urlscan.io logo urlscan.io
SecurityTrails logo

ihr-ebanking.com Open in urlscan Pro
2606:4700:3030::6815:3001  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://ihr-ebanking.com/de/receive/79469380
Submission: On January 06 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 14 HTTP transactions. The main IP is 2606:4700:3030::6815:3001, located in United States and belongs to CLOUDFLARENET, US. The main domain is ihr-ebanking.com.
TLS certificate: Issued by WE1 on November 11th 2024. Valid for: 3 months.
This is the only time ihr-ebanking.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
1 6 2606:4700:303... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
14 5
6    2606:4700:3030::6815:3001 (United States)

ASN13335 (CLOUDFLARENET, US)
ihr-ebanking.com
2    2606:4700::6810:20e4 (United States)

ASN13335 (CLOUDFLARENET, US)
cpwebassets.codepen.io
4    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
6 ihr-ebanking.com
ihr-ebanking.com
23 KB
4 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 225
54 KB
2 gstatic.com
fonts.gstatic.com
22 KB
2 codepen.io
cpwebassets.codepen.io — Cisco Umbrella Rank: 105964
4 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
1 KB
14 5
Domain Requested by
6 ihr-ebanking.com 1 redirects ihr-ebanking.com
4 cdnjs.cloudflare.com ihr-ebanking.com
2 fonts.gstatic.com fonts.googleapis.com
2 cpwebassets.codepen.io ihr-ebanking.com
1 fonts.googleapis.com ihr-ebanking.com
14 5

This site contains no links.

Subject Issuer Validity Valid
ihr-ebanking.com
WE1		 2024-11-11 -
2025-02-09		 3 months crt.sh
codepen.io
WE1		 2024-11-30 -
2025-03-01		 3 months crt.sh
cdnjs.cloudflare.com
WE1		 2024-11-26 -
2025-02-24		 3 months crt.sh
upload.video.google.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
*.gstatic.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://ihr-ebanking.com/de/receive/79469380
Frame ID: A8C53302F230629EF4985CDA0FC9A531
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

404

Page URL History Show full URLs

  1. https://ihr-ebanking.com/de/receive/79469380 Page URL
  2. https://ihr-ebanking.com/cdn-cgi/phish-bypass?atok=yca5aaebgpkCZ2EEn.bnYOhqxR5LV.KEx0nP27YXHWM-173618... HTTP 301
    https://ihr-ebanking.com/de/receive/79469380 Page URL

Page Statistics

14
Requests

100 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

103 kB
Transfer

297 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ihr-ebanking.com/de/receive/79469380 Page URL
  2. https://ihr-ebanking.com/cdn-cgi/phish-bypass?atok=yca5aaebgpkCZ2EEn.bnYOhqxR5LV.KEx0nP27YXHWM-1736188981-0.0.1.1-%2Fde%2Freceive%2F79469380 HTTP 301
    https://ihr-ebanking.com/de/receive/79469380 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
79469380
ihr-ebanking.com/de/receive/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ihr-ebanking.com/de/receive/79469380
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:3001 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
224918b74d8616e6a0160760e0f3d076c72be6b0f2af8544fe0a5fac90fcf456
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cf-ray
8fddd9efaa892c7d-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 06 Jan 2025 18:43:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NwcKY0yYwMSPtGCuFr6%2Fs39KPACk%2FUNvtq141Sq6ZP2a9tC2d8KbTmVYgnFlRFrjkrp%2FWmyDVc9TOIyr1mIQFC0NI0E5b6bMKD77CnXAf4T2g1SM5TfeypOlgFj6fYCzCrUuLvRCZEcdwx0pD7ML"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cf.errors.css
ihr-ebanking.com/cdn-cgi/styles/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ihr-ebanking.com/cdn-cgi/styles/cf.errors.css
Requested by
Host: ihr-ebanking.com
URL: https://ihr-ebanking.com/de/receive/79469380
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:3001 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ihr-ebanking.com/de/receive/79469380

Response headers

vary
Accept-Encoding
cache-control
max-age=7200, public
content-encoding
gzip
etag
W/"675fc4ac-5df3"
x-content-type-options
nosniff
cf-ray
8fddd9effa8a2c7d-FRA
expires
Mon, 06 Jan 2025 20:43:01 GMT
date
Mon, 06 Jan 2025 18:43:01 GMT
content-type
text/css
last-modified
Mon, 16 Dec 2024 06:11:56 GMT
server
cloudflare
x-frame-options
DENY
icon-exclamation.png
ihr-ebanking.com/cdn-cgi/images/ 		452 B
634 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ihr-ebanking.com/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: ihr-ebanking.com
URL: https://ihr-ebanking.com/cdn-cgi/styles/cf.errors.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:3001 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ihr-ebanking.com/cdn-cgi/styles/cf.errors.css

Response headers

vary
Accept-Encoding
cache-control
max-age=7200, public
etag
"675fc4ac-1c4"
x-content-type-options
nosniff
cf-ray
8fddd9f02a8e2c7d-FRA
expires
Mon, 06 Jan 2025 20:43:01 GMT
accept-ranges
bytes
content-length
452
date
Mon, 06 Jan 2025 18:43:01 GMT
content-type
image/png
last-modified
Mon, 16 Dec 2024 06:11:56 GMT
server
cloudflare
x-frame-options
DENY
favicon.ico
ihr-ebanking.com/ 		33 KB
8 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://ihr-ebanking.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:3001 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
01c9ca3599777ce5d4225f84bf1a21c31102e1d8b038c25308c689ca54114a66

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ihr-ebanking.com/de/receive/79469380

Response headers

x-robots-tag
noindex, nofollow, noarchive
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
BYPASS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8szylhEaM%2FG%2FdxnwtOvLv2Nhnp%2B%2Bjt0ZdrM0C1ZhN62iuesU1UbK0xMbTM6Da1%2FgR17txE5m%2BPHmk0tFZdCCYP3Tiruvn00jGm0QG%2Bt5%2BmXre2P1eI3MXHSBxCmxhfWexqAZaqyPsXxBot2ySrdJ"}],"group":"cf-nel","max_age":604800}
cf-ray
8fddd9f04a8f2c7d-FRA
alt-svc
h3=":443"; ma=86400
date
Mon, 06 Jan 2025 18:43:01 GMT
content-type
text/html; charset=utf-8
x-powered-by
Express
server
cloudflare
vary
Accept-Encoding
Primary Request 79469380
ihr-ebanking.com/de/receive/
Redirect Chain
  • https://ihr-ebanking.com/cdn-cgi/phish-bypass?atok=yca5aaebgpkCZ2EEn.bnYOhqxR5LV.KEx0nP27YXHWM-1736188981-0.0.1.1-%2Fde%2Freceive%2F79469380
  • https://ihr-ebanking.com/de/receive/79469380
33 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ihr-ebanking.com/de/receive/79469380
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:3001 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
01c9ca3599777ce5d4225f84bf1a21c31102e1d8b038c25308c689ca54114a66

Request headers

Referer
https://ihr-ebanking.com/de/receive/79469380
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8fddda06bafb2c7d-FRA
content-encoding
zstd
content-type
text/html; charset=utf-8
date
Mon, 06 Jan 2025 18:43:05 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5GJwvmblIlWcI8KbXr3rGbYtt4sxOCChCYqvfJlLZuTT4QQ4Y113spHew8nQLq5zLeW8Y6YbcXewV3LyRXMgLiWUHlvMcMsF6DzcBsCNqSf7O9w5etVD9m2FSXUBwOK%2Bga5NDpqVL%2BW3mCqG7Ith"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
x-powered-by
Express
x-robots-tag
noindex, nofollow, noarchive

Redirect headers

cache-control
private, no-cache
cf-ray
8fddda068afa2c7d-FRA
content-length
167
content-type
text/html
date
Mon, 06 Jan 2025 18:43:05 GMT
location
https://ihr-ebanking.com/de/receive/79469380
server
cloudflare
x-content-type-options
nosniff
x-frame-options
DENY
stopExecutionOnTimeout-2c7831bb44f98c1391d6a4ffda0e1fd302503391ca806e7fcc7b9b87197aec26.js
cpwebassets.codepen.io/assets/common/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cpwebassets.codepen.io/assets/common/stopExecutionOnTimeout-2c7831bb44f98c1391d6a4ffda0e1fd302503391ca806e7fcc7b9b87197aec26.js
Requested by
Host: ihr-ebanking.com
URL: https://ihr-ebanking.com/de/receive/79469380
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:20e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c7831bb44f98c1391d6a4ffda0e1fd302503391ca806e7fcc7b9b87197aec26
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ihr-ebanking.com/

Response headers

content-encoding
br
cf-cache-status
HIT
age
817033
access-control-allow-methods
POST, GET, OPTIONS
expires
Tue, 06 Jan 2026 18:43:05 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 06 Jan 2025 18:43:05 GMT
content-type
application/javascript; charset=utf-8
last-modified
Fri, 11 Oct 2024 23:17:36 GMT
vary
Accept-Encoding
priority
u=1,i=?0
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000
cf-ray
8fddda081b2891e3-FRA
access-control-allow-origin
*
server
cloudflare
normalize.min.css
cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
Requested by
Host: ihr-ebanking.com
URL: https://ihr-ebanking.com/de/receive/79469380
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b76ffbb2665f82b493e054b50d3d1bb3f2a8b4233be1795ca9937956eef196bc
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ihr-ebanking.com/

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"5eb03f2b-897"
age
1182735
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CbjK5%2BxRr09U6nKaFBH8GSW9S0E%2Bd3AKIoTzK7iRSFrd35hW6qRXemsB6%2FpED7FBjV2ZOQq5S3DL9fvnJwfFePt%2FmflmRvja49PzPB3rZEModauvPbDYY7ra%2FWsSYVC76wruSdqx%2FLE7IhjO1N6WqcJO"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sat, 27 Dec 2025 18:43:05 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 06 Jan 2025 18:43:05 GMT
content-type
text/css; charset=utf-8
last-modified
Mon, 04 May 2020 16:13:31 GMT
vary
Accept-Encoding
priority
u=0,i=?0
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8fddda080cb0d37e-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
745
server
cloudflare
css
fonts.googleapis.com/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto+Mono&display=swap
Requested by
Host: ihr-ebanking.com
URL: https://ihr-ebanking.com/de/receive/79469380
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e52c838f42938406d65ae685cc53e2d7c5dc09f2c2080f9d6baa6f66acb554c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ihr-ebanking.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 06 Jan 2025 18:43:05 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 06 Jan 2025 18:43:05 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Mon, 06 Jan 2025 17:29:50 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
react.production.min.js
cdnjs.cloudflare.com/ajax/libs/react/16.13.1/umd/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/react/16.13.1/umd/react.production.min.js
Requested by
Host: ihr-ebanking.com
URL: https://ihr-ebanking.com/de/receive/79469380
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9486f126615859fc61ac84840a02b2efc920d287a71d99d708c74b2947750fe
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ihr-ebanking.com/

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"5eb03fbd-30af"
age
1097338
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BAyKbEfkp7BpwV%2FbZxZtPEN9V5BEox38Xqp1pXP1PGFg1%2BQuX%2FZRpb3IRXxvnfXcKuDIGCgTxPmqyY62Q%2BiiSfPpBk5p8YURT5zAqRiUE6IkRYvg2kct%2F%2FORE3Z%2FRHUJIj4uhQX1OKfjybbBlwWZW1dR"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sat, 27 Dec 2025 18:43:05 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 06 Jan 2025 18:43:05 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 04 May 2020 16:15:57 GMT
vary
Accept-Encoding
priority
u=1,i=?0
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8fddda080ca7d37e-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
4337
server
cloudflare
react-dom.production.min.js
cdnjs.cloudflare.com/ajax/libs/react-dom/16.13.1/umd/ 		116 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/react-dom/16.13.1/umd/react-dom.production.min.js
Requested by
Host: ihr-ebanking.com
URL: https://ihr-ebanking.com/de/receive/79469380
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc5b7797e8a595e365c1385b0d47683d3a85f3533c58d499659b771c48ec6d25
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ihr-ebanking.com/

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"5eb03fb8-1cf80"
age
745459
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kQdSSOfe9L5ECpFDzoiovhx9%2Bdc3oggkDWoqivdcRSPmngoImq991wprBHu9QmwwZHZ9z5OH1qEwFTZAC%2Bpus5Fx%2F5LV6KHEd8apbPa7Wj4AilEeEsNQ8oXjfD4oOp3rBlpnMsyWOKT6sfr6TlNmVqBI"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sat, 27 Dec 2025 18:43:05 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 06 Jan 2025 18:43:05 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 04 May 2020 16:15:52 GMT
vary
Accept-Encoding
priority
u=1,i=?0
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8fddda080cb2d37e-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
33015
server
cloudflare
styled-components.min.js
cdnjs.cloudflare.com/ajax/libs/styled-components/3.2.1/ 		40 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/styled-components/3.2.1/styled-components.min.js
Requested by
Host: ihr-ebanking.com
URL: https://ihr-ebanking.com/de/receive/79469380
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5bfc0c4936492fc07b1234458f7e5ca6a622a3a333356a258f630752b477810d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ihr-ebanking.com/

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"5eb03fdc-a1ef"
age
3634255
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9EQyc51ReMaReXQSJZAafDSXiNAcVBOg7aJvaKQamFna%2F1eJb4pWFLAMKPtT7tWqh4trq6qhw%2BaQ7GWO4dNp%2FMF0UPbaAwfwfO9o2oDKiP9mVvVPO2I%2BdpNiiAmjtiLOEt4Uy6E3tzvsvM8zlEt4kcPi"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sat, 27 Dec 2025 18:43:05 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 06 Jan 2025 18:43:05 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 04 May 2020 16:16:28 GMT
vary
Accept-Encoding
priority
u=1,i=?0
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8fddda080cb5d37e-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
14145
server
cloudflare
iframeRefreshCSS-44fe83e49b63affec96918c9af88c0d80b209a862cf87ac46bc933074b8c557d.js
cpwebassets.codepen.io/assets/editor/iframe/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cpwebassets.codepen.io/assets/editor/iframe/iframeRefreshCSS-44fe83e49b63affec96918c9af88c0d80b209a862cf87ac46bc933074b8c557d.js
Requested by
Host: ihr-ebanking.com
URL: https://ihr-ebanking.com/de/receive/79469380
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:20e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44fe83e49b63affec96918c9af88c0d80b209a862cf87ac46bc933074b8c557d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ihr-ebanking.com/

Response headers

content-encoding
br
cf-cache-status
HIT
age
1089702
access-control-allow-methods
POST, GET, OPTIONS
expires
Tue, 06 Jan 2026 18:43:05 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 06 Jan 2025 18:43:05 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 25 Jul 2024 17:01:56 GMT
vary
Accept-Encoding
priority
u=1,i=?0
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000
cf-ray
8fddda081b2691e3-FRA
access-control-allow-origin
*
server
cloudflare
L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW4.woff2
fonts.gstatic.com/s/robotomono/v23/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Mono&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
32c8a74ac0816253d69a7cc68a60986d91c77c80fb17101058527bffa45a13ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://ihr-ebanking.com
Referer
https://fonts.googleapis.com/

Response headers

age
552569
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 31 Dec 2025 09:13:36 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 31 Dec 2024 09:13:36 GMT
last-modified
Thu, 14 Sep 2023 01:16:46 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
12764
x-xss-protection
0
server
sffe
L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_SuW4Ep0.woff2
fonts.gstatic.com/s/robotomono/v23/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_SuW4Ep0.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Mono&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
93b6c99d936df38895a0d95e3ffea2fd395ac2569ff95b1c0b82a6270b51708b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://ihr-ebanking.com
Referer
https://fonts.googleapis.com/

Response headers

age
552508
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 31 Dec 2025 09:14:38 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 31 Dec 2024 09:14:38 GMT
last-modified
Thu, 14 Sep 2023 00:43:56 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
9556
x-xss-protection
0
server
sffe

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| HUB_EVENTS object| CP object| React object| ReactDOM object| styled function| _extends object| PEN_CONSTANTS

3 Cookies

Domain/Path Name / Value
ihr-ebanking.com/ Name: connect.sid
Value: s%3A%23Europe322658091.GyjMWlvhAQfAGX4irmgdaItzeZiSX75GwMZlI4pD4pw
.ihr-ebanking.com/ Name: __cf_mw_byp
Value: yca5aaebgpkCZ2EEn.bnYOhqxR5LV.KEx0nP27YXHWM-1736188981-0.0.1.1-/de/receive/79469380
.codepen.io/ Name: __cf_bm
Value: zi8grmXD11qfEKevwpnSMB5ysKyK5ObCMmK.12FlTQQ-1736188985-1.0.1.1-3EDVuvd1kQ_CN1PJqCjMQQFK0qQdcbt_2C5U9A2ejnOHR2ZR3Z769ULzooYnjtfm65Gq4vi9c7LJnsXE1N1q8A

3 Console Messages

Source Level URL
Text
network error URL: https://ihr-ebanking.com/de/receive/79469380
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://ihr-ebanking.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://ihr-ebanking.com/de/receive/79469380
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN