Report - aahing.de/all/?click_id=colhkftqtppc739k8s70

Report Overview

Submitted URL
aahing.de/all/?click_id=colhkftqtppc739k8s70
IP
13.213.161.248
ASN
#16509 AMAZON-02
Submitted
2024-04-26 03:08:02
Access
public
Website Title
aahing.de/all/?click_id=colhkftqtppc739k8s70
Final URL
aahing.de/all/?click_id=colhkftqtppc739k8s70
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
d1dt57yh60in0y.cloudfront.net	unknown	2008-04-25	2022-04-19	2024-04-18	877 B	179 kB	54.230.111.44
lemouwee.com	176393	2021-03-12	2021-03-12	2024-04-24	1.0 kB	25 kB	139.45.197.251
jouteetu.net	260109	2021-07-08	2021-07-15	2024-04-25	1.3 kB	1.9 kB	139.45.197.251
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-04-25	983 B	1.1 kB	139.45.197.250
aahing.de	unknown	unknown	No data	No data	2.7 kB	10 kB	13.213.161.248

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	amunfezanttor.com	Sinkholed
2024-04-25	medium	amunfezanttor.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	aahing.de/all/?click_id=colhkftqtppc739k8s70	0 B	2023-03-07	2024-05-05
Pretty URL aahing.de/all/?click_id=colhkftqtppc739k8s70 IP 13.213.161.248 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-05 20:43:34 Times Seen37369660 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	aahing.de/all/common.js?v=20230908	1.1 kB	2024-04-26	2024-04-26
Pretty URL aahing.de/all/common.js?v=20230908 IP 13.213.161.248 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 05:08:09 Last Seen2024-04-26 05:08:09 Times Seen2 Hash 48fdb7d16133d45e83b9c59b63ba8be0 b9fcdcd8188bbd18fc650ebcd20b2af059324445 c6bcdbc17407f22784f01cc3223101144cbc573991d8ec92bc76c2ecff3a4b44 Loading...

	aahing.de/all/?click_id=colhkftqtppc739k8s70	0 B	2023-03-07	2024-05-05
Pretty URL aahing.de/all/?click_id=colhkftqtppc739k8s70 IP 13.213.161.248 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-05 20:43:34 Times Seen37369660 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	lemouwee.com/pfe/current/micro.tag.min.js?z=7393955&sw=/sw-check-permissions-721f0.js	37 kB	2024-04-25	2024-05-05
Pretty URL lemouwee.com/pfe/current/micro.tag.min.js?z=7393955&sw=/sw-check-permissions-721f0.js IP 139.45.197.251 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 13:01:48 Last Seen2024-05-05 20:43:17 Times Seen1527 Hash 32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de Loading...

HTTP Transactions (15)

URL IP Response Size

aahing.de/all/?click_id=colhkftqtppc739k8s70

13.213.161.248

200 OK

1.0 kB

URL User Request GET HTTP/1.1
aahing.de/all/?click_id=colhkftqtppc739k8s70
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectaahing.de
FingerprintCD:CD:DA:80:20:F9:EF:E4:04:26:34:D6:66:20:4D:7F:A7:4E:CA:60
ValidityWed, 24 Apr 2024 02:53:27 GMT - Tue, 23 Jul 2024 02:53:26 GMT

File type
HTML document, ASCII text
Size
1.0 kB (1048 bytes)
Hash
94b187ab649d3b700fdbf61b36068b1f
efc5a3a0d968e7aedc4c8eba4b25ead785ea7d45
92abed386a8f911e76118eb58b93ece9447045ad1bff56a679d4bd3b7ba2ad36

