Report - hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/

Report Overview

Submitted URL
hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-25 16:59:41
Access
public
Website Title
Login - IONOS
Final URL
hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-04-24	478 B	7.2 kB	104.17.25.14
hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev	unknown	unknown	No data	No data	1.0 kB	71 kB	188.114.97.1
id.ionos.com	unknown	2000-02-29	2023-07-07	2024-02-11	1.9 kB	19 kB	217.160.86.24
ias.uicdn.net	261608	2010-08-25	2018-10-01	2024-03-18	552 B	3.5 kB	217.160.86.27
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2024-04-25	472 B	24 kB	104.18.11.207
stackpath.bootstrapcdn.com	2467	2012-05-25	2018-06-15	2024-04-25	477 B	52 kB	104.18.10.207
code.jquery.com	634	2005-12-10	2012-05-21	2024-04-25	453 B	70 kB	151.101.2.137
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-04-25	469 B	31 kB	142.250.74.138
ce1.uicdn.net	136303	2010-08-25	2017-02-01	2024-04-18	2.7 kB	288 kB	213.165.66.58

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-25 16:59:14	low	Client IP	188.114.97.1	ET INFO Observed Cloudflare workers.dev Domain in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/	1&1 Ionos
2024-04-25	medium	hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/	1&1 Ionos

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (27)

	URL	Size	First Seen	Last Seen
	unknown	5 B	2023-05-22	2024-04-27
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-05-22 21:52:08 Last Seen2024-04-27 06:57:09 Times Seen8 Hash e05145e681a664ea1508604cd1e3d971 16e91c77dd11cfeb43b3154dab7feb285123a994 8517c1eeea029ca1b67736f70ca91ef633c1b1f5799cc94423a0d4b829bb2add Loading...

	unknown	4 B	2023-05-22	2024-04-27
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-05-22 21:52:08 Last Seen2024-04-27 06:57:09 Times Seen10 Hash abac80ee643200d89307d8e4e65fc9df e33dbfd86ca9aa19a0afc2eceb8e6ff5d91805c5 9a8255ff4895ee4057ff029b7ad89539b891593b6a11d5c2a0e6b77d7de49e7d Loading...

	unknown	21 kB	2024-04-25	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:59:48 Last Seen2024-04-25 18:59:48 Times Seen1 Hash aa59a979d233035a87e255d674b1996c ca4956089f835819ed69571b2112c4015442c61e ac6778bb53175c6302c342c54abee52a1d6dec3fe9b70dfec96ce2c9c0ac5ddf Loading...

	hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/	52 kB	2024-04-25	2024-04-25
Pretty URL hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 18:59:48 Last Seen2024-04-25 18:59:48 Times Seen1 Hash 5c848db0649c30887197bc9bfce90514 5ea797ede4ade5252807b35a2aa4434abd3d455e 1fa416c0667c3fa2fd3f86721b2b1ff81aa27ab565a513634465c02a665d6f76 Loading...

	unknown	9 B	2024-04-25	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:59:48 Last Seen2024-04-25 18:59:48 Times Seen1 Hash bb8131a557d7dca4af0a51f0aa261198 9177f93005cecf034a7deb680ceba9428b022ff2 9658aee4c042827629d25854e4b7999e9ce21139d551225006702999cc006f2b Loading...

	unknown	1.4 kB	2024-04-25	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:59:48 Last Seen2024-04-25 18:59:48 Times Seen1 Hash 533e92b9b175a2c6eac5d0f90ea73dfb de32e7d49a19fea7b154c423988fee849b15cfaa c6efe5b4381f9790a45ca11044632ef473eca3cb2c13c2fe7ebad8e540e56fc9 Loading...

	stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	51 kB	2023-03-07	2024-05-05
Pretty URL stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-05-05 17:50:27 Times Seen246685 Hash 67176c242e1bdc20603c878dee836df3 27a71b00383d61ef3c489326b3564d698fc1227c 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Loading...

	unknown	106 B	2024-04-25	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:59:48 Last Seen2024-04-25 18:59:48 Times Seen1 Hash 3a81e845d9491958cf6ea3ca06c56097 345abe9ea890be87eff772fee2e2b393c32748bd f1332bc4a3f0210950c8f59fddaa6ffff7197c411ff3766c16254b74238f4f0f Loading...

	unknown	2.8 kB	2024-04-25	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:59:48 Last Seen2024-04-25 18:59:48 Times Seen1 Hash cb3cc64a8394b1c6d35570c61ad27b5a acadc975c1bd6ca5493dafbbe446f320fc7c6147 3188fcb55dc1de9c253d4dac88ccab33365f2fe3bc31085613e26b3994d2478d Loading...

