4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
Open in
urlscan Pro
2604:1380:4601:6205:5000:64ff:fe6d:c8c2
Malicious Activity!
Public Scan
Effective URL: https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Submission: On November 07 via automatic, source openphish — Scanned from NL
Summary
TLS certificate: Issued by R3 on September 13th 2022. Valid for: 3 months.
This is the only time 4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 1&1 Ionos (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2604:1380:460... 2604:1380:4601:6205:5000:64ff:fe6d:c8c2 | 54825 (PACKET) (PACKET) | |
9 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE) | |
5 | 213.165.66.58 213.165.66.58 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
18 | 5 |
ASN54825 (PACKET, US)
4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
maxaffliate.com
maxaffliate.com |
129 KB |
5 |
uicdn.net
ce1.uicdn.net — Cisco Umbrella Rank: 154621 |
258 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 447 |
30 KB |
1 |
ic0.app
4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app |
37 KB |
0 |
ionos.com
Failed
pet.ionos.com Failed |
|
18 | 5 |
Domain | Requested by | |
---|---|---|
9 | maxaffliate.com |
4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
|
5 | ce1.uicdn.net |
maxaffliate.com
|
1 | ajax.googleapis.com |
4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
|
1 | 4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app | |
0 | pet.ionos.com Failed |
maxaffliate.com
|
18 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ionos.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
boundary.dfinity.network R3 |
2022-09-13 - 2022-12-12 |
3 months | crt.sh |
*.maxaffliate.com E1 |
2022-09-27 - 2022-12-26 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-10-17 - 2023-01-09 |
3 months | crt.sh |
ce1.uicdn.net GeoTrust RSA CA 2018 |
2022-03-01 - 2023-03-10 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Frame ID: 0E7247200A87E9DC686AF9CD41728F4F
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
Login - IONOSPage URL History Show full URLs
-
http://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
HTTP 307
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
HTTP 307
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/ Redirect Chain
|
83 KB 37 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionos.min.css
maxaffliate.com/email-list/Login%20-%20IONOS_files/ |
190 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
saved_resource
maxaffliate.com/email-list/Login%20-%20IONOS_files/ |
43 B 380 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inpagelayer.css
maxaffliate.com/email-list/Login%20-%20IONOS_files/ |
26 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
navigation.css
maxaffliate.com/email-list/Login%20-%20IONOS_files/ |
132 KB 33 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
70000.js.download
maxaffliate.com/email-list/Login%20-%20IONOS_files/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
welcome-tour.css
maxaffliate.com/email-list/Login%20-%20IONOS_files/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
statuspage.css
maxaffliate.com/email-list/Login%20-%20IONOS_files/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js.download
maxaffliate.com/email-list/Login%20-%20IONOS_files/ |
145 KB 50 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionos.min.js.download
maxaffliate.com/email-list/Login%20-%20IONOS_files/ |
29 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-regular.woff
ce1.uicdn.net/exos/fonts/open-sans/ |
62 KB 63 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
320 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
exos-icon-font.woff
ce1.uicdn.net/exos/icons/ |
50 KB 50 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overpass-regular.woff
ce1.uicdn.net/exos/fonts/overpass/ |
42 KB 42 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-bold.woff
ce1.uicdn.net/exos/fonts/open-sans/ |
62 KB 62 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overpass-bold.woff
ce1.uicdn.net/exos/fonts/overpass/ |
41 KB 41 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
/
pet.ionos.com/pet/error/ACCOUNT/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS |
/
pet.ionos.com/pet/error/ACCOUNT/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- pet.ionos.com
- URL
- https://pet.ionos.com/pet/error/ACCOUNT/
- Domain
- pet.ionos.com
- URL
- https://pet.ionos.com/pet/error/ACCOUNT/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 1&1 Ionos (Telecommunication)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| _0x1a4f function| _0x3736 object| Zlib string| UI_nguserid object| NSfTIF function| $ function| jQuery function| randomInteger function| randomString function| getdomainpartofemail function| get_email_hash function| validateEmail function| geturlparameter function| get_rand_url_pars object| Tap object| EXOS object| jQBrowser object| OAO0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
ajax.googleapis.com
ce1.uicdn.net
maxaffliate.com
pet.ionos.com
pet.ionos.com
213.165.66.58
2604:1380:4601:6205:5000:64ff:fe6d:c8c2
2a00:1450:4001:80b::200a
2a06:98c1:3121::3
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1d5b98f3b2c9ccca7a8c666508865f15d137a285b104c9adf090884387aa4ace
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b
35538b399f40d6db114f64b970fb8a612d88d833906f95f4cb8675c0277ecfb3
3a9b92b0feb238cd638d5b55b3e25a42c567d54a7cf15dc9ec12e0c76916e622
4c492c39769e0c0943694e44d40d0a560cb903d4638015e73943685fdae6934d
7afccd9150b0fcbf1a1056e6cc6051c9b6d85a55da7bf1a7fb0f475c0b22facc
7ba8f114cf2ece7ae91375135626fe7ebcd008da01bda2b3d5f96fa09d96e646
7d7a1a8ec55f31a6674fd2e2c41bcc6421a9aeb5cf161c6e93363f31347160f9
8039fa7e658abaa1a484042391d70143fa581e2535340fd6901585666ef945b0
ab37a8c4ffe677d8d3204b56e414244150e0eba903e78cde560b1867b25153ee
ba6d76450d69cc01637379368b39c84ae43b8e923603b8ea25cb3b78e4bddf60
c8e1724edab4d29c68d698c71f04db98774a5ba4fb432e4d37bfb0beecdac987
d6411d73d28fce4c3082c855db2fbe3b41d329bbdb6d134e3594035de2b5a37f
d78e7ad4838a9fb4db11451b1db78ccd0b0c7b28f5787684ce2870918ce27bb5
e9fa904320415f9630855ab7dd87b9b90a6c841458d3ab7552123d33a56b2cf0
f357ef289b88b412f6737b54eb351751c368e05b5598005b9ab81893a90748e2