urlscan.io logo urlscan.io
SecurityTrails logo

4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app Open in urlscan Pro
2604:1380:4601:6205:5000:64ff:fe6d:c8c2  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Effective URL: https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Submission: On November 07 via automatic, source openphish — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 18 HTTP transactions. The main IP is 2604:1380:4601:6205:5000:64ff:fe6d:c8c2, located in Amsterdam, Netherlands and belongs to PACKET, US. The main domain is 4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app.
TLS certificate: Issued by R3 on September 13th 2022. Valid for: 3 months.
This is the only time 4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: 1&1 Ionos (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 2604:1380:460... 54825 (PACKET)
9 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
5 213.165.66.58 8560 (IONOS-AS ...)
18 5
Apex Domain
Subdomains		 Transfer
9 maxaffliate.com
maxaffliate.com
129 KB
5 uicdn.net
ce1.uicdn.net — Cisco Umbrella Rank: 154621
258 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 447
30 KB
1 ic0.app
4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
37 KB
0 ionos.com Failed
pet.ionos.com Failed
18 5
Domain Requested by
9 maxaffliate.com 4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
5 ce1.uicdn.net maxaffliate.com
1 ajax.googleapis.com 4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
1 4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
0 pet.ionos.com Failed maxaffliate.com
18 5

This site contains links to these domains. Also see Links.

Domain
www.ionos.com
Subject Issuer Validity Valid
boundary.dfinity.network
R3		 2022-09-13 -
2022-12-12		 3 months crt.sh
*.maxaffliate.com
E1		 2022-09-27 -
2022-12-26		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-10-17 -
2023-01-09		 3 months crt.sh
ce1.uicdn.net
GeoTrust RSA CA 2018		 2022-03-01 -
2023-03-10		 a year crt.sh

This page contains 1 frames:

Primary Page: https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Frame ID: 0E7247200A87E9DC686AF9CD41728F4F
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login - IONOS

Page URL History Show full URLs

  1. http://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/ HTTP 307
    https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

89 %
HTTPS

75 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

455 kB
Transfer

964 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/ HTTP 307
    https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Redirect Chain
  • http://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
  • https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
83 KB
37 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2604:1380:4601:6205:5000:64ff:fe6d:c8c2 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
nginx/1.21.3 /
Resource Hash
3a9b92b0feb238cd638d5b55b3e25a42c567d54a7cf15dc9ec12e0c76916e622

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-None-Match,If-Modified-Since,Cache-Control,Content-Type,Range,Cookie
access-control-allow-methods
HEAD, GET, POST, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Accept-Ranges,Content-Length,Content-Range
access-control-max-age
600
content-encoding
gzip
content-type
text/html
date
Mon, 07 Nov 2022 13:12:27 GMT
ic-certificate
certificate=:2dn3o2R0cmVlgwGDAYMBgwJIY2FuaXN0ZXKDAYIEWCBapE/Ryx5IfrTncZ9OxL/QQZVmNaceNFmoQe0DLtBzfIMBggRYIGYCLe6jbKYmfmwfyDArg4p5dT8U2suqGg5+PeQ+c1ESgwGCBFggCJHjYPgdO7OwtR4Qh1UnsSsvDsf1S7FeM+uG/lhnsF6DAYIEWCAwvCQyfa+TxGKsSNjiUMzz7KOvE2ixFM+E642AYUmRJIMBgwGDAYIEWCAXGE0Cr6yVylvzfmBC/T4p63j20ed4CjUMm1Hm8PwK2YMBgwGCBFgg/g2pZ9X88FSx/Ey8hs2+qYdZRAVbi+3OdLurkf5JDKaDAYIEWCAowA1Mtq6jhlJyR2Qn9nPD9Xzx9gm9r6bs50cSo+FqCoMCSgAAAAAAcCHWAQGDAYMBgwGDAk5jZXJ0aWZpZWRfZGF0YYIDWCBx7P+YdADaonZFH5VGVO/4FzSBY3sfCs3lVToQUSXDIIIEWCCDxWvxTd49KN5mxpK1/J2X6d2YW2rXKw/m+E6KjfPcsoIEWCDwR+afFan49YUZxxXt4HwemJ8JLbvnr6DAhdVycBwokoIEWCBfluH1JoY1y6BRnQM7d2SdXvBwEokOw/974mWzLAIaMIIEWCCzkdNMC5n99mgVLc/C+3dVMbQ9mcnbBlMztyKjusujo4IEWCCN86mrgmmxOY9RPljFwnXmZcVHuM2jh+jPfhQbGLX0dYIEWCDpaMRJktnW2M5k/Kzlz/GZHPFxzlHcAGik0UZrxXEOqIIEWCCc+kaPrJJnoTYGyypKmveyFqypFA08LzjKv05bASHU2YIEWCDc+o4qIBSw6CgMN2WdTCJEkodBr70RhJGNz5vntZKPEYMBggRYIAsvEs+DqKM5aRwNOb44QyzuGmTajjiYu2mv22lwgjxegwJEdGltZYIDSffBwoDq8tOSF2lzaWduYXR1cmVYMLkgpF9LRLj4uM2t/qgYka9c7sWcwNUlnVLaddgCYOrnksGH5DtOFrlu4jdqJ0yLAGpkZWxlZ2F0aW9uomlzdWJuZXRfaWRYHUUXi2akB6TVnApNZzO9os4/N8ERtCV+xBkI9PgCa2NlcnRpZmljYXRlWQJX2dn3omR0cmVlgwGCBFggj58pGPLOarLM/c1oAVGR9Hr/ZZsYqMb9yiWkRi4TuuSDAYMCRnN1Ym5ldIMBgwGDAYIEWCAmf+VREbVuPDl1Uy6jNz97cun4IHL+jmB+00SGR4pbOYMBggRYIEZqcChs+azpgBylPiKvbuBZoJT9YEmGBtSEtoVAWDB9gwGCBFggvnKkxm3I5+VWamHMo//+m0k6zj1MAHGqxsSSFsdkQpqDAYMCWB1FF4tmpAek1ZwKTWczvaLOPzfBEbQlfsQZCPT4AoMBgwJPY2FuaXN0ZXJfcmFuZ2VzggNYG9nZ94GCSgAAAAAAcAAAAQFKAAAAAAB///8BAYMCSnB1YmxpY19rZXmCA1iFMIGCMB0GDSsGAQQBgtx8BQMBAgEGDCsGAQQBgtx8BQMCAQNhAJVfUvc8LexZpjeylOULk0211t4p5zu8+E59hqSsQbrXtTn5gXreiRaWHZ3Wv5JXAQ1YVxVuj+aq/Pb9BoeV5wvTOZs0ETAMnMyOug0GjBDkz7b04n0ZWx6teF1hjrOTuYIEWCAAm+bqf6+s6PfCS94lWkfuSudBPVAeM77aP3K1oe9ONoIEWCBKHXbAjmQuPbaYLmZTvoxzbydaJKwiEINDCy1bRBznVIIEWCAthWu6e2yAFxzo5dEhu35EULNWWmRNkTXp/liEKBwfuYMCRHRpbWWCA0mZlIHy2/PtkRdpc2lnbmF0dXJlWDCOKCqQ2l0e4uVWMMEjv2KJb7uTShE4i100/iNYPBctm2bGku6c5WrreQdz1VKdJaE=:, tree=:2dn3gwJLaHR0cF9hc3NldHODAksvaW5kZXguaHRtbIIDWCA6m5Kw/rI4zWONW1Wz4lpCxWfVSnzxXcnsEuDHaRbmIg==:
server
nginx/1.21.3
x-ic-canister-id
00000000007021d60101
x-ic-node-id
5lxee-mmizc-jmf6i-6wl6q-bjkkn-2tyxc-hpw65-ocqbk-4owqj-bujik-bae
x-ic-subnet-id
5kdm2-62fc6-fwnja-hutkz-ycsnm-4z33i-woh43-4cenu-ev7mi-gii6t-4ae

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Non-Authoritative-Reason
HSTS
ionos.min.css
maxaffliate.com/email-list/Login%20-%20IONOS_files/ 		190 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxaffliate.com/email-list/Login%20-%20IONOS_files/ionos.min.css
Requested by
Host: 4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
URL: https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab37a8c4ffe677d8d3204b56e414244150e0eba903e78cde560b1867b25153ee

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 07 Nov 2022 13:12:28 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 29 Sep 2022 12:26:14 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"63358ee6-2f646"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9G0WIY23v7R8PR1OupmQ4Ra018YcoYSXInNktPtq14SYyny4yekWylUsAY7dLlrlLpvQcIt91bN1u2ckDP6x4dQeB%2B7uaaLIB2Ylj2jWafvnin7RIHA2Ih7Kgo%2BhQenAADBXnxbjGdmN%2FoE6ZEo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=315360000
cf-ray
766652172b716963-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
saved_resource
maxaffliate.com/email-list/Login%20-%20IONOS_files/ 		43 B
380 B 		Script
General
Check archive.org
Download Go to
Full URL
https://maxaffliate.com/email-list/Login%20-%20IONOS_files/saved_resource
Requested by
Host: 4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
URL: https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba6d76450d69cc01637379368b39c84ae43b8e923603b8ea25cb3b78e4bddf60

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 07 Nov 2022 13:12:28 GMT
cf-cache-status
DYNAMIC
last-modified
Thu, 29 Sep 2022 12:26:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"2b-5e9cffbabe75a"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vfxlZBcCIqEuAxz5XmvQaNfcPJ3EYTEH%2BKt2D9QY4HN2uUNa18hlPfESvg9VKACzGZ7nFYPF6wBp%2BiUffiMaa4Zb1kVGzJQJ%2BabsqG4OcDlXDhFELFJM3Lgbo%2BsqCZtH8QVwDdMIl6A%2B5Kg2TTs%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
766652172b7f6963-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
inpagelayer.css
maxaffliate.com/email-list/Login%20-%20IONOS_files/ 		26 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxaffliate.com/email-list/Login%20-%20IONOS_files/inpagelayer.css
Requested by
Host: 4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
URL: https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d5b98f3b2c9ccca7a8c666508865f15d137a285b104c9adf090884387aa4ace

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 07 Nov 2022 13:12:28 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 29 Sep 2022 12:26:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"63358ee5-6742"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zkQbq0D%2FZyWKzqk7ZxTAeZNX1Y9I2fw1dwuRIICnYyJxKzl4W9TZjjYOF8m3YhC6I87vVfbunFfZXuCXpa6mqLEwM%2BbC5y1Edg2xpPCMy%2F3jjaiysw9QYfgVBbuoP3qmZaAs7%2FPS%2B4uH%2FfYARVI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=315360000
cf-ray
766652172b746963-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
navigation.css
maxaffliate.com/email-list/Login%20-%20IONOS_files/ 		132 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxaffliate.com/email-list/Login%20-%20IONOS_files/navigation.css
Requested by
Host: 4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
URL: https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8039fa7e658abaa1a484042391d70143fa581e2535340fd6901585666ef945b0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 07 Nov 2022 13:12:28 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 29 Sep 2022 12:26:14 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"63358ee6-210db"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fTLjMTX32v6FGLC4oiYRer98wuFsquzrl6XEYnhv9oUJeJPP3aPvVWftqWIe1CMuSdM6mrCxyULGI%2Bp0jNBY2AQIoihKWNxFSPjsPMAF3Wx5tysiS7IP%2BGRa7ETll9cMW6%2FvtyITOn1iuwFH%2Fes%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=315360000
cf-ray
766652172b776963-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
70000.js.download
maxaffliate.com/email-list/Login%20-%20IONOS_files/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxaffliate.com/email-list/Login%20-%20IONOS_files/70000.js.download
Requested by
Host: 4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
URL: https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c492c39769e0c0943694e44d40d0a560cb903d4638015e73943685fdae6934d

Request headers

Referer
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Mon, 07 Nov 2022 13:12:28 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Thu, 29 Sep 2022 12:26:14 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1486-5e9cffbbc85a3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ziQyVubqQyFDXEloB4iZa%2B4P1TbOtcYfaVlvEa6xcHKFyWU9zQyCUIGOtfSE6Svo66aYf%2BdAprnbdNr9FdKyGVOiZ%2FqLq%2FevscY2RKZnp20aN6mjv09LOGFezTkewkYA%2B8yXZQ1ccQhIKGp2DbE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cf-ray
766652172b7d6963-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
welcome-tour.css
maxaffliate.com/email-list/Login%20-%20IONOS_files/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxaffliate.com/email-list/Login%20-%20IONOS_files/welcome-tour.css
Requested by
Host: 4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
URL: https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6411d73d28fce4c3082c855db2fbe3b41d329bbdb6d134e3594035de2b5a37f

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 07 Nov 2022 13:12:28 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 29 Sep 2022 12:26:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"63358ee5-1dd5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BaPn5eLvOj7egUVbziMaK1jbtD7mb%2F2%2FWeH%2B5cnHBwzUzd8eVHtWynrbXw2I9PBDWYTb%2F9mzyraZyLKlejKeepJARccT3YLBQzpqFRLD6IIMniSfUz7KVqaR2d7XT46ayKdRR6%2BH3ZpS7%2F1SDuk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=315360000
cf-ray
766652172b7b6963-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
statuspage.css
maxaffliate.com/email-list/Login%20-%20IONOS_files/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxaffliate.com/email-list/Login%20-%20IONOS_files/statuspage.css
Requested by
Host: 4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
URL: https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e9fa904320415f9630855ab7dd87b9b90a6c841458d3ab7552123d33a56b2cf0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 07 Nov 2022 13:12:28 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 29 Sep 2022 12:26:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"63358ee7-130f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A8eloZ5vWVKPuYV8bZlz5syGvLoTPpaawB2EixMVyH81q3flK9L9KPa7OD2ialT%2FzCgqTTNKLiDW43w9ApIFzN%2FdDJPvlEl5LsPqk7dijSArYVu%2BX6EW8ShJOI8MnocHVaSuQnF2X2x1qI3g6Vo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=315360000
cf-ray
766652172b7c6963-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
main.js.download
maxaffliate.com/email-list/Login%20-%20IONOS_files/ 		145 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxaffliate.com/email-list/Login%20-%20IONOS_files/main.js.download
Requested by
Host: 4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
URL: https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f357ef289b88b412f6737b54eb351751c368e05b5598005b9ab81893a90748e2

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 07 Nov 2022 13:12:28 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Thu, 29 Sep 2022 12:26:14 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"242e7-5e9cffbbe817f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0q16sloquwjaU0MPMxxCXt%2BJPTEv%2FszJ8Fxdm4mQ8jN8SZZ6p8Xno1EcTvCgCyv42BYiY0LTYRBUUUmbUu7BjgPCGxIBWK4iWGpT1IjkfHijyL24xr%2BiwgTa%2Bprb4F4XWK%2BdV2DDBB2%2B4g3XYxM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cf-ray
766652178cae6963-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
ionos.min.js.download
maxaffliate.com/email-list/Login%20-%20IONOS_files/ 		29 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxaffliate.com/email-list/Login%20-%20IONOS_files/ionos.min.js.download
Requested by
Host: 4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
URL: https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ba8f114cf2ece7ae91375135626fe7ebcd008da01bda2b3d5f96fa09d96e646

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 07 Nov 2022 13:12:28 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Thu, 29 Sep 2022 12:26:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"74db-5e9cffbb06bb4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BG6XublTZOs5K3njeCx%2Fcs%2F8utrQMuVGr1czbgYqzJovZLwpKdoPIdQaeX%2Br3cwZ8slI0l7bDrLj7%2F4BCkw7p5uXpDAMK4%2FYMJQujsmGgb0UjqotuOPxaMNeF2euu73sMGx8FvvUl4szFSxCJHM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cf-ray
766652178cb16963-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Requested by
Host: 4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
URL: https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Mon, 07 Nov 2022 08:45:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
16003
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30399
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 07 Nov 2023 08:45:45 GMT
opensans-regular.woff
ce1.uicdn.net/exos/fonts/open-sans/ 		62 KB
63 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ce1.uicdn.net/exos/fonts/open-sans/opensans-regular.woff
Requested by
Host: maxaffliate.com
URL: https://maxaffliate.com/email-list/Login%20-%20IONOS_files/ionos.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
213.165.66.58 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ce1.uicdn.net
Software
Apache /
Resource Hash
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b

Request headers

Referer
https://maxaffliate.com/
Origin
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 07 Nov 2022 13:12:28 GMT
last-modified
Tue, 12 Jun 2018 09:26:07 GMT
server
Apache
x-cache-status
HIT
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-length
63712
expires
Tue, 31 Oct 2023 13:22:34 GMT
truncated
/ 		320 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c8e1724edab4d29c68d698c71f04db98774a5ba4fb432e4d37bfb0beecdac987

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type
image/svg+xml
exos-icon-font.woff
ce1.uicdn.net/exos/icons/ 		50 KB
50 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ce1.uicdn.net/exos/icons/exos-icon-font.woff?v=5
Requested by
Host: maxaffliate.com
URL: https://maxaffliate.com/email-list/Login%20-%20IONOS_files/navigation.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
213.165.66.58 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ce1.uicdn.net
Software
Apache /
Resource Hash
35538b399f40d6db114f64b970fb8a612d88d833906f95f4cb8675c0277ecfb3

Request headers

Referer
https://maxaffliate.com/
Origin
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 07 Nov 2022 13:12:28 GMT
last-modified
Fri, 05 Aug 2022 04:39:12 GMT
server
Apache
x-cache-status
HIT
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-length
50688
expires
Tue, 31 Oct 2023 13:22:36 GMT
overpass-regular.woff
ce1.uicdn.net/exos/fonts/overpass/ 		42 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ce1.uicdn.net/exos/fonts/overpass/overpass-regular.woff
Requested by
Host: maxaffliate.com
URL: https://maxaffliate.com/email-list/Login%20-%20IONOS_files/ionos.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
213.165.66.58 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ce1.uicdn.net
Software
Apache /
Resource Hash
d78e7ad4838a9fb4db11451b1db78ccd0b0c7b28f5787684ce2870918ce27bb5

Request headers

Referer
https://maxaffliate.com/
Origin
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 07 Nov 2022 13:12:28 GMT
last-modified
Tue, 12 Jun 2018 09:26:06 GMT
server
Apache
x-cache-status
HIT
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-length
42580
expires
Tue, 31 Oct 2023 13:22:34 GMT
opensans-bold.woff
ce1.uicdn.net/exos/fonts/open-sans/ 		62 KB
62 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ce1.uicdn.net/exos/fonts/open-sans/opensans-bold.woff
Requested by
Host: maxaffliate.com
URL: https://maxaffliate.com/email-list/Login%20-%20IONOS_files/ionos.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
213.165.66.58 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ce1.uicdn.net
Software
Apache /
Resource Hash
7d7a1a8ec55f31a6674fd2e2c41bcc6421a9aeb5cf161c6e93363f31347160f9

Request headers

Referer
https://maxaffliate.com/
Origin
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 07 Nov 2022 13:12:28 GMT
last-modified
Tue, 12 Jun 2018 09:26:07 GMT
server
Apache
x-cache-status
HIT
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-length
63564
expires
Tue, 31 Oct 2023 13:22:34 GMT
overpass-bold.woff
ce1.uicdn.net/exos/fonts/overpass/ 		41 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ce1.uicdn.net/exos/fonts/overpass/overpass-bold.woff
Requested by
Host: maxaffliate.com
URL: https://maxaffliate.com/email-list/Login%20-%20IONOS_files/ionos.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
213.165.66.58 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ce1.uicdn.net
Software
Apache /
Resource Hash
7afccd9150b0fcbf1a1056e6cc6051c9b6d85a55da7bf1a7fb0f475c0b22facc

Request headers

Referer
https://maxaffliate.com/
Origin
https://4xhar-nyaaa-aaaad-qehla-cai.raw.ic0.app
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 07 Nov 2022 13:12:28 GMT
last-modified
Tue, 12 Jun 2018 09:26:06 GMT
server
Apache
x-cache-status
HIT
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-length
42092
expires
Tue, 31 Oct 2023 13:22:34 GMT
/
pet.ionos.com/pet/error/ACCOUNT/ 		0
0
/
pet.ionos.com/pet/error/ACCOUNT/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
pet.ionos.com
URL
https://pet.ionos.com/pet/error/ACCOUNT/
Domain
pet.ionos.com
URL
https://pet.ionos.com/pet/error/ACCOUNT/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: 1&1 Ionos (Telecommunication)

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| _0x1a4f function| _0x3736 object| Zlib string| UI_nguserid object| NSfTIF function| $ function| jQuery function| randomInteger function| randomString function| getdomainpartofemail function| get_email_hash function| validateEmail function| geturlparameter function| get_rand_url_pars object| Tap object| EXOS object| jQBrowser object| OAO

0 Cookies

5 Console Messages

Source Level URL
Text
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://maxaffliate.com/email-list/Login%20-%20IONOS_files/70000.js.download, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://maxaffliate.com/email-list/Login%20-%20IONOS_files/70000.js.download, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://pet.ionos.com/pet/error/ACCOUNT/
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED