hajoopteg.com Open in urlscan Pro
188.72.201.231 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://chiporestaurante.com/
Effective URL:
https://hajoopteg.com/?b=1880959&ba=0&campid=14083&did=&dm=0&ep=0&fp=0&g=DE&hr=0&i18db=1&l=RTb7RnUG2kveh6K&oaid=3d378a...
Submission: On August 10 via automatic, source urlhaus (August 10th 2018, 1:08:04 am UTC)

Summary HTTP 61 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 12 IPs in 6 countries across 12 domains to perform 61 HTTP transactions. The main IP is 188.72.201.231, located in Netherlands and belongs to WEBZILLA, NL. The main domain is hajoopteg.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 4th 2018. Valid for: 3 months.

This is the only time hajoopteg.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
35	185.2.4.116 185.2.4.116	203461 (REGISTER_...) (REGISTER_UK-AS)
2	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	193.238.46.6 193.238.46.6	49981 (WORLDSTREAM) (WORLDSTREAM)
1 1	78.140.191.219 78.140.191.219	35415 (WEBZILLA) (WEBZILLA)
1 2	188.72.213.175 188.72.213.175	35415 (WEBZILLA) (WEBZILLA)
2	18.184.92.52 18.184.92.52	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	52.210.59.120 52.210.59.120	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4	185.49.145.177 185.49.145.177	35415 (WEBZILLA) (WEBZILLA)
1 1	188.42.162.214 188.42.162.214	35415 (WEBZILLA) (WEBZILLA)
5	188.42.224.230 188.42.224.230	35415 (WEBZILLA) (WEBZILLA)
1	188.72.213.156 188.72.213.156	35415 (WEBZILLA) (WEBZILLA)
1 2	194.187.98.171 194.187.98.171	35415 (WEBZILLA) (WEBZILLA)
3	188.72.201.231 188.72.201.231	35415 (WEBZILLA) (WEBZILLA)
1	188.72.202.175 188.72.202.175	35415 (WEBZILLA) (WEBZILLA)
61	12

35 185.2.4.116 (Italy)

ASN203461 (REGISTER_UK-AS, GB)
PTR: lhcp1116.webapps.net

chiporestaurante.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.238.46.6 (None, )

ASN49981 (WORLDSTREAM, NL)

193.238.46.6	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.140.191.219 (Netherlands) 1 redirects

ASN35415 (WEBZILLA, NL)

go.onclasrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.72.213.175 (Netherlands) 1 redirects

ASN35415 (WEBZILLA, NL)

cobalten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.184.92.52 (Cambridge, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-184-92-52.eu-central-1.compute.amazonaws.com

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.210.59.120 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-210-59-120.eu-west-1.compute.amazonaws.com

ad.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.49.145.177 (Netherlands)

ASN35415 (WEBZILLA, NL)
PTR: v-6-16-22-d6317-177.webazilla.com

mt.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.42.162.214 (Luxembourg) 1 redirects

ASN35415 (WEBZILLA, NL)

topadbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 188.42.224.230 (Luxembourg)

ASN35415 (WEBZILLA, NL)

audienceline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.audienceline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.72.213.156 (Netherlands)

ASN35415 (WEBZILLA, NL)

pushokey.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 194.187.98.171 (Netherlands) 1 redirects

ASN35415 (WEBZILLA, NL)
PTR: 194.187.98.171.webazilla.com

yealnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 188.72.201.231 (Netherlands)

ASN35415 (WEBZILLA, NL)

hajoopteg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.hajoopteg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.72.202.175 (Netherlands)

ASN35415 (WEBZILLA, NL)

pushance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	chiporestaurante.com chiporestaurante.com	559 KB
6	rtmark.net my.rtmark.net mt.rtmark.net	1 KB
5	audienceline.com audienceline.com static.audienceline.com	199 KB
3	hajoopteg.com hajoopteg.com static.hajoopteg.com	18 KB
2	yealnk.com 1 redirects yealnk.com	8 KB
2	crwdcntrl.net 2 redirects ad.crwdcntrl.net	625 B
2	cobalten.com cobalten.com Failed	7 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	pushance.com pushance.com	36 KB
1	pushokey.com pushokey.com	36 KB
1	topadbid.com 1 redirects topadbid.com	2 KB
1	onclasrv.com 1 redirects go.onclasrv.com	306 B
61	12