HTTP Headers

GET /all/?click_id=colhkftqtppc739k8s70 HTTP/1.1
Host: aahing.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 26 Apr 2024 03:07:31 GMT
Content-Type: text/html
Last-Modified: Tue, 23 Apr 2024 03:51:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6627303d-c6d"
Content-Encoding: gzip

aahing.de/all/app.css?v=20231218

13.213.161.248

200 OK

1.6 kB

URL GET HTTP/1.1
aahing.de/all/app.css?v=20231218
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Requested by
https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Certificate
IssuerLet's Encrypt
Subjectaahing.de
FingerprintCD:CD:DA:80:20:F9:EF:E4:04:26:34:D6:66:20:4D:7F:A7:4E:CA:60
ValidityWed, 24 Apr 2024 02:53:27 GMT - Tue, 23 Jul 2024 02:53:26 GMT

File type
ASCII text
Size
1.6 kB (1631 bytes)
Hash
0e6d84f22affd539485c2d47cdfcb148
86b9f4acb0f8cdb09a317c0d8fa9e8718a069eb0
6a06ed4bb7f902f517f42cb85d220f553514de7a8c16a2d6be2686079f592f49

HTTP Headers

GET /all/app.css?v=20231218 HTTP/1.1
Host: aahing.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 26 Apr 2024 03:07:32 GMT
Content-Type: text/css
Content-Length: 1631
Last-Modified: Tue, 23 Apr 2024 03:51:25 GMT
Connection: keep-alive
ETag: "6627303d-65f"
Accept-Ranges: bytes

aahing.de/all/css/timeTo.css

13.213.161.248

200 OK

4.2 kB

URL GET HTTP/1.1
aahing.de/all/css/timeTo.css
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Requested by
https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Certificate
IssuerLet's Encrypt
Subjectaahing.de
FingerprintCD:CD:DA:80:20:F9:EF:E4:04:26:34:D6:66:20:4D:7F:A7:4E:CA:60
ValidityWed, 24 Apr 2024 02:53:27 GMT - Tue, 23 Jul 2024 02:53:26 GMT

File type
ASCII text
Size
4.2 kB (4167 bytes)
Hash
c704d4b96307d5faa9f729e1d0f1ff24
c6e4c98a37882b9ae05b51ee5b803662daf974f7
721e2bfcdf3281e55aea0a0ba7ebe94010bead3113aeaae1a22bc158e82a0967

HTTP Headers

GET /all/css/timeTo.css HTTP/1.1
Host: aahing.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 26 Apr 2024 03:07:32 GMT
Content-Type: text/css
Content-Length: 4167
Last-Modified: Tue, 23 Apr 2024 03:51:25 GMT
Connection: keep-alive
ETag: "6627303d-1047"
Accept-Ranges: bytes

aahing.de/all/common.js?v=20230908

13.213.161.248

200 OK

1.1 kB

URL GET HTTP/1.1
aahing.de/all/common.js?v=20230908
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Requested by
https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Certificate
IssuerLet's Encrypt
Subjectaahing.de
FingerprintCD:CD:DA:80:20:F9:EF:E4:04:26:34:D6:66:20:4D:7F:A7:4E:CA:60
ValidityWed, 24 Apr 2024 02:53:27 GMT - Tue, 23 Jul 2024 02:53:26 GMT

File type
JavaScript source, ASCII text
Size
1.1 kB (1065 bytes)
Hash
48fdb7d16133d45e83b9c59b63ba8be0
b9fcdcd8188bbd18fc650ebcd20b2af059324445
c6bcdbc17407f22784f01cc3223101144cbc573991d8ec92bc76c2ecff3a4b44

HTTP Headers

GET /all/common.js?v=20230908 HTTP/1.1
Host: aahing.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 26 Apr 2024 03:07:32 GMT
Content-Type: application/javascript
Content-Length: 1065
Last-Modified: Thu, 25 Apr 2024 16:29:15 GMT
Connection: keep-alive
ETag: "662a84db-429"
Accept-Ranges: bytes

d1dt57yh60in0y.cloudfront.net/cpl/credit_line.jpg

54.230.111.44

200 OK

122 kB

URL GET HTTP/2
d1dt57yh60in0y.cloudfront.net/cpl/credit_line.jpg
IP
54.230.111.44:443
ASN
#16509 AMAZON-02