	unknown	38 B	2023-04-11	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:09:18 Last Seen2024-05-05 17:31:51 Times Seen3946 Hash a55bc61bb8cabacdc353356d20217fb1 ecf7f3fc124c625be7890bb4536b6f89d4d76786 a4a9b568a83a7f91eeed94a7c6587bb5d3bdf73d515d40c4402460dc046ab7a6 Loading...

	code.jquery.com/jquery-3.2.1.slim.min.js	70 kB	2023-03-07	2024-05-05
Pretty URL code.jquery.com/jquery-3.2.1.slim.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:43 Last Seen2024-05-05 17:50:27 Times Seen107700 Hash 5f48fc77cac90c4778fa24ec9c57f37d 9e89d1515bc4c371b86f4cb1002fd8e377c1829f 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398 Loading...

	unknown	6.3 kB	2024-04-25	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:59:49 Last Seen2024-04-25 18:59:49 Times Seen1 Hash 494cff485c0e05f6c017d43f9288258c 3e15bcf864a8ab30a75b4c41df53f51948d69918 2baf167a8ac6f701fdac73518c95557711fdf5455ed5f2fb35e33865eda49397 Loading...

	unknown	7 B	2024-04-25	2024-04-25
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2024-04-25 18:59:49 Last Seen2024-04-25 18:59:49 Times Seen1 Hash c3ed3423a2787bb1df09567ade8bff39 3417e127ffc46b4a70042190907def7e986d2b55 4470b4c935af1cd736d237ee6bb7892d188c92e4abb3bac254063a75a4e8357e Loading...

	maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	49 kB	2023-03-07	2024-05-05
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js IP 104.18.11.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-05-05 17:50:27 Times Seen138694 Hash 14d449eb8876fa55e1ef3c2cc52b0c17 a9545831803b1359cfeed47e3b4d6bae68e40e99 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	19 kB	2023-03-07	2024-05-05
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-05-05 17:51:50 Times Seen113472 Hash 70d3fda195602fe8b75e0097eed74dde c3b977aa4b8dfb69d651e07015031d385ded964b a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66 Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js	86 kB	2023-03-07	2024-05-05
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-05 17:51:50 Times Seen388517 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	unknown	9 B	2024-04-25	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:59:49 Last Seen2024-04-25 18:59:49 Times Seen1 Hash 370b0e4b8c770ebf197f486f2cce0fb7 2eb133b8a3020cb89dbb9602721cb0180fd4723e c3f1554aaf42d6c5e3a6c15db2d909d3f72a0dd77f5321faa2520fcd1c7a5138 Loading...

		Size	First Seen	Last Seen
	#1 Eval - d83a23ef1c4283a3d0acc2742979a083	506 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 18:59:49 Last Seen2024-04-25 18:59:49 Times Seen1 Hash d83a23ef1c4283a3d0acc2742979a083 77c9be6408125b48f52eead8a8352bd557eccae3 f3406dc8f52aabb0bff890a2a6b70f79fba9c19d34cb23510fe8ed1ae48524c9 Loading...

	#2 Eval - 8f1ffd587933e334e92bb2d43888de70	2.6 kB	2023-03-07	2024-04-27
Pretty Observations First Seen2023-03-07 01:42:37 Last Seen2024-04-27 06:57:09 Times Seen60 Hash 8f1ffd587933e334e92bb2d43888de70 f73e557a115b6d07c7b90613368e307a12017f42 2eb6ae33d73cc712dbd352328c3910cdef24867878d3511e9330bf7201bb7afb Loading...

	#3 Eval - 806ac4f5abf0f6b9f9b8872028c8f498	1.8 kB	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 18:59:49 Last Seen2024-04-25 18:59:49 Times Seen1 Hash 806ac4f5abf0f6b9f9b8872028c8f498 d0e950790ab87a6d35abae5edfb9e1145dab2691 88117803348f790750eced0596aeb8d8a35e6d68c138e9c65195f8515c31a237 Loading...

	#4 Eval - bbb27ebeb5ff553830fb77d6cf8f6de0	289 B	2023-05-22	2024-04-27
Pretty Observations First Seen2023-05-22 21:52:08 Last Seen2024-04-27 06:57:09 Times Seen8 Hash bbb27ebeb5ff553830fb77d6cf8f6de0 003cb6aad6600d674e7feb10b763cfc885361176 e870401e36f7602cb6c720130001a003fda8ca53f4b00c39efa9afc72ff75247 Loading...

	#5 Eval - 09fb2f2e0963ecad7f27b3dd3cde4f65	20 kB	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 18:59:49 Last Seen2024-04-25 18:59:49 Times Seen1 Hash 09fb2f2e0963ecad7f27b3dd3cde4f65 ae79cac7edbf81f942daf5e9ceaf1b67e0e4c61f 9e865c562c7f096551d092d517844f295b47791ce9409e8cb19811c7e879976b Loading...

		Size	First Seen	Last Seen
	#1 Write - 433870d3e75b63f6a482426fe0b8756c	4.1 kB	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 18:59:49 Last Seen2024-04-25 18:59:49 Times Seen1 Hash 433870d3e75b63f6a482426fe0b8756c 7d20ca231409b8b061e5cd9d995d03fd272e4fb7 27ccd015f0136923aa5e25d32f1b8e8933bf0f84e85d6013adde23ed6b8867d8 Loading...

	#2 Write - 4d404c1e734ece3e87a2c74b48589606	45 B	2023-05-22	2024-04-27
Pretty Observations First Seen2023-05-22 21:52:08 Last Seen2024-04-27 06:57:09 Times Seen8 Hash 4d404c1e734ece3e87a2c74b48589606 efad05ef5f58aad518368f18a0b06334e252977d 58db8680eac54fbc4bed19c9f5b3a097aee41299b36db3244663e50cfb2095da Loading...

	#3 Write - ad40d41a46120af2775e47a31fd617d3	3.1 kB	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 18:59:49 Last Seen2024-04-25 18:59:49 Times Seen1 Hash ad40d41a46120af2775e47a31fd617d3 0e421de51018f0544691f6295672d84c18563a84 a98be1b18b2aa64497d7acc801a25b70fe058e2c9f55457bfbf8cc3c172f3c37 Loading...

	#4 Write - 8fa2b29c97639eed4976921c715f66c6	15 kB	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 18:59:49 Last Seen2024-04-25 18:59:49 Times Seen1 Hash 8fa2b29c97639eed4976921c715f66c6 f0206eab81126e2c0cb7edf85341b534867e5417 81e597aa1cbce8672a57d2fe00c35e0edfaa09b47d4c318b637a053026763e7c Loading...

	#5 Write - 75407fb6adab479dc968c6a0e3617b0a	29 kB	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 18:59:49 Last Seen2024-04-25 18:59:49 Times Seen1 Hash 75407fb6adab479dc968c6a0e3617b0a dfcbbf5fdea813680c4d0fb4f80c53b8c46003c0 1a861ca27867fcc0a32e30e539887fb55a8b856e198ca7c49544e6602ce3d06d Loading...

HTTP Transactions (17)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

104.17.25.14

200 OK

6.2 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (19015)
Size
6.2 kB (6157 bytes)
Hash
70d3fda195602fe8b75e0097eed74dde
c3b977aa4b8dfb69d651e07015031d385ded964b
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

HTTP Headers

GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:59:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 6157
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 71907
expires: Tue, 15 Apr 2025 16:59:14 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1qTSdPmoXQnLPT9QrDwD7p11kaqtQPLFnu8cjR9kpPWfZxiG5BYVIuhr6KrZmCd%2F%2B%2FuDwTBU2LUu4sbv7BvR%2Bt%2F7ER6omij88El4cFuOtmhIp0NfF0RFEXxy1MWCbLhwr9Mkuszi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 879fe1ea996c56c4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.2.1.slim.min.js

151.101.2.137

200 OK

70 kB

URL GET HTTP/2
code.jquery.com/jquery-3.2.1.slim.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32012)
Size
70 kB (69597 bytes)
Hash
5f48fc77cac90c4778fa24ec9c57f37d
9e89d1515bc4c371b86f4cb1002fd8e377c1829f
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

HTTP Headers

GET /jquery-3.2.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: "28feccc0-10fdd"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 25 Apr 2024 16:59:15 GMT
age: 202979
x-served-by: cache-lga21963-LGA, cache-hel1410030-HEL
x-cache: HIT, HIT
x-cache-hits: 109, 4688
x-timer: S1714064355.047890,VS0,VE0
vary: Accept-Encoding
content-length: 69597
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

142.250.74.138

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
JavaScript source, ASCII text, with very long lines (32065)
Size
30 kB (30028 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:38:23 GMT
expires: Fri, 18 Apr 2025 17:38:23 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 602452
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ce1.uicdn.net/exos/framework/2.0/ionos.min.css

213.165.66.58

200 OK

60 kB

URL GET HTTP/2
ce1.uicdn.net/exos/framework/2.0/ionos.min.css
IP
213.165.66.58:443
ASN
#8560 IONOS SE

Requested by
https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectce1.uicdn.net
Fingerprint23:9A:4F:D8:18:A2:18:75:FC:81:10:E0:72:BF:A3:AD:9D:1C:B7:04
ValidityWed, 20 Mar 2024 00:00:00 GMT - Sun, 09 Mar 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65473)
Size
60 kB (60299 bytes)
Hash
78b9d8f9bc126efa9a54b868185d2e67
3cec2d008cf0ac98dd8c04f95b7ab2d766bce640
48a64dde35632cdb0ccbd266681384f8943a0e7c17c08cc7364d694afcd3e7dc

HTTP Headers

GET /exos/framework/2.0/ionos.min.css HTTP/1.1
Host: ce1.uicdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:59:15 GMT
content-type: text/css
content-length: 60299
set-cookie: DPX=v1:m21Nsxwejq:dTf1u3np:662a99f8:gb; Path=/; Expires=Thu, 25-Apr-24 17:59:15 GMT; HttpOnly; Secure; SameSite=Lax
server: Apache
last-modified: Wed, 14 Feb 2024 11:58:48 GMT
vary: Accept-Encoding
content-encoding: br
cache-control: max-age=43200, public
expires: Fri, 25 Apr 2025 10:29:41 GMT
access-control-allow-origin: *
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

ias.uicdn.net/fileadmin/IONOS/user_upload/email-marketing.svg?h=0fbfd484b7052efe457d3090b4c14a657e1f366d

217.160.86.27

200 OK

3.0 kB

URL GET HTTP/2
ias.uicdn.net/fileadmin/IONOS/user_upload/email-marketing.svg?h=0fbfd484b7052efe457d3090b4c14a657e1f366d
IP
217.160.86.27:443
ASN
#8560 IONOS SE

Requested by
https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectias.uicdn.net
FingerprintBF:90:F9:02:2E:0F:3B:09:48:FB:00:FD:7D:F1:24:FD:74:26:30:03
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
3.0 kB (3036 bytes)
Hash
601a6b279d71bae856ebe64c87895bb8
0fbfd484b7052efe457d3090b4c14a657e1f366d
1ea897ce746ac3177faaf6be44aa8ea6129a39220bdf122d9973113ae77c8a7a

HTTP Headers

GET /fileadmin/IONOS/user_upload/email-marketing.svg?h=0fbfd484b7052efe457d3090b4c14a657e1f366d HTTP/1.1
Host: ias.uicdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:59:15 GMT
content-type: image/svg+xml
content-length: 3036
set-cookie: DPX=v1:fb0m/etZqb:MBIABNM2:662a99f8:gb; Path=/; Expires=Thu, 25-Apr-24 17:59:15 GMT; HttpOnly; Secure; SameSite=Lax
server: Apache
strict-transport-security: max-age=31536000
last-modified: Fri, 05 May 2023 09:21:02 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ce1.uicdn.net/exos/icons/exos-icon-font.woff?v=16

213.165.66.58

200 OK

51 kB

URL GET HTTP/2
ce1.uicdn.net/exos/icons/exos-icon-font.woff?v=16
IP
213.165.66.58:443
ASN
#8560 IONOS SE

Requested by
https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectce1.uicdn.net
Fingerprint23:9A:4F:D8:18:A2:18:75:FC:81:10:E0:72:BF:A3:AD:9D:1C:B7:04
ValidityWed, 20 Mar 2024 00:00:00 GMT - Sun, 09 Mar 2025 23:59:59 GMT

File type
Web Open Font Format, TrueType, length 51184, version 1.0
Size
51 kB (51184 bytes)
Hash
04b9a31827558a700e709459a1d758dd
31412850a250fd4a6565c58f9a3481c384c33ab4
db4f875bd60c7c59abb060b14e38f9473adcd4b3913208ba2fa3cb498a6dcd6d

HTTP Headers

GET /exos/icons/exos-icon-font.woff?v=16 HTTP/1.1
Host: ce1.uicdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://ce1.uicdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:59:15 GMT
content-type: application/font-woff
content-length: 51184
set-cookie: DPX=v1:cldxJA/Hb8:OBaaZqeq:662a99f8:gb; Path=/; Expires=Thu, 25-Apr-24 17:59:15 GMT; HttpOnly; Secure; SameSite=Lax
server: Apache
last-modified: Mon, 13 Nov 2023 08:00:02 GMT
cache-control: max-age=31536000
expires: Thu, 30 Jan 2025 22:04:30 GMT
access-control-allow-origin: *
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

ce1.uicdn.net/exos/fonts/overpass/overpass-semibold.woff

213.165.66.58

200 OK

41 kB

URL GET HTTP/2
ce1.uicdn.net/exos/fonts/overpass/overpass-semibold.woff
IP
213.165.66.58:443
ASN
#8560 IONOS SE

Requested by
https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectce1.uicdn.net
Fingerprint23:9A:4F:D8:18:A2:18:75:FC:81:10:E0:72:BF:A3:AD:9D:1C:B7:04
ValidityWed, 20 Mar 2024 00:00:00 GMT - Sun, 09 Mar 2025 23:59:59 GMT

