aaits.ca Open in urlscan Pro
192.185.89.112 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://justamagic.ru/asset
Effective URL:
https://aaits.ca/iono/renew/gr/main.php
Submission: On June 10 via api (June 10th 2024, 3:31:16 am UTC) from FI — Scanned from DE

Summary HTTP 3 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main IP is 192.185.89.112, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is aaits.ca.
TLS certificate: Issued by R3 on May 16th 2024. Valid for: 3 months.

This is the only time aaits.ca was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: 1&1 Ionos (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
2 4	2a03:6f00:6:1... 2a03:6f00:6:1::b972:f7e8	9123 (TIMEWEB-AS) (TIMEWEB-AS)
2 3	192.185.89.112 192.185.89.112	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
3	3

4 2a03:6f00:6:1::b972:f7e8 (Russian Federation) 2 redirects

ASN9123 (TIMEWEB-AS, RU)

justamagic.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.185.89.112 (United States) 2 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 192-185-89-112.unifiedlayer.com

aaits.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	justamagic.ru 2 redirects justamagic.ru	2 KB
3	aaits.ca 2 redirects aaits.ca	673 KB
3	2

	Domain	Requested by
4	justamagic.ru	2 redirects
3	aaits.ca	2 redirects
3	2

This site contains links to these domains. Also see Links.

Domain
login.ionos.com
www.ionos.com
ias.ionos.com
mail.ionos.com
dcd.ionos.com
hidrive.ionos.com
www.ionos-status.com

Subject Issuer	Validity	Valid
justamagic.ru R3	`2024-05-21` - `2024-08-19`	3 months	crt.sh
aaits.ca R3	`2024-05-16` - `2024-08-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://aaits.ca/iono/renew/gr/main.php
Frame ID: 301938BB3D0B51E40B24EC052E81E0F5
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Anmeldung - IONOS

Page URL History Show full URLs

https://justamagic.ru/asset HTTP 301
http://justamagic.ru/asset/ HTTP 307
https://justamagic.ru/asset/ Page URL
https://aaits.ca/iono/renew/ HTTP 302
https://aaits.ca/iono/renew/gr/ HTTP 302
https://aaits.ca/iono/renew/gr/main.php Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

3
Requests

67 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

936 kB
Transfer

1544 kB
Size

0
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://login.ionos.com/
Title: Anmeldung

Search URL Search Domain Scan URL

URL: https://www.ionos.com/help/security-c85142/browser-security-c85171
Title: Learn more

Search URL Search Domain Scan URL

URL: https://www.ionos.com/help/index.php?id=4152
Title: Anmeldedaten vergessen?

Search URL Search Domain Scan URL

URL: https://ias.ionos.com/ias/follow/CLICK?ias_source=ACCOUNT_WEBAPP-US&ias_medium=HOME-login_offerlink&ias_content=LOGIN_OFFERLINK-DEFAULT&ias_campaign=&iasSessionId=ceea3f8b-5d6e-43e4-848a-1cb55f5a8409&target=https%3A%2F%2Fwww.ionos.com%2F%3Fac%3DOM.US.US263K413861T7073a
Title: Werden Sie jetzt Kunde und profitieren Sie von unseren Angeboten.

Search URL Search Domain Scan URL

URL: https://mail.ionos.com/
Title: Webmail

Search URL Search Domain Scan URL

URL: https://dcd.ionos.com/latest?regDomain=ionos.com
Title: Rechenzentrumsdesigner

Search URL Search Domain Scan URL

URL: https://hidrive.ionos.com/
Title: HiDrive

Search URL Search Domain Scan URL

URL: https://www.ionos-status.com/?utm_medium=footer&utm_content=minor&utm_source=CENTRAL_LOGIN&utm_campaign=HOME&utm_term=no_search
Title: Beeinträchtigte Leistung

Search URL Search Domain Scan URL

URL: https://www.ionos.com/about
Title: IONOS Inc.

Search URL Search Domain Scan URL

URL: https://www.ionos.com/terms-gtc/terms-privacy
Title: Datenschutzrichtlinie

Search URL Search Domain Scan URL

URL: https://www.ionos.com/terms-gtc
Title: T&Cs

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://justamagic.ru/asset HTTP 301
http://justamagic.ru/asset/ HTTP 307
https://justamagic.ru/asset/ Page URL
https://aaits.ca/iono/renew/ HTTP 302
https://aaits.ca/iono/renew/gr/ HTTP 302
https://aaits.ca/iono/renew/gr/main.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://justamagic.ru/asset HTTP 301
http://justamagic.ru/asset/ HTTP 307
https://justamagic.ru/asset/

Request Chain 1

https://justamagic.ru/favicon.ico HTTP 302
https://justamagic.ru/wp-content/uploads/2024/06/cropped-justamagic-32x32.png

3 HTTP transactions
10 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response justamagic.ru/asset/ Redirect Chain https://justamagic.ru/asset http://justamagic.ru/asset/ https://justamagic.ru/asset/	72 B 150 B	428ms 428ms	Document text/html	2a03:6f00:6:1::b972:f7e8 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://justamagic.ru/asset/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:6f00:6:1::b972:f7e8 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS Software nginx/1.24.0 / Resource Hash `1bfda4b31c3229348863f20e030aacc3d78f4f85fe6cf5affc883ac7b3ccb102` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers content-length 72 content-type text/html; charset=UTF-8 date Mon, 10 Jun 2024 03:31:12 GMT server nginx/1.24.0 Redirect headers Location https://justamagic.ru/asset/ Non-Authoritative-Reason HttpsUpgrades
GET H2	200	Primary Request main.php Show response aaits.ca/iono/renew/gr/ Redirect Chain https://aaits.ca/iono/renew/ https://aaits.ca/iono/renew/gr/ https://aaits.ca/iono/renew/gr/main.php	1 MB 673 KB	514ms 514ms	Document text/html	192.185.89.112 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL https://aaits.ca/iono/renew/gr/main.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.89.112 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-89-112.unifiedlayer.com Software Apache / Resource Hash `19010b49450631f7c79930db0987e4dee23f161a5fab2cd7ed84927535776828` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://justamagic.ru/asset/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers content-encoding gzip content-type text/html; charset=UTF-8 date Mon, 10 Jun 2024 03:31:13 GMT server Apache vary Accept-Encoding Redirect headers content-length 0 content-type text/html; charset=UTF-8 date Mon, 10 Jun 2024 03:31:13 GMT location ./main.php server Apache
GET H2	200	cropped-justamagic-32x32.png justamagic.ru/wp-content/uploads/2024/06/ Redirect Chain https://justamagic.ru/favicon.ico https://justamagic.ru/wp-content/uploads/2024/06/cropped-justamagic-32x32.png	1 KB 2 KB	78ms 77ms	Other image/png	2a03:6f00:6:1::b972:f7e8 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://justamagic.ru/wp-content/uploads/2024/06/cropped-justamagic-32x32.png Protocol H2 Server 2a03:6f00:6:1::b972:f7e8 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS Software nginx/1.24.0 / Resource Hash Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://justamagic.ru/asset/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Mon, 10 Jun 2024 03:31:12 GMT last-modified Sun, 02 Jun 2024 05:50:59 GMT server nginx/1.24.0 etag "665c0843-582" content-type image/png cache-control max-age=31536000 accept-ranges bytes content-length 1410 expires Tue, 10 Jun 2025 03:31:12 GMT Redirect headers location https://justamagic.ru/wp-content/uploads/2024/06/cropped-justamagic-32x32.png date Mon, 10 Jun 2024 03:31:12 GMT server nginx/1.24.0 x-redirect-by WordPress content-length 0 content-type text/html; charset=UTF-8
GET DATA	200 OK	truncated /	845 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `78957d2db50f27985e0c73c0236d2b4377f53f8c2681c2d00be836b6eb967a4d` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0f1f89f3de13481ab3a2f24d0840323c36e1673bb3d0283d7ec0c63e9560bd71` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `209df082d94354998063d5e5613588a07a7652cda292949b05060de1fac6a6a2` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	920 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7043d536f588b8ccb2d6fba13113af4b69fe0c517c7bd885081e62b90d6c1e1f` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	62 KB 62 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b` Request headers Referer Origin https://aaits.ca Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	251 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e429904c596758c38b6110935a28e2769b7b5aa73033d8e7c18319cb84c7c461` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	50 KB 50 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `35538b399f40d6db114f64b970fb8a612d88d833906f95f4cb8675c0277ecfb3` Request headers Referer Origin https://aaits.ca Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	42 KB 42 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d78e7ad4838a9fb4db11451b1db78ccd0b0c7b28f5787684ce2870918ce27bb5` Request headers Referer Origin https://aaits.ca Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	68 KB 68 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b0390aa3e137e3e49d7d6ed5d86c208fec1dd45ff8a56836c3f86c2e32cd2d7a` Request headers Referer Origin https://aaits.ca Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	40 KB 40 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `82a3b507d88d0bf1ae099818e5e4754081e05a915408c22ec6db3cda9b96afd4` Request headers Referer Origin https://aaits.ca Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type application/font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: 1&1 Ionos (Telecommunication)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| savepage_ShadowLoader

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://aaits.ca/iono/renew/gr/main.php Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aaits.ca
justamagic.ru
192.185.89.112
2a03:6f00:6:1::b972:f7e8
0f1f89f3de13481ab3a2f24d0840323c36e1673bb3d0283d7ec0c63e9560bd71
19010b49450631f7c79930db0987e4dee23f161a5fab2cd7ed84927535776828
1bfda4b31c3229348863f20e030aacc3d78f4f85fe6cf5affc883ac7b3ccb102
209df082d94354998063d5e5613588a07a7652cda292949b05060de1fac6a6a2
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b
35538b399f40d6db114f64b970fb8a612d88d833906f95f4cb8675c0277ecfb3
7043d536f588b8ccb2d6fba13113af4b69fe0c517c7bd885081e62b90d6c1e1f
78957d2db50f27985e0c73c0236d2b4377f53f8c2681c2d00be836b6eb967a4d
82a3b507d88d0bf1ae099818e5e4754081e05a915408c22ec6db3cda9b96afd4
b0390aa3e137e3e49d7d6ed5d86c208fec1dd45ff8a56836c3f86c2e32cd2d7a
d78e7ad4838a9fb4db11451b1db78ccd0b0c7b28f5787684ce2870918ce27bb5
e429904c596758c38b6110935a28e2769b7b5aa73033d8e7c18319cb84c7c461

aaits.ca Open in urlscan Pro 192.185.89.112 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

3 Requests

67 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

936 kBTransfer

1544 kBSize

0 Cookies

11 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

aaits.ca Open in urlscan Pro
192.185.89.112 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

67 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

936 kB
Transfer

1544 kB
Size

0
Cookies

3 HTTP transactions
10 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!