	Domain	Requested by
35	chiporestaurante.com	chiporestaurante.com
4	static.audienceline.com	audienceline.com
4	mt.rtmark.net	cobalten.com yealnk.com
2	static.hajoopteg.com	hajoopteg.com
2	yealnk.com	1 redirects audienceline.com
2	ad.crwdcntrl.net	2 redirects
2	my.rtmark.net	cobalten.com yealnk.com
2	cobalten.com	193.238.46.6
2	fonts.googleapis.com	chiporestaurante.com
1	pushance.com	hajoopteg.com
1	hajoopteg.com	yealnk.com
1	pushokey.com	audienceline.com
1	audienceline.com	cobalten.com
1	topadbid.com	1 redirects
1	go.onclasrv.com	1 redirects
61	15

This site contains links to these domains. Also see Links.

Domain
go.ad1data.com

Subject Issuer	Validity	Valid
cobalten.com RapidSSL RSA CA 2018	`2018-06-13` - `2019-06-13`	a year	crt.sh
my.rtmark.net RapidSSL RSA CA 2018	`2018-04-05` - `2019-05-05`	a year	crt.sh
mt.rtmark.net RapidSSL RSA CA 2018	`2018-07-24` - `2019-08-23`	a year	crt.sh
audienceline.com Let's Encrypt Authority X3	`2018-07-17` - `2018-10-15`	3 months	crt.sh
pushokey.com RapidSSL RSA CA 2018	`2018-06-08` - `2019-06-08`	a year	crt.sh
yealnk.com RapidSSL RSA CA 2018	`2018-02-12` - `2019-02-12`	a year	crt.sh
hajoopteg.com Let's Encrypt Authority X3	`2018-08-04` - `2018-11-02`	3 months	crt.sh
pushance.com RapidSSL SHA256 CA - G2	`2017-11-30` - `2018-11-30`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://hajoopteg.com/?b=1880959&ba=0&campid=14083&did=&dm=0&ep=0&fp=0&g=DE&hr=0&i18db=1&l=RTb7RnUG2kveh6K&oaid=3d378a0ce2c46b64475eda9d2ac6ebe9&pshr=0&s=51588914191798272&ssk=8f5098cffe12b802e0ae6041466ec84b&svar=1533863273.6222&vi=1&vo=1&z=1897801&tr=default
Frame ID: C07442F1840BFE9057B772543B50A394
Requests: 67 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://chiporestaurante.com/ Page URL
https://go.onclasrv.com/afu.php?zoneid=1460425 HTTP 302
https://cobalten.com/afu.php?zoneid=1460425 Page URL
https://cobalten.com/?r=%2Fmb%2Fhan&zoneid=1460425&pbk3=fe0b4081c0ff5ddeccd788cd621d27d4658789258... HTTP 302
http://topadbid.com/a/1904071/1460425/ HTTP 302
https://audienceline.com/?b=2006757&ba=0&campid=1302057&did=&dm=0&ep=0&fp=0&g=DE&hr=0&i18db=1&l=sIn7f... Page URL
https://yealnk.com/afu.php?zoneid=1897801 Page URL
https://yealnk.com/?r=%2Fmb%2Fhan&zoneid=1897801&pbk3=cd670d73d3bebcc84d63ef918452aaaf658789259... HTTP 302
https://hajoopteg.com/?b=1880959&ba=0&campid=14083&did=&dm=0&ep=0&fp=0&g=DE&hr=0&i18db=1&l=RTb7RnU... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

61
Requests

30 %
HTTPS

7 %
IPv6

12
Domains

15
Subdomains

12
IPs

6
Countries

865 kB
Transfer

1994 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://go.ad1data.com/afu.php?id=1128934&var=51588914191798272
Title: Go to site

