218181e9326
cedc77a8a08c43cbaeb1f1b715dc40b49e46b65a85b42ea9b92d2acdbcb51b85