Report - aahed.de/all?click_id=coro55dqtppc73d0bs4g

Report Overview

Submitted URL
aahed.de/all?click_id=coro55dqtppc73d0bs4g
IP
13.213.161.248
ASN
#16509 AMAZON-02
Submitted
2024-05-05 13:00:10
Access
public
Website Title
aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Final URL
aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ofklefkian.com	unknown	2024-01-25	2024-01-25	2024-04-29	1.0 kB	38 kB	139.45.197.251
jouteetu.net	260109	2021-07-08	2021-07-15	2024-05-04	1.3 kB	1.9 kB	139.45.197.251
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-05-03	979 B	1.1 kB	139.45.197.250
aahed.de	unknown	unknown	2016-02-02	2024-03-24	3.2 kB	10 kB	13.213.161.248
d1dt57yh60in0y.cloudfront.net	unknown	2008-04-25	2022-04-19	2024-01-09	875 B	179 kB	54.230.111.44

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-05	medium	ofklefkian.com	Sinkholed
2024-05-05	medium	amunfezanttor.com	Sinkholed
2024-05-05	medium	amunfezanttor.com	Sinkholed
2024-05-05	medium	ofklefkian.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	aahed.de/all/?click_id=coro55dqtppc73d0bs4g	0 B	2023-03-07	2024-05-19
Pretty URL aahed.de/all/?click_id=coro55dqtppc73d0bs4g IP 13.213.161.248 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 00:01:18 Times Seen37806972 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	aahed.de/all/common.js?v=20230908	1.1 kB	2024-05-02	2024-05-09
Pretty URL aahed.de/all/common.js?v=20230908 IP 13.213.161.248 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 20:12:03 Last Seen2024-05-09 16:08:05 Times Seen10 Hash 7779d6e7713a825ceb858e80f6f72b8d ee642538f52966cd078de6d8f33d63f83b16a10e 3f1c8cb9d137e0b12795b92532af28ff8be0b4e275dee3a79183912a6d225ac0 Loading...

	aahed.de/all/?click_id=coro55dqtppc73d0bs4g	0 B	2023-03-07	2024-05-19
Pretty URL aahed.de/all/?click_id=coro55dqtppc73d0bs4g IP 13.213.161.248 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 00:01:18 Times Seen37806972 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ofklefkian.com/pfe/current/micro.tag.min.js?z=7403617&sw=/sw-check-permissions-ceb2c.js	37 kB	2024-04-25	2024-05-15
Pretty URL ofklefkian.com/pfe/current/micro.tag.min.js?z=7403617&sw=/sw-check-permissions-ceb2c.js IP 139.45.197.251 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 13:01:48 Last Seen2024-05-15 20:42:51 Times Seen2522 Hash 32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de Loading...

HTTP Transactions (16)

URL IP Response Size

aahed.de/all?click_id=coro55dqtppc73d0bs4g

13.213.161.248

301 Moved Permanently

178 B

URL User Request GET HTTP/1.1
aahed.de/all?click_id=coro55dqtppc73d0bs4g
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectaahed.de
FingerprintEB:2C:25:C5:C7:DD:DB:6F:A8:7E:BC:33:F9:9B:7F:C7:A5:C4:DB:C5
ValidityWed, 24 Apr 2024 05:01:33 GMT - Tue, 23 Jul 2024 05:01:32 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
bd2695f4b079c71dbddde3436286fb9c
733c05da132193d6cf1d8e242d12e2525c03bab4
2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b

HTTP Headers

GET /all?click_id=coro55dqtppc73d0bs4g HTTP/1.1
Host: aahed.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 05 May 2024 12:59:45 GMT
Content-Type: text/html
Content-Length: 178
Location: https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Connection: keep-alive

aahed.de/all/?click_id=coro55dqtppc73d0bs4g

13.213.161.248

200 OK

1.0 kB

URL User Request GET HTTP/1.1
aahed.de/all/?click_id=coro55dqtppc73d0bs4g
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectaahed.de
FingerprintEB:2C:25:C5:C7:DD:DB:6F:A8:7E:BC:33:F9:9B:7F:C7:A5:C4:DB:C5
ValidityWed, 24 Apr 2024 05:01:33 GMT - Tue, 23 Jul 2024 05:01:32 GMT

File type
HTML document, ASCII text
Size
1.0 kB (1048 bytes)
Hash
94b187ab649d3b700fdbf61b36068b1f
efc5a3a0d968e7aedc4c8eba4b25ead785ea7d45
92abed386a8f911e76118eb58b93ece9447045ad1bff56a679d4bd3b7ba2ad36

HTTP Headers

GET /all/?click_id=coro55dqtppc73d0bs4g HTTP/1.1
Host: aahed.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 05 May 2024 12:59:46 GMT
Content-Type: text/html
Last-Modified: Wed, 24 Apr 2024 05:58:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"66289f76-c6d"
Content-Encoding: gzip

aahed.de/all/app.css?v=20231218

13.213.161.248

200 OK

1.6 kB

URL GET HTTP/1.1
aahed.de/all/app.css?v=20231218
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Requested by
https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Certificate
IssuerLet's Encrypt
Subjectaahed.de
FingerprintEB:2C:25:C5:C7:DD:DB:6F:A8:7E:BC:33:F9:9B:7F:C7:A5:C4:DB:C5
ValidityWed, 24 Apr 2024 05:01:33 GMT - Tue, 23 Jul 2024 05:01:32 GMT

File type
ASCII text
Size
1.6 kB (1631 bytes)
Hash
0e6d84f22affd539485c2d47cdfcb148
86b9f4acb0f8cdb09a317c0d8fa9e8718a069eb0
6a06ed4bb7f902f517f42cb85d220f553514de7a8c16a2d6be2686079f592f49

HTTP Headers

GET /all/app.css?v=20231218 HTTP/1.1
Host: aahed.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 05 May 2024 12:59:46 GMT
Content-Type: text/css
Content-Length: 1631
Last-Modified: Wed, 24 Apr 2024 05:58:14 GMT
Connection: keep-alive
ETag: "66289f76-65f"
Accept-Ranges: bytes

aahed.de/all/css/timeTo.css

13.213.161.248

200 OK

4.2 kB

URL GET HTTP/1.1
aahed.de/all/css/timeTo.css
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Requested by
https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Certificate
IssuerLet's Encrypt
Subjectaahed.de
FingerprintEB:2C:25:C5:C7:DD:DB:6F:A8:7E:BC:33:F9:9B:7F:C7:A5:C4:DB:C5
ValidityWed, 24 Apr 2024 05:01:33 GMT - Tue, 23 Jul 2024 05:01:32 GMT

File type
ASCII text
Size
4.2 kB (4167 bytes)
Hash
c704d4b96307d5faa9f729e1d0f1ff24
c6e4c98a37882b9ae05b51ee5b803662daf974f7
721e2bfcdf3281e55aea0a0ba7ebe94010bead3113aeaae1a22bc158e82a0967

HTTP Headers

GET /all/css/timeTo.css HTTP/1.1
Host: aahed.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 05 May 2024 12:59:46 GMT
Content-Type: text/css
Content-Length: 4167
Last-Modified: Wed, 24 Apr 2024 05:58:14 GMT
Connection: keep-alive
ETag: "66289f76-1047"
Accept-Ranges: bytes

aahed.de/all/common.js?v=20230908

13.213.161.248

200 OK

1.1 kB

URL GET HTTP/1.1
aahed.de/all/common.js?v=20230908
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Requested by
https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Certificate
IssuerLet's Encrypt
Subjectaahed.de
FingerprintEB:2C:25:C5:C7:DD:DB:6F:A8:7E:BC:33:F9:9B:7F:C7:A5:C4:DB:C5
ValidityWed, 24 Apr 2024 05:01:33 GMT - Tue, 23 Jul 2024 05:01:32 GMT

File type
JavaScript source, ASCII text
Size
1.1 kB (1067 bytes)
Hash
7779d6e7713a825ceb858e80f6f72b8d
ee642538f52966cd078de6d8f33d63f83b16a10e
3f1c8cb9d137e0b12795b92532af28ff8be0b4e275dee3a79183912a6d225ac0

HTTP Headers

GET /all/common.js?v=20230908 HTTP/1.1
Host: aahed.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 05 May 2024 12:59:47 GMT
Content-Type: application/javascript
Content-Length: 1067
Last-Modified: Sat, 27 Apr 2024 18:15:51 GMT
Connection: keep-alive
ETag: "662d40d7-42b"
Accept-Ranges: bytes

d1dt57yh60in0y.cloudfront.net/cpl/alibaba_logo.png

54.230.111.44

200 OK

57 kB

URL GET HTTP/2
d1dt57yh60in0y.cloudfront.net/cpl/alibaba_logo.png
IP
54.230.111.44:443
ASN
#16509 AMAZON-02

Requested by
https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
PNG image data, 428 x 428, 8-bit colormap, non-interlaced
Size
57 kB (56550 bytes)
Hash
df63415b623157b9be8dc33a5f27309b
bd8aec755cbd0713654a3843c0118cad4de65003
02b398d8493eda68bb0a9235b8b32f3a6165f778db56a5a8d272855aa0f6112e

HTTP Headers

GET /cpl/alibaba_logo.png HTTP/1.1
Host: d1dt57yh60in0y.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aahed.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 56550
last-modified: Thu, 04 Jan 2024 06:08:02 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sun, 05 May 2024 07:41:07 GMT
etag: "df63415b623157b9be8dc33a5f27309b"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uUiXZmyLxAd_0VodxyYkEISpTXXR8dpXKXoWfOzH1E6Q5d45BbyTOQ==
age: 24924
X-Firefox-Spdy: h2

d1dt57yh60in0y.cloudfront.net/cpl/credit_line.jpg

54.230.111.44

200 OK

122 kB

URL GET HTTP/2
d1dt57yh60in0y.cloudfront.net/cpl/credit_line.jpg
IP
54.230.111.44:443
ASN
#16509 AMAZON-02

Requested by
https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x628, components 3
Size
122 kB (121584 bytes)
Hash
ee2525008df8223ebb82d801704cc086
29d6c0c85123c5aaa3f8e4909a8d3f02c0a0385a
f631fcb45674f9112cacb43be859ad7a4919b819296da8c227572af0538267d5

HTTP Headers

GET /cpl/credit_line.jpg HTTP/1.1
Host: d1dt57yh60in0y.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aahed.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 121584
last-modified: Thu, 04 Jan 2024 06:05:35 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sun, 05 May 2024 04:06:10 GMT
etag: "ee2525008df8223ebb82d801704cc086"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3ob_3PwqtQG_UYy5E3bycc-K8jTaOOZQzPG2FyhBXjHlhK2TxwLzaQ==
age: 32017
X-Firefox-Spdy: h2

ofklefkian.com/zone?&pub=0&zone_id=7403617&is_mobile=false&domain=aahed.de&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=60f2a22b-30c1-4159-b60e-11d2c36727d7&action=prerequest

139.45.197.251

200 OK

0 B

URL POST HTTP/2
ofklefkian.com/zone?&pub=0&zone_id=7403617&is_mobile=false&domain=aahed.de&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=60f2a22b-30c1-4159-b60e-11d2c36727d7&action=prerequest
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Certificate
IssuerLet's Encrypt
Subjectofklefkian.com
Fingerprint04:A9:FE:8D:C9:B9:EE:6F:3A:C4:29:EA:19:AD:C3:1D:7D:3E:14:02
ValiditySun, 14 Apr 2024 05:38:05 GMT - Sat, 13 Jul 2024 05:38:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=7403617&is_mobile=false&domain=aahed.de&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=60f2a22b-30c1-4159-b60e-11d2c36727d7&action=prerequest HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://aahed.de
DNT: 1
Connection: keep-alive
Referer: https://aahed.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 12:59:47 GMT
content-length: 0
x-trace-id: c2cb87e54e07d638c726e15423677611
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aahed.de
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 265
Origin: https://aahed.de
DNT: 1
Connection: keep-alive
Referer: https://aahed.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 12:59:47 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: ce1ec7ddf187fd9098cd853334d29668
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aahed.de
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 268
Origin: https://aahed.de
DNT: 1
Connection: keep-alive
Referer: https://aahed.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 12:59:47 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 8d5d2c76efdfa415b0eb1201adf42ec7
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aahed.de
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 267
Origin: https://aahed.de
DNT: 1
Connection: keep-alive
Referer: https://aahed.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 12:59:47 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: da255d140783109585805ca592377283
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aahed.de
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://aahed.de/
Origin: https://aahed.de
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 12:59:47 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://aahed.de
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