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://chiporestaurante.com/ Page URL
https://go.onclasrv.com/afu.php?zoneid=1460425 HTTP 302
https://cobalten.com/afu.php?zoneid=1460425 Page URL
https://cobalten.com/?r=%2Fmb%2Fhan&zoneid=1460425&pbk3=fe0b4081c0ff5ddeccd788cd621d27d46587892586722496690&empty=0&uuid=d043cb2c-11e7-4697-a340-936fb73b3518&ad_scheme=1&rotation_type=22&ppucounter=0&first_visit=0&on_test=0&offer_views=0&ab_test=1477&adparams=bm9qcz0wJnNhdmVkX3JlZmVyZXI9aHR0cCUzQSUyRiUyRmNoaXBvcmVzdGF1cmFudGUuY29tJTJG&ip=65a89d51a74c843ac913134976da73e8&x=1600&y=1200&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=0&pl=https%3A%2F%2Fcobalten.com%2Fafu.php%3Fzoneid%3D1407888%26var%3D1460425&drf=http%3A%2F%2Fchiporestaurante.com%2F&np=0&pt=0&nb=1&ng=1&dm=undefined&cf=0&nw=1&hil=undefined&id=c5c1a2f3d7ddab2c19e1f4089502f067&co=1&rf=1&hs=d01d492f13aec958676a3d4656a2a36c&ix=0&fs=0&timeout=0 HTTP 302
http://topadbid.com/a/1904071/1460425/ HTTP 302
https://audienceline.com/?b=2006757&ba=0&campid=1302057&did=&dm=0&ep=0&fp=0&g=DE&hr=0&i18db=1&l=sIn7fDhgMB4yJ8g&oaid=a76a46f1ab0f4abb535614909dc0b6c1&pshr=0&pushred=1&pushrot=0&rd=0&rez=0&s=51588907472535553&ssk=6e27913491cb3c0cbe8bbbf67700a099&svar=1533863272.0129&vi=1&vo=1&z=1899783&tr=default&pz=1904071&ppi=1460425&pci= Page URL
https://yealnk.com/afu.php?zoneid=1897801 Page URL
https://yealnk.com/?r=%2Fmb%2Fhan&zoneid=1897801&pbk3=cd670d73d3bebcc84d63ef918452aaaf6587892595996674597&empty=0&uuid=e6590f73-d48f-4810-b1be-43ebfd15e9f2&ad_scheme=1&rotation_type=22&ppucounter=0&first_visit=0&on_test=0&offer_views=0&ab_test=0&adparams=bm9qcz0wJnNhdmVkX3JlZmVyZXI9aHR0cHMlM0ElMkYlMkZhdWRpZW5jZWxpbmUuY29tJTJGJTNGYiUzRDIwMDY3NTclMjZiYSUzRDAlMjZjYW1waWQlM0QxMzAyMDU3JTI2ZGlkJTNEJTI2ZG0lM0QwJTI2ZXAlM0QwJTI2ZnAlM0QwJTI2ZyUzRERFJTI2aHIlM0QwJTI2aTE4ZGIlM0QxJTI2bCUzRHNJbjdmRGhnTUI0eUo4ZyUyNm9haWQlM0RhNzZhNDZmMWFiMGY0YWJiNTM1NjE0OTA5ZGMwYjZjMSUyNnBzaHIlM0QwJTI2cHVzaHJlZCUzRDElMjZwdXNocm90JTNEMCUyNnJkJTNEMCUyNnJleiUzRDAlMjZzJTNENTE1ODg5MDc0NzI1MzU1NTMlMjZzc2slM0Q2ZTI3OTEzNDkxY2IzYzBjYmU4YmJiZjY3NzAwYTA5OSUyNnN2YXIlM0QxNTMzODYzMjcyLjAxMjklMjZ2aSUzRDElMjZ2byUzRDElMjZ6JTNEMTg5OTc4MyUyNnRyJTNEZGVmYXVsdCUyNnB6JTNEMTkwNDA3MSUyNnBwaSUzRDE0NjA0MjUlMjZwY2klM0Q%3D&ip=65a89d51a74c843ac913134976da73e8&x=1600&y=1200&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=0&pl=https%3A%2F%2Fyealnk.com%2Fafu.php%3Fzoneid%3D1407888%26var%3D1897801&drf=https%3A%2F%2Faudienceline.com%2F%3Fb%3D2006757%26ba%3D0%26campid%3D1302057%26did%3D%26dm%3D0%26ep%3D0%26fp%3D0%26g%3DDE%26hr%3D0%26i18db%3D1%26l%3DsIn7fDhgMB4yJ8g%26oaid%3Da76a46f1ab0f4abb535614909dc0b6c1%26pshr%3D0%26pushred%3D1%26pushrot%3D0%26rd%3D0%26rez%3D0%26s%3D51588907472535553%26ssk%3D6e27913491cb3c0cbe8bbbf67700a099%26svar%3D1533863272.0129%26vi%3D1%26vo%3D1%26z%3D1899783%26tr%3Ddefault%26pz%3D1904071%26ppi%3D1460425%26pci%3D&np=0&pt=0&nb=1&ng=1&dm=undefined&cf=0&nw=1&hil=undefined&id=b2921691806a87f67d2066885a2f382d&co=1&rf=1&hs=d01d492f13aec958676a3d4656a2a36c&ix=0&fs=0&timeout=0 HTTP 302
https://hajoopteg.com/?b=1880959&ba=0&campid=14083&did=&dm=0&ep=0&fp=0&g=DE&hr=0&i18db=1&l=RTb7RnUG2kveh6K&oaid=3d378a0ce2c46b64475eda9d2ac6ebe9&pshr=0&s=51588914191798272&ssk=8f5098cffe12b802e0ae6041466ec84b&svar=1533863273.6222&vi=1&vo=1&z=1897801&tr=default Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