File type
Web Open Font Format, TrueType, length 40600, version 0.0
Size
41 kB (40600 bytes)
Hash
fe20bb6bd82d2a31fa7ca5c295cd477e
79e36cebc9f909fbf992e37c68f5b4cbdde575ec
82a3b507d88d0bf1ae099818e5e4754081e05a915408c22ec6db3cda9b96afd4

HTTP Headers

GET /exos/fonts/overpass/overpass-semibold.woff HTTP/1.1
Host: ce1.uicdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://ce1.uicdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:59:15 GMT
content-type: application/font-woff
content-length: 40600
set-cookie: DPX=v1:whzkVCAnN5:lR5wH4Hr:662a99f8:gb; Path=/; Expires=Thu, 25-Apr-24 17:59:15 GMT; HttpOnly; Secure; SameSite=Lax
server: Apache
last-modified: Tue, 12 Jun 2018 09:26:10 GMT
cache-control: max-age=31536000
expires: Thu, 30 Jan 2025 22:04:30 GMT
access-control-allow-origin: *
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

ce1.uicdn.net/exos/fonts/open-sans/opensans-regular.woff

213.165.66.58

200 OK

64 kB

URL GET HTTP/2
ce1.uicdn.net/exos/fonts/open-sans/opensans-regular.woff
IP
213.165.66.58:443
ASN
#8560 IONOS SE

Requested by
https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectce1.uicdn.net
Fingerprint23:9A:4F:D8:18:A2:18:75:FC:81:10:E0:72:BF:A3:AD:9D:1C:B7:04
ValidityWed, 20 Mar 2024 00:00:00 GMT - Sun, 09 Mar 2025 23:59:59 GMT

File type
Web Open Font Format, TrueType, length 63712, version 1.0
Size
64 kB (63712 bytes)
Hash
ac327c4db6284ef64ebe872b6308f5da
7dd17593d3947f4ea10be937634ef8f553443e5a
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b

HTTP Headers

GET /exos/fonts/open-sans/opensans-regular.woff HTTP/1.1
Host: ce1.uicdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://ce1.uicdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:59:15 GMT
content-type: application/font-woff
content-length: 63712
set-cookie: DPX=v1:CVK4tNYyJf:m13myikl:662a99f8:gb; Path=/; Expires=Thu, 25-Apr-24 17:59:15 GMT; HttpOnly; Secure; SameSite=Lax
server: Apache
last-modified: Tue, 12 Jun 2018 09:26:07 GMT
cache-control: max-age=31536000
expires: Thu, 30 Jan 2025 22:04:30 GMT
access-control-allow-origin: *
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

ce1.uicdn.net/exos/fonts/open-sans/opensans-semibold.woff

213.165.66.58

200 OK

70 kB

URL GET HTTP/2
ce1.uicdn.net/exos/fonts/open-sans/opensans-semibold.woff
IP
213.165.66.58:443
ASN
#8560 IONOS SE

Requested by
https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectce1.uicdn.net
Fingerprint23:9A:4F:D8:18:A2:18:75:FC:81:10:E0:72:BF:A3:AD:9D:1C:B7:04
ValidityWed, 20 Mar 2024 00:00:00 GMT - Sun, 09 Mar 2025 23:59:59 GMT

File type
Web Open Font Format, TrueType, length 69888, version 1.10
Size
70 kB (69888 bytes)
Hash
9f2144213fad53d4e0fdb26ecf93865f
7c9f1210d31388fe5df9e368bd0e73a8f4091b28
b0390aa3e137e3e49d7d6ed5d86c208fec1dd45ff8a56836c3f86c2e32cd2d7a

HTTP Headers

GET /exos/fonts/open-sans/opensans-semibold.woff HTTP/1.1
Host: ce1.uicdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://ce1.uicdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:59:15 GMT
content-type: application/font-woff
content-length: 69888
set-cookie: DPX=v1:HwdkJlTkNc:poxaOVqr:662a99f8:gb; Path=/; Expires=Thu, 25-Apr-24 17:59:15 GMT; HttpOnly; Secure; SameSite=Lax
server: Apache
last-modified: Tue, 12 Jun 2018 09:26:11 GMT
cache-control: max-age=31536000
expires: Thu, 30 Jan 2025 22:04:30 GMT
access-control-allow-origin: *
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/

188.114.97.1

200 OK

35 kB

URL User Request GET HTTP/2
hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectc1o-u-dost-orage.workers.dev
FingerprintEB:58:2D:2C:3D:A3:83:9E:25:FF:1F:0D:BF:E9:D6:F1:30:C7:38:62
ValidityMon, 08 Apr 2024 18:34:43 GMT - Sun, 07 Jul 2024 18:34:42 GMT

File type
HTML document, ASCII text, with very long lines (51889)
Size
35 kB (34907 bytes)
Hash
5ff2c97bcf98f68a77dd3fb4d93cc82b
726ae5cd2f6ef43efff33c7af05a2cd09692e11c
a496c6a35a4831f670bd008b8ecb75d594236359bbb9da6c0ab421e3992a8a7b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	1&1 Ionos

HTTP Headers

GET / HTTP/1.1
Host: hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:59:14 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rcQk%2BwqnHVRO8mrF%2Fl%2BlS7HeoF6TyaiIMOJp7zZv1yise%2Bu5QAMBhEU6jJMFi9zuXQS8Btji1AK1qQ%2BI1RkftF9l%2Fcb8A8chOStyDwDDRxW5CvFiNgfmR0GaX5EgSDsMU6XvLMgoblzXEGRVX8ei8rtrponlgRaA6qupY%2B%2FAt8o5aL1V8Jvevps%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879fe1e8ed0f568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

id.ionos.com/image/product-hidrive.svg

217.160.86.24

200 OK

6.7 kB

URL GET HTTP/2
id.ionos.com/image/product-hidrive.svg
IP
217.160.86.24:443
ASN
#8560 IONOS SE

Requested by
https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectid.ionos.com
Fingerprint29:20:6F:8E:FC:AD:C3:87:D3:89:DF:72:CA:8A:CB:2F:B3:30:DF:49
ValidityMon, 22 May 2023 00:00:00 GMT - Tue, 21 May 2024 23:59:59 GMT

File type
gzip compressed data, from Unix
Size
6.7 kB (6697 bytes)
Hash
e9d9c59047e28d28f4a655dabf66465d
3d6f281337e2751ca3594d906c2e0e77eb57f3b8
e18d3cf69d32bf98d66328ae2c73e57bca4ce6542f6551275a3092385395dd52

HTTP Headers

GET /image/product-hidrive.svg HTTP/1.1
Host: id.ionos.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:59:15 GMT
content-type: image/svg+xml
server: Apache
vary: Origin,Accept-Encoding,Access-Control-Request-Method,Access-Control-Request-Headers
set-cookie: DPX=v1:xmuH9sFJ8s:rdAgqrVb:662a99f8:gb; Path=/; Expires=Thu, 25-Apr-24 17:59:15 GMT; HttpOnly; Secure; SameSite=Lax
JSESSIONID=36E94E90B56504AF09AD149FC9E80480.TCbs3a; Path=/; Secure; HttpOnly
content-security-policy: default-src 'self' frontend-services.ionos.com; img-src 'self' data: *.ionos.com *.uicdn.net; font-src 'self' cors.uicdn.net ce1.uicdn.net; script-src 'nonce-RsoTE9LFSonETGHZpCbwkbRH45VCt5QZcen8LWqWPzA=' 'strict-dynamic' 'self' tif.ionos.com ce1.uicdn.net var.uicdn.net; style-src 'self' frontend-services.ionos.com ce1.uicdn.net var.uicdn.net 'nonce-RsoTE9LFSonETGHZpCbwkbRH45VCt5QZcen8LWqWPzA='; frame-src data: 'self' *.ionos.com; child-src data: 'self' *.ionos.com; connect-src 'self' ahab.ionos.com sherlock.us.ac1.server.lan sherlock.ionos.com sentry.ionos.com hed.ionos.com navigation.ionos.com frontend-services.ionos.com t.ionos.com l4wxddfpxjw0.statuspage.io; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; report-uri https://sentry.ionos.com/api/37/security/?sentry_key=b4a988ca9dc347169637be0cf1105ce4
last-modified: Mon, 22 Apr 2024 04:54:08 GMT
accept-ranges: bytes
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
content-encoding: gzip
x-cache-status: MISS
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

104.18.11.207

200 OK

23 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63
ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT

File type
JavaScript source, ASCII text, with very long lines (48664)
Size
23 kB (23352 bytes)
Hash
14d449eb8876fa55e1ef3c2cc52b0c17
a9545831803b1359cfeed47e3b4d6bae68e40e99
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

HTTP Headers

GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:59:15 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
cdn-edgestorageid: 617, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 2021-06-08 14:29:21
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 395e10f82368220a7b7579d8f1c28956
cdn-cache: HIT
cf-cache-status: HIT
age: 13438688
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 879fe1eac841b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/favicon.ico

188.114.97.1

200 OK

35 kB

URL GET HTTP/3
hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectc1o-u-dost-orage.workers.dev
FingerprintEB:58:2D:2C:3D:A3:83:9E:25:FF:1F:0D:BF:E9:D6:F1:30:C7:38:62
ValidityMon, 08 Apr 2024 18:34:43 GMT - Sun, 07 Jul 2024 18:34:42 GMT