Requested by
https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x628, components 3
Size
122 kB (121584 bytes)
Hash
ee2525008df8223ebb82d801704cc086
29d6c0c85123c5aaa3f8e4909a8d3f02c0a0385a
f631fcb45674f9112cacb43be859ad7a4919b819296da8c227572af0538267d5

HTTP Headers

GET /cpl/credit_line.jpg HTTP/1.1
Host: d1dt57yh60in0y.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aahing.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 121584
last-modified: Thu, 04 Jan 2024 06:05:35 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Thu, 25 Apr 2024 07:24:27 GMT
etag: "ee2525008df8223ebb82d801704cc086"
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wDG2qJw1jF2HTsD9yR0Mz6LSbDmmQQSGHYF76u86zAjGTivvtRThpA==
age: 72267
X-Firefox-Spdy: h2

d1dt57yh60in0y.cloudfront.net/cpl/alibaba_logo.png

54.230.111.44

200 OK

57 kB

URL GET HTTP/2
d1dt57yh60in0y.cloudfront.net/cpl/alibaba_logo.png
IP
54.230.111.44:443
ASN
#16509 AMAZON-02

Requested by
https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
PNG image data, 428 x 428, 8-bit colormap, non-interlaced
Size
57 kB (56550 bytes)
Hash
df63415b623157b9be8dc33a5f27309b
bd8aec755cbd0713654a3843c0118cad4de65003
02b398d8493eda68bb0a9235b8b32f3a6165f778db56a5a8d272855aa0f6112e

HTTP Headers

GET /cpl/alibaba_logo.png HTTP/1.1
Host: d1dt57yh60in0y.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aahing.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 56550
last-modified: Thu, 04 Jan 2024 06:08:02 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Fri, 26 Apr 2024 03:07:32 GMT
etag: "df63415b623157b9be8dc33a5f27309b"
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vaEN8_s57X14s2le5vZl3M-GusWSU7CF8Fmzozlw0H1CnYI6_ZGqfA==
age: 738
X-Firefox-Spdy: h2

lemouwee.com/zone?&pub=0&zone_id=7393955&is_mobile=false&domain=aahing.de&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=ae4a63f3-77a5-481b-acd5-17d7e915850f&action=prerequest

139.45.197.251

200 OK

0 B

URL POST HTTP/2
lemouwee.com/zone?&pub=0&zone_id=7393955&is_mobile=false&domain=aahing.de&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=ae4a63f3-77a5-481b-acd5-17d7e915850f&action=prerequest
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Certificate
IssuerLet's Encrypt
Subjectlemouwee.com
Fingerprint79:AF:F5:E8:1A:28:27:C6:45:D0:92:C8:F4:67:CA:3A:79:D9:A7:B8
ValidityFri, 05 Apr 2024 05:06:29 GMT - Thu, 04 Jul 2024 05:06:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=7393955&is_mobile=false&domain=aahing.de&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=ae4a63f3-77a5-481b-acd5-17d7e915850f&action=prerequest HTTP/1.1
Host: lemouwee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://aahing.de
DNT: 1
Connection: keep-alive
Referer: https://aahing.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 03:07:33 GMT
content-length: 0
x-trace-id: 196426170b8170be7d67f03c6312445b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aahing.de
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 267
Origin: https://aahing.de
DNT: 1
Connection: keep-alive
Referer: https://aahing.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 03:07:33 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b496b41cc8db3e3ded6c729fae6796b1
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aahing.de
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 270
Origin: https://aahing.de
DNT: 1
Connection: keep-alive
Referer: https://aahing.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 03:07:33 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 03ede430c5962c671b26c4201d0c09de
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aahing.de
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 269
Origin: https://aahing.de
DNT: 1
Connection: keep-alive
Referer: https://aahing.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 03:07:33 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: d8f9eb46343e92356da0fccdca129fd7
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aahing.de
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://aahing.de/
Origin: https://aahing.de
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 03:07:33 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://aahing.de
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

aahing.de/favicon.ico

13.213.161.248

404 Not Found

123 B

URL GET HTTP/1.1
aahing.de/favicon.ico
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Requested by
https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Certificate
IssuerLet's Encrypt
Subjectaahing.de
FingerprintCD:CD:DA:80:20:F9:EF:E4:04:26:34:D6:66:20:4D:7F:A7:4E:CA:60
ValidityWed, 24 Apr 2024 02:53:27 GMT - Tue, 23 Jul 2024 02:53:26 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
123 B (123 bytes)
Hash
1b7c22a214949975556626d7217e9a39
d01c97e2944166ed23e47e4a62ff471ab8fa031f
340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: aahing.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 26 Apr 2024 03:07:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
d9ab705d1b7d20f0a5fcb1eec3846499
c416694e1f704c459465653d321cf415048d2300
4270737982a7356d3d00ee29cc4f8754305f279d4500181d44d9f99b44ac5493

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aahing.de/
Content-Type: application/json
Content-Length: 896
Origin: https://aahing.de
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 03:07:33 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aahing.de
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

aahing.de/sw-check-permissions-721f0.js?zoneId=7393955

13.213.161.248

200 OK

566 B

URL GET HTTP/1.1
aahing.de/sw-check-permissions-721f0.js?zoneId=7393955
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Requested by
https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Certificate
IssuerLet's Encrypt
Subjectaahing.de
FingerprintCD:CD:DA:80:20:F9:EF:E4:04:26:34:D6:66:20:4D:7F:A7:4E:CA:60
ValidityWed, 24 Apr 2024 02:53:27 GMT - Tue, 23 Jul 2024 02:53:26 GMT

File type
Java source, ASCII text
Size
566 B (566 bytes)
Hash
d2e5b86a550b5f8e976b5785549461e2
36d7b50077b0de896c263d558e1988b0ace659c3
99c886857849d260b431eed5613944431fd310113e08bc77778bccc082b902cb

HTTP Headers

GET /sw-check-permissions-721f0.js?zoneId=7393955 HTTP/1.1
Host: aahing.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 26 Apr 2024 03:07:33 GMT
Content-Type: application/javascript
Content-Length: 566
Last-Modified: Thu, 25 Apr 2024 16:29:15 GMT
Connection: keep-alive
ETag: "662a84db-236"
Accept-Ranges: bytes

lemouwee.com/pfe/current/micro.tag.min.js?z=7393955&sw=/sw-check-permissions-721f0.js

139.45.197.251

200 OK

24 kB

URL GET HTTP/2
lemouwee.com/pfe/current/micro.tag.min.js?z=7393955&sw=/sw-check-permissions-721f0.js
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://aahing.de/all/?click_id=colhkftqtppc739k8s70
Certificate
IssuerLet's Encrypt
Subjectlemouwee.com
Fingerprint79:AF:F5:E8:1A:28:27:C6:45:D0:92:C8:F4:67:CA:3A:79:D9:A7:B8
ValidityFri, 05 Apr 2024 05:06:29 GMT - Thu, 04 Jul 2024 05:06:28 GMT

File type
gzip compressed data, max speed, from Unix
Size
24 kB (24321 bytes)
Hash
ec9ceb481647e9a3d57973fc470e3dd3
eae2ff5422d016736cba917ea47730a4984f7b50
b6540c5929a045765a32fd86e5542f0e8e7e28d9d03e59ded5c18b910615222e

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=7393955&sw=/sw-check-permissions-721f0.js HTTP/1.1
Host: lemouwee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aahing.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 03:07:32 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:51 GMT
etag: W/"662a3513-9116"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash