www.nobotox.fr Open in urlscan Pro
213.186.33.87 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/
Submission: On September 28 via automatic, source openphish (September 28th 2021, 1:18:10 pm UTC) — Scanned from DE

Summary HTTP 14 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 213.186.33.87, located in Saran, France and belongs to OVH, FR. The main domain is www.nobotox.fr.

This is the only time www.nobotox.fr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: 1&1 Ionos (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1 9	213.186.33.87 213.186.33.87	16276 (OVH) (OVH)
3	217.160.86.60 217.160.86.60	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
3	217.160.86.157 217.160.86.157	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
14	3

9 213.186.33.87 (Saran, France) 1 redirects

ASN16276 (OVH, FR)
PTR: cluster014.ovh.net

www.nobotox.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 217.160.86.60 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: cors.uicdn.net

cors.uicdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 217.160.86.157 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: ias.static-1and1.com

ias.static-1and1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	nobotox.fr 1 redirects www.nobotox.fr	18 KB
3	static-1and1.com ias.static-1and1.com
3	uicdn.net cors.uicdn.net	79 KB
14	3

	Domain	Requested by
9	www.nobotox.fr	1 redirects www.nobotox.fr
3	ias.static-1and1.com	www.nobotox.fr
3	cors.uicdn.net	www.nobotox.fr
14	3

This site contains links to these domains. Also see Links.

Domain
hilfe-center.1und1.de

Subject Issuer	Validity	Valid
cors.uicdn.net GeoTrust RSA CA 2018	`2021-02-01` - `2022-02-08`	a year	crt.sh
ias.static-1and1.com GeoTrust RSA CA 2018	`2021-08-13` - `2022-08-13`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/
Frame ID: 409E95E0B0A0E91A82E367E44903A174
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

1&1 Kunden-Login - Anmeldung zu Ihrem Control-Center

Page URL History Show full URLs

http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt HTTP 301
http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Page Statistics

14
Requests

43 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

97 kB
Transfer

141 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://hilfe-center.1und1.de/hosting/sicherheit-c10084638/sicherheit-beim-surfen-c10084643
Title: Mehr erfahren

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt HTTP 301
http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Redirect Chain http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/	58 KB 11 KB	18ms 17ms	Document text/html	213.186.33.87 OVH
General Check archive.org Show headers Download Go to Full URL http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Protocol HTTP/1.1 Server 213.186.33.87 Saran, France, ASN16276 (OVH, FR), Reverse DNS cluster014.ovh.net Software Apache / PHP/5.5 Resource Hash `914bfe1c1a6a43d918286b07b9b9c5f13929b0d196d8c49e685ad956105c0342` Request headers Host www.nobotox.fr Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers date Tue, 28 Sep 2021 13:18:05 GMT content-type text/html transfer-encoding chunked server Apache x-powered-by PHP/5.5 accept-ranges none vary Accept-Encoding content-encoding gzip x-iplb-request-id D8836F04:DC0A_D5BA2157:0050_6153160D_A249:2D254 x-iplb-instance 29653 Redirect headers date Tue, 28 Sep 2021 13:18:05 GMT content-type text/html; charset=iso-8859-1 content-length 265 server Apache location http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ x-iplb-request-id D8836F04:DC0A_D5BA2157:0050_6153160D_A248:2D254 x-iplb-instance 29653
GET H/1.1	200 OK	zones Show response www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/	6 KB 6 KB	16ms 16ms	Script text/plain	213.186.33.87 OVH
General Check archive.org Show headers Download Go to Full URL http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/zones Requested by Host: www.nobotox.fr URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Protocol HTTP/1.1 Server 213.186.33.87 Saran, France, ASN16276 (OVH, FR), Reverse DNS cluster014.ovh.net Software Apache / Resource Hash `192abeff9ba9d516b5e70d6c62a693fa2ecc6bfcb6fde9f57fa17fb4b769944a` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.nobotox.fr Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept / Referer http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Tue, 28 Sep 2021 13:18:05 GMT last-modified Fri, 26 Jan 2018 02:13:52 GMT server Apache accept-ranges bytes x-iplb-request-id D8836F04:DC0A_D5BA2157:0050_6153160D_A24B:2D254 content-length 5847 x-iplb-instance 29653
GET H/1.1	404 Not Found	ias.js.t%C3%A9l%C3%A9chargement www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/	0 0	99ms 84ms	Script text/html	213.186.33.87 OVH
General Check archive.org Show headers Download Go to Full URL http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/ias.js.t%C3%A9l%C3%A9chargement Requested by Host: www.nobotox.fr URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Protocol HTTP/1.1 Server 213.186.33.87 Saran, France, ASN16276 (OVH, FR), Reverse DNS cluster014.ovh.net Software Apache / PHP/5.5 Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.nobotox.fr Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept / Referer http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Tue, 28 Sep 2021 13:18:05 GMT server Apache x-iplb-request-id D8836F04:DC1A_D5BA2157:0050_6153160D_CEE8:15CDF x-powered-by PHP/5.5 x-iplb-instance 29576 x-pingback http://www.nobotox.fr/xmlrpc.php content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 transfer-encoding chunked expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	inpagelayer.js.t%C3%A9l%C3%A9chargement www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/	0 0	94ms 81ms	Script text/html	213.186.33.87 OVH
General Check archive.org Show headers Download Go to Full URL http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/inpagelayer.js.t%C3%A9l%C3%A9chargement Requested by Host: www.nobotox.fr URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Protocol HTTP/1.1 Server 213.186.33.87 Saran, France, ASN16276 (OVH, FR), Reverse DNS cluster014.ovh.net Software Apache / PHP/5.5 Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.nobotox.fr Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept / Referer http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Tue, 28 Sep 2021 13:18:05 GMT server Apache x-iplb-request-id D8836F04:DC0A_D5BA2157:0050_6153160D_A255:2D254 x-powered-by PHP/5.5 x-iplb-instance 29653 x-pingback http://www.nobotox.fr/xmlrpc.php content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 transfer-encoding chunked expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	navigation.js.t%C3%A9l%C3%A9chargement www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/	0 0	94ms 80ms	Script text/html	213.186.33.87 OVH
General Check archive.org Show headers Download Go to Full URL http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/navigation.js.t%C3%A9l%C3%A9chargement Requested by Host: www.nobotox.fr URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Protocol HTTP/1.1 Server 213.186.33.87 Saran, France, ASN16276 (OVH, FR), Reverse DNS cluster014.ovh.net Software Apache / PHP/5.5 Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.nobotox.fr Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept / Referer http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Tue, 28 Sep 2021 13:18:05 GMT server Apache x-iplb-request-id D8836F04:DC1C_D5BA2157:0050_6153160D_A256:2D254 x-powered-by PHP/5.5 x-iplb-instance 29653 x-pingback http://www.nobotox.fr/xmlrpc.php content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 transfer-encoding chunked expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	account-webapp.js.t%C3%A9l%C3%A9chargement www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/	0 0	82ms 68ms	Script text/html	213.186.33.87 OVH
General Check archive.org Show headers Download Go to Full URL http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/account-webapp.js.t%C3%A9l%C3%A9chargement Requested by Host: www.nobotox.fr URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Protocol HTTP/1.1 Server 213.186.33.87 Saran, France, ASN16276 (OVH, FR), Reverse DNS cluster014.ovh.net Software Apache / PHP/5.5 Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.nobotox.fr Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept / Referer http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Tue, 28 Sep 2021 13:18:05 GMT server Apache x-iplb-request-id D8836F04:DC20_D5BA2157:0050_6153160D_3D98:DD28 x-powered-by PHP/5.5 x-iplb-instance 29603 x-pingback http://www.nobotox.fr/xmlrpc.php content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 transfer-encoding chunked expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	200 OK	saved_resource Show response www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/	47 B 299 B	30ms 16ms	Script text/plain	213.186.33.87 OVH
General Check archive.org Show headers Download Go to Full URL http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/saved_resource Requested by Host: www.nobotox.fr URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Protocol HTTP/1.1 Server 213.186.33.87 Saran, France, ASN16276 (OVH, FR), Reverse DNS cluster014.ovh.net Software Apache / Resource Hash `5342a7510304fe1b9a2906bb0a47fafe830da74855e30bcb56cfa017891a6b5e` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.nobotox.fr Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept / Referer http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Tue, 28 Sep 2021 13:18:05 GMT last-modified Fri, 26 Jan 2018 02:13:54 GMT server Apache accept-ranges bytes x-iplb-request-id D8836F04:DC1E_D5BA2157:0050_6153160D_CEEA:15CDF content-length 47 x-iplb-instance 29576
GET H/1.1	404 Not Found	main.js.t%C3%A9l%C3%A9chargement www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/	0 0	82ms 80ms	Script text/html	213.186.33.87 OVH
General Check archive.org Show headers Download Go to Full URL http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/main.js.t%C3%A9l%C3%A9chargement Requested by Host: www.nobotox.fr URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Protocol HTTP/1.1 Server 213.186.33.87 Saran, France, ASN16276 (OVH, FR), Reverse DNS cluster014.ovh.net Software Apache / PHP/5.5 Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.nobotox.fr Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept / Referer http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Tue, 28 Sep 2021 13:18:05 GMT server Apache x-iplb-request-id D8836F04:DC22_D5BA2157:0050_6153160D_2E83:2D251 x-powered-by PHP/5.5 x-iplb-instance 29653 x-pingback http://www.nobotox.fr/xmlrpc.php content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 transfer-encoding chunked expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	200	opensans-regular.woff2 cors.uicdn.net/fonts/	46 KB 46 KB	85ms 54ms	Font font/woff2	217.160.86.60 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Full URL https://cors.uicdn.net/fonts/opensans-regular.woff2 Requested by Host: www.nobotox.fr URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 217.160.86.60 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS cors.uicdn.net Software Apache / Resource Hash `4c1c2e95835201077586a3698cd47806dd18df10d32a1e6cb6aa9e47224a55e3` Request headers Referer http://www.nobotox.fr/ Origin http://www.nobotox.fr Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Tue, 28 Sep 2021 13:18:05 GMT last-modified Fri, 12 May 2017 09:04:39 GMT server Apache content-type font/woff2 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes content-length 47016 expires Wed, 28 Sep 2022 13:18:05 GMT
GET H/1.1	404 404	anf_2017-11E_220x105.png ias.static-1and1.com/media/de/LOGIN_ALL_NET_FLAT/DEFAULT/	0 0	89ms 48ms	Image text/html	217.160.86.157 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Show image Full URL https://ias.static-1and1.com/media/de/LOGIN_ALL_NET_FLAT/DEFAULT/anf_2017-11E_220x105.png Requested by Host: www.nobotox.fr URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 217.160.86.157 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS ias.static-1and1.com Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.nobotox.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers
GET H/1.1	404 404	LOGIN_BUSINESS_APPS_DEFAULT_2017-07_Teaser_OnlineBuchh_DE_220x105.jpg ias.static-1and1.com/media/de/LOGIN_BUSINESS_APPS/DEFAULT/	0 0	116ms 75ms	Image text/html	217.160.86.157 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Show image Full URL https://ias.static-1and1.com/media/de/LOGIN_BUSINESS_APPS/DEFAULT/LOGIN_BUSINESS_APPS_DEFAULT_2017-07_Teaser_OnlineBuchh_DE_220x105.jpg?h=acd4f04b26654809f7478d97d5a4920ecd18c100 Requested by Host: www.nobotox.fr URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 217.160.86.157 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS ias.static-1and1.com Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.nobotox.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers
GET H/1.1	404 404	LOGIN_DSL_2015_11.png ias.static-1and1.com/media/de/LOGIN_DSL/DEFAULT/	0 0	138ms 95ms	Image text/html	217.160.86.157 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Show image Full URL https://ias.static-1and1.com/media/de/LOGIN_DSL/DEFAULT/LOGIN_DSL_2015_11.png Requested by Host: www.nobotox.fr URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 217.160.86.157 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS ias.static-1and1.com Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.nobotox.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers
GET H2	200	globalnavigation.woff cors.uicdn.net/fonts/	6 KB 7 KB	81ms 55ms	Font application/font-woff	217.160.86.60 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Full URL https://cors.uicdn.net/fonts/globalnavigation.woff Requested by Host: www.nobotox.fr URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 217.160.86.60 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS cors.uicdn.net Software Apache / Resource Hash `8b3470966c5fcb3ef0b57a56c29d35d48e188fb37030fb274cffd9374306fe12` Request headers Referer http://www.nobotox.fr/ Origin http://www.nobotox.fr Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Tue, 28 Sep 2021 13:18:05 GMT last-modified Mon, 10 Apr 2017 13:30:08 GMT server Apache content-type application/font-woff access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes content-length 6556 expires Wed, 28 Sep 2022 13:18:05 GMT
GET H2	200	ciso-styleguide-icons.woff2 cors.uicdn.net/fonts/	26 KB 26 KB	80ms 54ms	Font font/woff2	217.160.86.60 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Full URL https://cors.uicdn.net/fonts/ciso-styleguide-icons.woff2 Requested by Host: www.nobotox.fr URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 217.160.86.60 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS cors.uicdn.net Software Apache / Resource Hash `974971550334f44672d7e69ddd4a0bc3dd39c0afe499ee1a2e4b4ff91868eeb6` Request headers Referer http://www.nobotox.fr/ Origin http://www.nobotox.fr Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Tue, 28 Sep 2021 13:18:05 GMT last-modified Fri, 12 May 2017 09:04:39 GMT server Apache content-type font/woff2 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes content-length 26396 expires Wed, 28 Sep 2022 13:18:05 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: 1&1 Ionos (Telecommunication)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster string| UI_nguserid

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/account-webapp.js.t%C3%A9l%C3%A9chargement Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/navigation.js.t%C3%A9l%C3%A9chargement Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/inpagelayer.js.t%C3%A9l%C3%A9chargement Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/main.js.t%C3%A9l%C3%A9chargement Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://www.nobotox.fr/wp-content/plugins/megamenu/.akunt/1&1%20Kunden-Login%20-%20Anmeldung%20zu%20Ihrem%20Control-Center_files/ias.js.t%C3%A9l%C3%A9chargement Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://ias.static-1and1.com/media/de/LOGIN_ALL_NET_FLAT/DEFAULT/anf_2017-11E_220x105.png Message: Failed to load resource: the server responded with a status of 404 (404)
network	error	URL: https://ias.static-1and1.com/media/de/LOGIN_BUSINESS_APPS/DEFAULT/LOGIN_BUSINESS_APPS_DEFAULT_2017-07_Teaser_OnlineBuchh_DE_220x105.jpg?h=acd4f04b26654809f7478d97d5a4920ecd18c100 Message: Failed to load resource: the server responded with a status of 404 (404)
network	error	URL: https://ias.static-1and1.com/media/de/LOGIN_DSL/DEFAULT/LOGIN_DSL_2015_11.png Message: Failed to load resource: the server responded with a status of 404 (404)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cors.uicdn.net
ias.static-1and1.com
www.nobotox.fr
213.186.33.87
217.160.86.157
217.160.86.60
192abeff9ba9d516b5e70d6c62a693fa2ecc6bfcb6fde9f57fa17fb4b769944a
4c1c2e95835201077586a3698cd47806dd18df10d32a1e6cb6aa9e47224a55e3
5342a7510304fe1b9a2906bb0a47fafe830da74855e30bcb56cfa017891a6b5e
8b3470966c5fcb3ef0b57a56c29d35d48e188fb37030fb274cffd9374306fe12
914bfe1c1a6a43d918286b07b9b9c5f13929b0d196d8c49e685ad956105c0342
974971550334f44672d7e69ddd4a0bc3dd39c0afe499ee1a2e4b4ff91868eeb6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

www.nobotox.fr Open in urlscan Pro 213.186.33.87 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

43 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

97 kBTransfer

141 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

8 Console Messages

Indicators

www.nobotox.fr Open in urlscan Pro
213.186.33.87 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

43 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

97 kB
Transfer

141 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!