aahed.de/favicon.ico

13.213.161.248

404 Not Found

123 B

URL GET HTTP/1.1
aahed.de/favicon.ico
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Requested by
https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Certificate
IssuerLet's Encrypt
Subjectaahed.de
FingerprintEB:2C:25:C5:C7:DD:DB:6F:A8:7E:BC:33:F9:9B:7F:C7:A5:C4:DB:C5
ValidityWed, 24 Apr 2024 05:01:33 GMT - Tue, 23 Jul 2024 05:01:32 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
123 B (123 bytes)
Hash
1b7c22a214949975556626d7217e9a39
d01c97e2944166ed23e47e4a62ff471ab8fa031f
340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: aahed.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 05 May 2024 12:59:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
3b0f18cce5394f5631678e19c8c3e3ec
c1bdcb9e5363717a5d8d613f0fed8ea2895e3ee2
f1d027920b1e3b7a30da1bd5696a190383416afad369deac921e9cd247d1d161

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aahed.de/
Content-Type: application/json
Content-Length: 905
Origin: https://aahed.de
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 12:59:48 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aahed.de
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

aahed.de/sw-check-permissions-ceb2c.js?zoneId=7403617

13.213.161.248

200 OK

570 B

URL GET HTTP/1.1
aahed.de/sw-check-permissions-ceb2c.js?zoneId=7403617
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Requested by
https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Certificate
IssuerLet's Encrypt
Subjectaahed.de
FingerprintEB:2C:25:C5:C7:DD:DB:6F:A8:7E:BC:33:F9:9B:7F:C7:A5:C4:DB:C5
ValidityWed, 24 Apr 2024 05:01:33 GMT - Tue, 23 Jul 2024 05:01:32 GMT

File type
Java source, ASCII text
Size
570 B (570 bytes)
Hash
3f1393fbb30cc0045deeec522177b888
ff9062fb25fc8e527eefa829f486e5bd4971cae1
cdf2f0089787d83247810ffa2a3b2ee040981674e338b985a88ad22587ef3493

HTTP Headers

GET /sw-check-permissions-ceb2c.js?zoneId=7403617 HTTP/1.1
Host: aahed.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 05 May 2024 12:59:48 GMT
Content-Type: application/javascript
Content-Length: 570
Last-Modified: Sat, 27 Apr 2024 18:15:51 GMT
Connection: keep-alive
ETag: "662d40d7-23a"
Accept-Ranges: bytes

ofklefkian.com/pfe/current/micro.tag.min.js?z=7403617&sw=/sw-check-permissions-ceb2c.js

139.45.197.251

200 OK

37 kB

URL GET HTTP/2
ofklefkian.com/pfe/current/micro.tag.min.js?z=7403617&sw=/sw-check-permissions-ceb2c.js
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://aahed.de/all/?click_id=coro55dqtppc73d0bs4g
Certificate
IssuerLet's Encrypt
Subjectofklefkian.com
Fingerprint04:A9:FE:8D:C9:B9:EE:6F:3A:C4:29:EA:19:AD:C3:1D:7D:3E:14:02
ValiditySun, 14 Apr 2024 05:38:05 GMT - Sat, 13 Jul 2024 05:38:04 GMT

File type
JavaScript source, ASCII text, with very long lines (37142), with no line terminators
Size
37 kB (37142 bytes)
Hash
32d6dbd00a639e2cd10d1704b9159bd5
0dab4c95675393f1d0e13d20f13d80ee12e41d95
9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=7403617&sw=/sw-check-permissions-ceb2c.js HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aahed.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 12:59:47 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-9116"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (16)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers