mailservices.xyz
Open in
urlscan Pro
199.188.201.146
Malicious Activity!
Public Scan
Submission Tags: @jcybersec_
Submission: On June 12 via api from GB
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 10th 2020. Valid for: a year.
This is the only time mailservices.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 1&1 Ionos (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 199.188.201.146 199.188.201.146 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
10 | 63.250.38.73 63.250.38.73 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
2 | 2a00:1450:400... 2a00:1450:4001:820::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:3a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
10 | 213.165.66.58 213.165.66.58 | 8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48) | |
26 | 5 |
ASN22612 (NAMECHEAP-NET, US)
PTR: premium110-2.web-hosting.com
mailservices.xyz |
ASN22612 (NAMECHEAP-NET, US)
PTR: premium92-3.web-hosting.com
youmustlast.website |
ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)
PTR: ce1.uicdn.net
ce1.uicdn.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
uicdn.net
ce1.uicdn.net |
511 KB |
10 |
youmustlast.website
youmustlast.website |
82 KB |
2 |
jquery.com
code.jquery.com |
60 KB |
2 |
googleapis.com
ajax.googleapis.com |
59 KB |
2 |
mailservices.xyz
mailservices.xyz |
13 KB |
26 | 5 |
Domain | Requested by | |
---|---|---|
10 | ce1.uicdn.net |
mailservices.xyz
|
10 | youmustlast.website |
mailservices.xyz
|
2 | code.jquery.com |
mailservices.xyz
|
2 | ajax.googleapis.com |
mailservices.xyz
|
2 | mailservices.xyz |
mailservices.xyz
|
26 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
mailservices.xyz Sectigo RSA Domain Validation Secure Server CA |
2020-06-10 - 2021-06-10 |
a year | crt.sh |
youmustlast.website Sectigo RSA Domain Validation Secure Server CA |
2020-01-16 - 2021-01-15 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-05-26 - 2020-08-18 |
3 months | crt.sh |
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
ce1.uicdn.net GeoTrust RSA CA 2018 |
2020-03-03 - 2022-03-08 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
https://mailservices.xyz/MIME-content-Your-University-of-Virginia-payment-plan-reminder-notification.php?l=Onboarding_SignOn==c43a8adeeed0230c2cbd3658436b88c4&DocPreview=c43a8adeeed0230c2cbd3658436b88c4&HosYkssJi=c43a8adeeed0230c2cbd3658436b88c4&dXdid=c43a8adeeed0230c2cbd3658436b88c4&IYnMxmwo=c43a8adeeed0230c2cbd3658436b88c4&fLodmAkNOueMH=c43a8adeeed0230c2cbd3658436b88c4&osYkssJidXdidIYnMxmwo=c43a8adeeed0230c2cbd3658436b88c4&fLodmAkNOueMHosYkssJidXdidIY&cmd=login_submit&id=c43a8adeeed0230c2cbd3658436b88c4c43a8adeeed0230c2cbd3658436b88c4&session=c43a8adeeed0230c2cbd3658436b88c4c43a8adeeed0230c2cbd3658436b88c4&email=esilverman@sossecurity.com
Frame ID: C353B548E91B61436A6B074FDD95A9DF
Requests: 13 HTTP requests in this frame
Frame:
https://mailservices.xyz/MIME-content-Your-University-of-Virginia-payment-plan-reminder-notification.php?l=Onboarding_SignOn==c43a8adeeed0230c2cbd3658436b88c4&DocPreview=c43a8adeeed0230c2cbd3658436b88c4&HosYkssJi=c43a8adeeed0230c2cbd3658436b88c4&dXdid=c43a8adeeed0230c2cbd3658436b88c4&IYnMxmwo=c43a8adeeed0230c2cbd3658436b88c4&fLodmAkNOueMH=c43a8adeeed0230c2cbd3658436b88c4&osYkssJidXdidIYnMxmwo=c43a8adeeed0230c2cbd3658436b88c4&fLodmAkNOueMHosYkssJidXdidIY&cmd=login_submit&id=c43a8adeeed0230c2cbd3658436b88c4c43a8adeeed0230c2cbd3658436b88c4&session=c43a8adeeed0230c2cbd3658436b88c4c43a8adeeed0230c2cbd3658436b88c4&email=esilverman@sossecurity.com
Frame ID: 7FD86F7337C754AD18AE7E5FAA9CF60B
Requests: 13 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
MIME-content-Your-University-of-Virginia-payment-plan-reminder-notification.php
mailservices.xyz/ |
32 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionos.min.css
youmustlast.website/wassets/ |
167 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
initial.css
youmustlast.website/wassets/ |
17 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
statuspage.css
youmustlast.website/wassets/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionos.min.js
youmustlast.website/wassets/ |
29 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.1.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MIME-content-Your-University-of-Virginia-payment-plan-reminder-notification.php
mailservices.xyz/ Frame 7FD8 |
32 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
windows.png
youmustlast.website/wassets/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overpass-regular.woff
ce1.uicdn.net/exos/fonts/overpass/ |
42 KB 42 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-regular.woff
ce1.uicdn.net/exos/fonts/open-sans/ |
62 KB 63 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
exos-icon-font.woff
ce1.uicdn.net/exos/icons/ |
47 KB 47 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-bold.woff
ce1.uicdn.net/exos/fonts/open-sans/ |
62 KB 62 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overpass-bold.woff
ce1.uicdn.net/exos/fonts/overpass/ |
41 KB 41 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionos.min.css
youmustlast.website/wassets/ Frame 7FD8 |
167 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
initial.css
youmustlast.website/wassets/ Frame 7FD8 |
17 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
statuspage.css
youmustlast.website/wassets/ Frame 7FD8 |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionos.min.js
youmustlast.website/wassets/ Frame 7FD8 |
29 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ Frame 7FD8 |
84 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.1.1.min.js
code.jquery.com/ Frame 7FD8 |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
windows.png
youmustlast.website/wassets/ Frame 7FD8 |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overpass-regular.woff
ce1.uicdn.net/exos/fonts/overpass/ Frame 7FD8 |
42 KB 42 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-regular.woff
ce1.uicdn.net/exos/fonts/open-sans/ Frame 7FD8 |
62 KB 63 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
exos-icon-font.woff
ce1.uicdn.net/exos/icons/ Frame 7FD8 |
47 KB 47 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-bold.woff
ce1.uicdn.net/exos/fonts/open-sans/ Frame 7FD8 |
62 KB 62 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overpass-bold.woff
ce1.uicdn.net/exos/fonts/overpass/ Frame 7FD8 |
41 KB 41 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 1&1 Ionos (Telecommunication)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate string| html string| d function| $ function| jQuery object| Tap object| EXOS0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
ce1.uicdn.net
code.jquery.com
mailservices.xyz
youmustlast.website
199.188.201.146
2001:4de0:ac19::1:b:3a
213.165.66.58
2a00:1450:4001:820::200a
63.250.38.73
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
25b15027286b25d5b9fe68d4dc3cfa1622dee857dfe288b7cdf29755fd84ee7d
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b
36becb1b57147f7262c14936640663bdff570ed6104933bd9b0a0ab930f96f8d
7afccd9150b0fcbf1a1056e6cc6051c9b6d85a55da7bf1a7fb0f475c0b22facc
7d7a1a8ec55f31a6674fd2e2c41bcc6421a9aeb5cf161c6e93363f31347160f9
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
a2324d78fa23878b6ad03de16af33e37576a1b76e1d722c3822f8099ea17f9c0
b2c8697ee2d90ad32dc069c43694ca9143c109e5aa354a0fdec686dcaa50bd2e
c94fea6295e7333355c46296dad3f71b18e5e079b81a2e9e78587ee7718c4af4
d0bdfe91c0ef1663d6f5c91f71bc5d92e44fc8359221fa6ace4fad96672e1c1d
d78e7ad4838a9fb4db11451b1db78ccd0b0c7b28f5787684ce2870918ce27bb5
fd8a9cef8bfc6c31dd6dc5745fc3061099aec648d910d0f846f932a999fb869d