File type
HTML document, ASCII text, with very long lines (51889)
Size
35 kB (34752 bytes)
Hash
5ff2c97bcf98f68a77dd3fb4d93cc82b
726ae5cd2f6ef43efff33c7af05a2cd09692e11c
a496c6a35a4831f670bd008b8ecb75d594236359bbb9da6c0ab421e3992a8a7b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	1&1 Ionos

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:59:15 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=odCXXDB0ephyaIfUBPnTBmo26XDEkQC%2BQGxPBG70h%2BJkMUucDjBsIihf6u%2F0PgAMRO3dmX0Dc7Ez0xSPj0sHYOsUp9rA%2BWBUM0TSkeIincISHMiOQAsriSGJpMx9B9MbXjZxWjKwfGesXoLt5aRB2GCet7GkIbJbtddviz8CZvR0ClRpS3toguA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879fe1edff9e56b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

id.ionos.com/image/product-email.svg

217.160.86.24

200 OK

1.1 kB

URL GET HTTP/2
id.ionos.com/image/product-email.svg
IP
217.160.86.24:443
ASN
#8560 IONOS SE

Requested by
https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectid.ionos.com
Fingerprint29:20:6F:8E:FC:AD:C3:87:D3:89:DF:72:CA:8A:CB:2F:B3:30:DF:49
ValidityMon, 22 May 2023 00:00:00 GMT - Tue, 21 May 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1070 bytes)
Hash
6cae0cbd732f08d62da1b0ba3cdaffaf
602621bd8f8265e543c1dd6f31427c7ee5550189
7bda6f50403021b3d63a6bc34e84f1fb118c3d482b41fcff46e0aa5626aa4156

HTTP Headers

GET /image/product-email.svg HTTP/1.1
Host: id.ionos.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:59:15 GMT
content-type: image/svg+xml
server: Apache
vary: Origin,Accept-Encoding,Access-Control-Request-Method,Access-Control-Request-Headers
set-cookie: DPX=v1:aNwQb9tqzJ:YaKfOdvi:662a99f8:gb; Path=/; Expires=Thu, 25-Apr-24 17:59:15 GMT; HttpOnly; Secure; SameSite=Lax
JSESSIONID=686191F05159430C30CDA67AD23C0C31.TCbs10a; Path=/; Secure; HttpOnly
content-security-policy: default-src 'self' frontend-services.ionos.com; img-src 'self' data: *.ionos.com *.uicdn.net; font-src 'self' cors.uicdn.net ce1.uicdn.net; script-src 'nonce-IVeQeHntJe7qkVGOSzgQ52rIKnunlYmZIGtEgyRLtTU=' 'strict-dynamic' 'self' tif.ionos.com ce1.uicdn.net var.uicdn.net; style-src 'self' frontend-services.ionos.com ce1.uicdn.net var.uicdn.net 'nonce-IVeQeHntJe7qkVGOSzgQ52rIKnunlYmZIGtEgyRLtTU='; frame-src data: 'self' *.ionos.com; child-src data: 'self' *.ionos.com; connect-src 'self' ahab.ionos.com sherlock.us.ac1.server.lan sherlock.ionos.com sentry.ionos.com hed.ionos.com navigation.ionos.com frontend-services.ionos.com t.ionos.com l4wxddfpxjw0.statuspage.io; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; report-uri https://sentry.ionos.com/api/37/security/?sentry_key=b4a988ca9dc347169637be0cf1105ce4
last-modified: Mon, 22 Apr 2024 04:54:08 GMT
accept-ranges: bytes
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
content-encoding: gzip
x-cache-status: MISS
X-Firefox-Spdy: h2

id.ionos.com/style/starter-main.min.css

217.160.86.24

200 OK

2.1 kB

URL GET HTTP/2
id.ionos.com/style/starter-main.min.css
IP
217.160.86.24:443
ASN
#8560 IONOS SE

Requested by
https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectid.ionos.com
Fingerprint29:20:6F:8E:FC:AD:C3:87:D3:89:DF:72:CA:8A:CB:2F:B3:30:DF:49
ValidityMon, 22 May 2023 00:00:00 GMT - Tue, 21 May 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (2066), with no line terminators
Size
2.1 kB (2061 bytes)
Hash
9e1957468be9f75ced95a62a85134717
7b924c370b5295704ddff85abbf47d0cc862fd24
58da4994d8f2e626052de57a58c0b726a56383f95a260e90d50f2ce0a705d730

