www.nobotox.fr
Open in
urlscan Pro
213.186.33.87
Malicious Activity!
Public Scan
Submission: On September 28 via automatic, source openphish — Scanned from DE
Summary
This is the only time www.nobotox.fr was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 1&1 Ionos (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 9 | 213.186.33.87 213.186.33.87 | 16276 (OVH) (OVH) | |
3 | 217.160.86.60 217.160.86.60 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
3 | 217.160.86.157 217.160.86.157 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
14 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
nobotox.fr
1 redirects
www.nobotox.fr |
18 KB |
3 |
static-1and1.com
ias.static-1and1.com |
|
3 |
uicdn.net
cors.uicdn.net |
79 KB |
14 | 3 |
Domain | Requested by | |
---|---|---|
9 | www.nobotox.fr |
1 redirects
www.nobotox.fr
|
3 | ias.static-1and1.com |
www.nobotox.fr
|
3 | cors.uicdn.net |
www.nobotox.fr
|
14 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
hilfe-center.1und1.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cors.uicdn.net GeoTrust RSA CA 2018 |
2021-02-01 - 2022-02-08 |
a year | crt.sh |
ias.static-1and1.com GeoTrust RSA CA 2018 |
2021-08-13 - 2022-08-13 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/
Frame ID: 409E95E0B0A0E91A82E367E44903A174
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
1&1 Kunden-Login - Anmeldung zu Ihrem Control-CenterPage URL History Show full URLs
-
http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt
HTTP 301
http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Mehr erfahren
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt
HTTP 301
http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Redirect Chain
|
58 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
zones
www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/ |
6 KB 6 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ias.js.t%C3%A9l%C3%A9chargement
www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
inpagelayer.js.t%C3%A9l%C3%A9chargement
www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
navigation.js.t%C3%A9l%C3%A9chargement
www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
account-webapp.js.t%C3%A9l%C3%A9chargement
www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saved_resource
www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/ |
47 B 299 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js.t%C3%A9l%C3%A9chargement
www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-regular.woff2
cors.uicdn.net/fonts/ |
46 KB 46 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
anf_2017-11E_220x105.png
ias.static-1and1.com/media/de/LOGIN_ALL_NET_FLAT/DEFAULT/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LOGIN_BUSINESS_APPS_DEFAULT_2017-07_Teaser_OnlineBuchh_DE_220x105.jpg
ias.static-1and1.com/media/de/LOGIN_BUSINESS_APPS/DEFAULT/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LOGIN_DSL_2015_11.png
ias.static-1and1.com/media/de/LOGIN_DSL/DEFAULT/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
globalnavigation.woff
cors.uicdn.net/fonts/ |
6 KB 7 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ciso-styleguide-icons.woff2
cors.uicdn.net/fonts/ |
26 KB 26 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 1&1 Ionos (Telecommunication)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster string| UI_nguserid0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cors.uicdn.net
ias.static-1and1.com
www.nobotox.fr
213.186.33.87
217.160.86.157
217.160.86.60
192abeff9ba9d516b5e70d6c62a693fa2ecc6bfcb6fde9f57fa17fb4b769944a
4c1c2e95835201077586a3698cd47806dd18df10d32a1e6cb6aa9e47224a55e3
5342a7510304fe1b9a2906bb0a47fafe830da74855e30bcb56cfa017891a6b5e
8b3470966c5fcb3ef0b57a56c29d35d48e188fb37030fb274cffd9374306fe12
914bfe1c1a6a43d918286b07b9b9c5f13929b0d196d8c49e685ad956105c0342
974971550334f44672d7e69ddd4a0bc3dd39c0afe499ee1a2e4b4ff91868eeb6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855