https://go.onclasrv.com/afu.php?zoneid=1460425 HTTP 302
https://cobalten.com/afu.php?zoneid=1460425

Request Chain 44

https://go.onclasrv.com/afu.php?zoneid=1460425 HTTP 302
https://cobalten.com/afu.php?zoneid=1460425

Request Chain 46

https://ad.crwdcntrl.net/5/c=10546/pe=y?https%3A%2F%2Fmt.rtmark.net%2Fltm.gif%3Fid%3D3d378a0ce2c46b64475eda9d2ac6ebe9%26sg%3D%24%7Baud_ids%7D HTTP 302
https://mt.rtmark.net/ltm.gif?id=3d378a0ce2c46b64475eda9d2ac6ebe9&sg=

Request Chain 48

https://cobalten.com/?r=%2Fmb%2Fhan&zoneid=1460425&pbk3=fe0b4081c0ff5ddeccd788cd621d27d46587892586722496690&empty=0&uuid=d043cb2c-11e7-4697-a340-936fb73b3518&ad_scheme=1&rotation_type=22&ppucounter=0&first_visit=0&on_test=0&offer_views=0&ab_test=1477&adparams=bm9qcz0wJnNhdmVkX3JlZmVyZXI9aHR0cCUzQSUyRiUyRmNoaXBvcmVzdGF1cmFudGUuY29tJTJG&ip=65a89d51a74c843ac913134976da73e8&x=1600&y=1200&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=0&pl=https%3A%2F%2Fcobalten.com%2Fafu.php%3Fzoneid%3D1407888%26var%3D1460425&drf=http%3A%2F%2Fchiporestaurante.com%2F&np=0&pt=0&nb=1&ng=1&dm=undefined&cf=0&nw=1&hil=undefined&id=c5c1a2f3d7ddab2c19e1f4089502f067&co=1&rf=1&hs=d01d492f13aec958676a3d4656a2a36c&ix=0&fs=0&timeout=0 HTTP 302
http://topadbid.com/a/1904071/1460425/ HTTP 302
https://audienceline.com/?b=2006757&ba=0&campid=1302057&did=&dm=0&ep=0&fp=0&g=DE&hr=0&i18db=1&l=sIn7fDhgMB4yJ8g&oaid=a76a46f1ab0f4abb535614909dc0b6c1&pshr=0&pushred=1&pushrot=0&rd=0&rez=0&s=51588907472535553&ssk=6e27913491cb3c0cbe8bbbf67700a099&svar=1533863272.0129&vi=1&vo=1&z=1899783&tr=default&pz=1904071&ppi=1460425&pci=

Request Chain 60

https://ad.crwdcntrl.net/5/c=10546/pe=y?https%3A%2F%2Fmt.rtmark.net%2Fltm.gif%3Fid%3Dd9ec452d57fe0ed0dd5e8e08747046e7%26sg%3D%24%7Baud_ids%7D HTTP 302
https://mt.rtmark.net/ltm.gif?id=d9ec452d57fe0ed0dd5e8e08747046e7&sg=

61 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
chiporestaurante.com/ 85 KB
18 KB 481ms
446ms Document
text/html 185.2.4.116
REGISTER_UK-AS

General

hajoopteg.com Open in urlscan Pro 188.72.201.231 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

61 Requests

30 %HTTPS

7 %IPv6

12 Domains

15 Subdomains

12 IPs

6 Countries

865 kBTransfer

1994 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

61 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

hajoopteg.com Open in urlscan Pro
188.72.201.231 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

61
Requests

30 %
HTTPS

7 %
IPv6

12
Domains

15
Subdomains

12
IPs

6
Countries

865 kB
Transfer

1994 kB
Size

1
Cookies

61 HTTP transactions
6 data transactions