HTTP Headers

GET /style/starter-main.min.css HTTP/1.1
Host: id.ionos.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:59:15 GMT
content-type: text/css
server: Apache
vary: Origin,Accept-Encoding,Access-Control-Request-Method,Access-Control-Request-Headers
set-cookie: DPX=v1:93EqbUX/KD:bt7ZdAmA:662a99f8:gb; Path=/; Expires=Thu, 25-Apr-24 17:59:15 GMT; HttpOnly; Secure; SameSite=Lax
JSESSIONID=F278848E3B9B284ADB50FB156FA0EB71.TCbs12a; Path=/; Secure; HttpOnly
content-security-policy: default-src 'self' frontend-services.ionos.com; img-src 'self' data: *.ionos.com *.uicdn.net; font-src 'self' cors.uicdn.net ce1.uicdn.net; script-src 'nonce-B3ALkj4AoH7CsLrKl9hbATUT0oxJMCxYiO1TNopfOeU=' 'strict-dynamic' 'self' tif.ionos.com ce1.uicdn.net var.uicdn.net; style-src 'self' frontend-services.ionos.com ce1.uicdn.net var.uicdn.net 'nonce-B3ALkj4AoH7CsLrKl9hbATUT0oxJMCxYiO1TNopfOeU='; frame-src data: 'self' *.ionos.com; child-src data: 'self' *.ionos.com; connect-src 'self' ahab.ionos.com sherlock.us.ac1.server.lan sherlock.ionos.com sentry.ionos.com hed.ionos.com navigation.ionos.com frontend-services.ionos.com t.ionos.com l4wxddfpxjw0.statuspage.io; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; report-uri https://sentry.ionos.com/api/37/security/?sentry_key=b4a988ca9dc347169637be0cf1105ce4
last-modified: Sat, 23 Mar 2024 09:38:22 GMT
accept-ranges: bytes
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
content-encoding: gzip
x-cache-status: MISS
X-Firefox-Spdy: h2

id.ionos.com/image/my-account.svg

217.160.86.24

200 OK

845 B

URL GET HTTP/2
id.ionos.com/image/my-account.svg
IP
217.160.86.24:443
ASN
#8560 IONOS SE

Requested by
https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectid.ionos.com
Fingerprint29:20:6F:8E:FC:AD:C3:87:D3:89:DF:72:CA:8A:CB:2F:B3:30:DF:49
ValidityMon, 22 May 2023 00:00:00 GMT - Tue, 21 May 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
845 B (845 bytes)
Hash
57dd866bf8a9fe00f14fc919d062d4df
7a444e980e3e6e2d4c9f2f81f9be7c0c12e16c30
604e5be22713e378c842ad08cbb54b859df4b16fc1a46b5d38366cde28ca0348

HTTP Headers

GET /image/my-account.svg HTTP/1.1
Host: id.ionos.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:59:15 GMT
content-type: image/svg+xml
server: Apache
vary: Origin,Accept-Encoding,Access-Control-Request-Method,Access-Control-Request-Headers
set-cookie: DPX=v1:tlCADucJct:efQbwk6D:662a99f8:gb; Path=/; Expires=Thu, 25-Apr-24 17:59:15 GMT; HttpOnly; Secure; SameSite=Lax
JSESSIONID=99ACF5F90E3323827A6D0BFF553789D0.TCbs11a; Path=/; Secure; HttpOnly
content-security-policy: default-src 'self' frontend-services.ionos.com; img-src 'self' data: *.ionos.com *.uicdn.net; font-src 'self' cors.uicdn.net ce1.uicdn.net; script-src 'nonce-QZJRlD8yykrcXuafQF+q/fqatSDWtgCfjulqtXN3m2U=' 'strict-dynamic' 'self' tif.ionos.com ce1.uicdn.net var.uicdn.net; style-src 'self' frontend-services.ionos.com ce1.uicdn.net var.uicdn.net 'nonce-QZJRlD8yykrcXuafQF+q/fqatSDWtgCfjulqtXN3m2U='; frame-src data: 'self' *.ionos.com; child-src data: 'self' *.ionos.com; connect-src 'self' ahab.ionos.com sherlock.us.ac1.server.lan sherlock.ionos.com sentry.ionos.com hed.ionos.com navigation.ionos.com frontend-services.ionos.com t.ionos.com l4wxddfpxjw0.statuspage.io; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; report-uri https://sentry.ionos.com/api/37/security/?sentry_key=b4a988ca9dc347169637be0cf1105ce4
last-modified: Mon, 22 Apr 2024 04:54:08 GMT
accept-ranges: bytes
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
content-encoding: gzip
x-cache-status: MISS
X-Firefox-Spdy: h2

stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

104.18.10.207

200 OK

51 kB

URL GET HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63
ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT

File type
JavaScript source, ASCII text, with very long lines (50758)
Size
51 kB (51039 bytes)
Hash
67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

HTTP Headers

GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hadow-worker-hidden-s981e.c1o-u-dost-orage.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:59:15 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 11/15/2021 23:30:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: a35b0179a28ed953258d0fb41376a09c
cdn-cache: HIT
cf-cache-status: HIT
age: 1978956
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 879fe1eaed611c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (27)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by