www.aktien-chatgpt.de Open in urlscan Pro
172.67.205.157 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://investment.emdad-yem.com/
Effective URL:
https://www.aktien-chatgpt.de/
Submission: On August 26 via api (August 26th 2024, 9:39:55 am UTC) from NL — Scanned from NL

Summary HTTP 14 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 14 HTTP transactions. The main IP is 172.67.205.157, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.aktien-chatgpt.de.
TLS certificate: Issued by WE1 on August 22nd 2024. Valid for: 3 months.

This is the only time www.aktien-chatgpt.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	107.189.30.112 107.189.30.112	53667 (PONYNET) (PONYNET)
1 10	172.67.205.157 172.67.205.157	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.18.95.41 104.18.95.41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	4

1 107.189.30.112 (Luxembourg)

ASN53667 (PONYNET, US)
PTR: smile.nla.gov.lr

investment.emdad-yem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.67.205.157 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.aktien-chatgpt.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.95.41 (None, )

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	aktien-chatgpt.de 1 redirects www.aktien-chatgpt.de	85 KB
2	cloudflare.com challenges.cloudflare.com — Cisco Umbrella Rank: 3877	15 KB
1	emdad-yem.com investment.emdad-yem.com	691 B
14	3

	Domain	Requested by
10	www.aktien-chatgpt.de	1 redirects investment.emdad-yem.com www.aktien-chatgpt.de
2	challenges.cloudflare.com	www.aktien-chatgpt.de challenges.cloudflare.com
1	investment.emdad-yem.com
14	3

This site contains links to these domains. Also see Links.

Domain
www.cloudflare.com

Subject Issuer	Validity	Valid
major-fund.top ZeroSSL RSA Domain Secure Site CA	`2024-07-19` - `2024-10-17`	3 months	crt.sh
aktien-chatgpt.de WE1	`2024-08-22` - `2024-11-20`	3 months	crt.sh
challenges.cloudflare.com E5	`2024-07-17` - `2024-10-15`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.aktien-chatgpt.de/
Frame ID: 49EE4492F4DE254515AA9B74E661DBE9
Requests: 11 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1hzmy/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/normal/auto/
Frame ID: 29ADDF41A3709D52BBD6CC65750DAC1F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Even geduld...

Page URL History Show full URLs

http://investment.emdad-yem.com/ HTTP 307
https://investment.emdad-yem.com/ Page URL
https://www.aktien-chatgpt.de/ Page URL
https://www.aktien-chatgpt.de/cdn-cgi/phish-bypass?atok=7AntGzXjls7sce6U5NDsJSbs6hiNbwgFN6fwkV.Gvtw-172466... HTTP 301
https://www.aktien-chatgpt.de/ Page URL

Page Statistics

14
Requests

79 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

101 kB
Transfer

230 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cloudflare.com/?utm_source=challenge&utm_campaign=l
Title: Cloudflare

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://investment.emdad-yem.com/ HTTP 307
https://investment.emdad-yem.com/ Page URL
https://www.aktien-chatgpt.de/ Page URL
https://www.aktien-chatgpt.de/cdn-cgi/phish-bypass?atok=7AntGzXjls7sce6U5NDsJSbs6hiNbwgFN6fwkV.Gvtw-1724665186-0.0.1.1-%2F HTTP 301
https://www.aktien-chatgpt.de/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://investment.emdad-yem.com/ HTTP 307
https://investment.emdad-yem.com/

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/
investment.emdad-yem.com/
Redirect Chain

http://investment.emdad-yem.com/
https://investment.emdad-yem.com/

361 B
691 B

310ms
26ms

Document
text/html

107.189.30.112
PONYNET

General

Check archive.org

Show headers Download Go to

Full URL: https://investment.emdad-yem.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.189.30.112 , Luxembourg, ASN53667 (PONYNET, US),
Reverse DNS: smile.nla.gov.lr
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 361
Content-Type: text/html; charset=UTF-8
Date: Mon, 26 Aug 2024 09:39:46 GMT
ETag: "169-62049315401f3"
Keep-Alive: timeout=5, max=100
Last-Modified: Thu, 22 Aug 2024 17:43:12 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34

Redirect headers

Location: https://investment.emdad-yem.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H3 200 / Show response
www.aktien-chatgpt.de/ 4 KB
2 KB 62ms
28ms Document
text/html 172.67.205.157
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aktien-chatgpt.de/

Requested by

Host: investment.emdad-yem.com
URL: https://investment.emdad-yem.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.205.157 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bdf0d41533fea8d8ca53fcd2b638c3ae9c19f561a1c85d856d8b35f5d1f28996

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://investment.emdad-yem.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cf-ray: 8b92db492e493802-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 26 Aug 2024 09:39:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kOWfjezlK9e%2BVTAUbCNv24kNJvUYIO%2FYnKwcR7sDVn7IWbXpM8CSeLSC6NBxDjvmS%2FrETkm1vakQS2cNr5Ie6mn%2BM8e1yOUHS82w1MkTBopc%2Fx0gSRLgj2ggSMbjEQoiRUjC899m9o4%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 200 cf.errors.css
www.aktien-chatgpt.de/cdn-cgi/styles/ 23 KB
5 KB 23ms
22ms Stylesheet
text/css 172.67.205.157
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aktien-chatgpt.de/cdn-cgi/styles/cf.errors.css

Requested by

Host: www.aktien-chatgpt.de
URL: https://www.aktien-chatgpt.de/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.205.157 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.aktien-chatgpt.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:39:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 21 Aug 2024 12:07:35 GMT
server: cloudflare
etag: W/"66c5d887-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8b92db496ec23802-FRA
expires: Mon, 26 Aug 2024 11:39:46 GMT

GET
H3 200 icon-exclamation.png
www.aktien-chatgpt.de/cdn-cgi/images/ 452 B
635 B 22ms
21ms Image
image/png 172.67.205.157
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aktien-chatgpt.de/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: www.aktien-chatgpt.de
URL: https://www.aktien-chatgpt.de/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.205.157 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.aktien-chatgpt.de/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:39:46 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Aug 2024 12:07:35 GMT
server: cloudflare
etag: "66c5d887-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8b92db499f0a3802-FRA
content-length: 452
expires: Mon, 26 Aug 2024 11:39:46 GMT

GET
H3 403 favicon.ico
www.aktien-chatgpt.de/ 15 KB
8 KB 32ms
32ms Other
text/html 172.67.205.157
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aktien-chatgpt.de/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.205.157 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d85358d21407c2dc6931b3e5fe10c7999e73a4fad2d762a5a67de21b6bbcfc69

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.aktien-chatgpt.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:39:46 GMT
content-encoding: br
x-content-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-embedder-policy: require-corp
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: same-origin
alt-svc: h3=":443"; ma=86400
cf-chl-out: oUd6RvV4wr8x5lUyoxsFOvnkeElOjVsWvrz2UkC/eKx8UhKPyOt3BfNeSd2HjP7S5C661ewNC7Z282RyZLnvu8VCWrpay53Ezidkg9SBH+y4cm/cGuT1cDMpZ2QyLBF/itEfBl1XhPXVMsKoqoKuFA==$XdkBiaGfu/Faq66bBqB2fQ==
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
cf-mitigated: challenge
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KOidw51WtsfmWFJe2e8UFAKE0uuLNw7raEdYmxlaY3UUrl8JvpawZafNdypxSdiNzdD%2FfeyP5wewl%2FfXFRDBxPhbJZB%2BV2%2FNhKCBJUYHw9B2vWAWA2%2Bb5uBcLqAVHvj%2BjO69tzCLcXo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray: 8b92db49bf4b3802-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3

403

Primary Request / Show response
www.aktien-chatgpt.de/
Redirect Chain

https://www.aktien-chatgpt.de/cdn-cgi/phish-bypass?atok=7AntGzXjls7sce6U5NDsJSbs6hiNbwgFN6fwkV.Gvtw-1724665186-0.0.1.1-%2F
https://www.aktien-chatgpt.de/

15 KB
8 KB

30ms
30ms

Document
text/html

172.67.205.157
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aktien-chatgpt.de/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.205.157 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8feec774690316890ea3e99b36ccc67652d76b95d94d67d6256b3330e1891bfe

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.aktien-chatgpt.de/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-chl-out: hFPKb90jiAPahnSh/Vqt+Ybs/9PU5JfP87gwf2eS4QUz90cXntr315XH0Z/lsC0dLyVrJ7FVN7J4MQDUFih6y37mXOcgUgulLqmLXPqgC1hSG+JQw2zla3EGYbekMIYdgf6K/PVcGDM0SUwlWnj5zA==$8bLnnrCp/Ra6tumExH7KCw==
cf-mitigated: challenge
cf-ray: 8b92db691e3d3802-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
date: Mon, 26 Aug 2024 09:39:51 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C0i8R4XaFUsudW2eshWZh37tJPs2Bz33ZQ6lnY2SaUoihPqArnLVlAmRMI3LvGpk5Uy9LylF08ZoOmzzVQmDxvm4qnhqVEAO%2Fnq1KqCgLvzzRpcIo%2F78orG7BHpI8B17jX0laJTCVmo%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

cache-control: private, no-cache
cf-ray: 8b92db68edfa3802-FRA
content-length: 167
content-type: text/html
date: Mon, 26 Aug 2024 09:39:51 GMT
location: https://www.aktien-chatgpt.de/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H3 200 v1 Show response
www.aktien-chatgpt.de/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/ 90 KB
35 KB 33ms
33ms Script
application/javascript 172.67.205.157
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aktien-chatgpt.de/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8b92db691e3d3802
Requested by: Host: www.aktien-chatgpt.de
URL: https://www.aktien-chatgpt.de/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.205.157 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3fce0acf4a8ef678b1db98deb0ea2cc10b08183cf53dddc7fcd0f58bd122152

Request headers

Referer: https://www.aktien-chatgpt.de/?__cf_chl_rt_tk=MNiPaHrfU2phW14GkzgfjdoCknMuES9KAQ2EEg5NYCw-1724665191-0.0.1.1-3796
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:39:51 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f37d%2BMBea8xoxeuwYkNF1SashFSmIrNbA2yCPqZ4fZvTlvJd5Jd88UKX%2ByjxbIIGyWdtj50gRBWbpDoWtuJ4kEJe5AQgLqnYLhmIWtG6I6yHWehsAYDUZVXCjXpFFr4CM2YOJwGaXMY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8b92db69aee53802-FRA
alt-svc: h3=":443"; ma=86400

GET d59b1a90-de89-4ff7-9462-a27273828b20
https://www.aktien-chatgpt.de/ Frame 0
0

GET
H3 200 api.js Show response
challenges.cloudflare.com/turnstile/v0/b/6790c32b9fc9/ 44 KB
15 KB 58ms
26ms Script
application/javascript 104.18.95.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/b/6790c32b9fc9/api.js?onload=FWtH0&render=explicit
Requested by: Host: www.aktien-chatgpt.de
URL: https://www.aktien-chatgpt.de/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8b92db691e3d3802
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.95.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7eda47b0c02c44bdaa43a5b14857f1257ddbd620b0397c32aa3ae8baf769ab55

Request headers

Referer
Origin: https://www.aktien-chatgpt.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:39:52 GMT
content-encoding: br
last-modified: Thu, 15 Aug 2024 16:28:23 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
cross-origin-resource-policy: cross-origin
cf-ray: 8b92db6a587ed2e7-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 403 favicon.ico
www.aktien-chatgpt.de/ 5 KB
5 KB 28ms
28ms Image
text/html 172.67.205.157
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aktien-chatgpt.de/favicon.ico

Requested by

Host: www.aktien-chatgpt.de
URL: https://www.aktien-chatgpt.de/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.205.157 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

430218020759871ac48f61f686cf234a97a37b79b2f52a75816da6c4fe0756c8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.aktien-chatgpt.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:39:52 GMT
content-encoding: br
x-content-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-embedder-policy: require-corp
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: same-origin
alt-svc: h3=":443"; ma=86400
cf-chl-out: vtv/1ne2dLeFdz33p0VQ64pzRsAPUuu4CMTMdiEHDo4PttwjUww5Qm5/jdhLeaEYpAztAdVlQMpRBKTqDIOkq9jnYjeKvB/qnirvk0U82bVhdgIpa5IXMHjbuRLe+Nx0qTqOXXcF3Ia/jQbi7kEdxQ==$E8bMByjpFhko/vbspiWQKA==
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
cf-mitigated: challenge
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EqDGrKVU6eGhbodgZpyP%2FlXnxe3ZIzHXDknPkkxSQvbmuCTWrdM6%2FSva5XqytQ4gysgweCmf1XIRtnnOyz7mgCJcinbsmLW5R08g6VTCQb8qUDBFUDc971DYUQ8lyVWVnS2AX%2BSjyF0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray: 8b92db6a3f883802-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3 403 favicon.ico
www.aktien-chatgpt.de/ 15 KB
8 KB 30ms
30ms Other
text/html 172.67.205.157
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aktien-chatgpt.de/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.205.157 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66fbd948070f1ba9a3789f02e0969b1e509322738e2e9af002d97444756dd3b8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.aktien-chatgpt.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:39:52 GMT
content-encoding: br
x-content-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-embedder-policy: require-corp
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: same-origin
alt-svc: h3=":443"; ma=86400
cf-chl-out: JLKxoyXmbYBIWYKlMkH8lA8p/kOvDARHO2TxJzOc0q75nrriFg8oScBqY7pOKOq7gbIVEYzKjkOXVGw8Cyj0MdBBfxjubahqMcyCUi+7hdpi/sgiwFJjD+0Pc/1UyCWkxe3ClhSDOpwm+R9Ky+GvcQ==$435061MlKZl8fwZ2NfkC4g==
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
cf-mitigated: challenge
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R1ysrYpISixua95VZ10d4QDpIXAxLNB2HPYMLKCTPyPTIXTRMtScygXfEepRrPcKt0ngWigDgkKWKotaYTWAYR0JqGLq5TFFup6p2jWKExLcQMnPhRXd2XSsT7wK735wn1cutxOd1y0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray: 8b92db6aa81d3802-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

POST
H3 200 bc55a53adb695ab Show response
www.aktien-chatgpt.de/cdn-cgi/challenge-platform/h/b/flow/ov1/1702687399:1724664318:yUlJ9DU1drc0M_SDLvb3LHPUusm6e7ISz18PWf5BIWI/8b92db691e3d3802/ 17 KB
13 KB 47ms
46ms XHR
text/plain 172.67.205.157
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aktien-chatgpt.de/cdn-cgi/challenge-platform/h/b/flow/ov1/1702687399:1724664318:yUlJ9DU1drc0M_SDLvb3LHPUusm6e7ISz18PWf5BIWI/8b92db691e3d3802/bc55a53adb695ab
Requested by: Host: www.aktien-chatgpt.de
URL: https://www.aktien-chatgpt.de/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8b92db691e3d3802
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.205.157 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76c67a3ff2ac26a080275ae660633b0605f1d92fcb6d0adccab4639a9fae09dd

Request headers

Referer: https://www.aktien-chatgpt.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
CF-Challenge: bc55a53adb695ab
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 26 Aug 2024 09:39:52 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KsMENH3mM%2BrMf3WQ0uES7klUq7AHhzTqNAvLEqhK9h6b3QXn073MVMJF5Yz4h0kSPjkNMwhlQWO3uF1N%2FwlCg%2BsPG9ACf5DMaffmyadrtvtEgs%2F3oimUpN69SqobE5TNC%2FyVZjrMGBY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 8b92db6ad8653802-FRA
alt-svc: h3=":443"; ma=86400
cf-chl-gen: eY0JIEy+10rsEBiF3i5YFGjTo+vhrVmGQ6G5ueX6XrgKSolSDeMeXB2wa2kTEXOmkVo+g3o+CA==$uqyyqLXFT3JhcE2Z

GET 7ba80991-27ca-4072-a27a-3b032c16feba
https://www.aktien-chatgpt.de/ Frame 0
0

GET
H3 200 /
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1hzmy/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/normal/auto/ Frame 29AD 0
0 53ms
35ms Document
text/html 104.18.95.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1hzmy/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/normal/auto/

Requested by

Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/b/6790c32b9fc9/api.js?onload=FWtH0&render=explicit

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.95.41 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src https://challenges.cloudflare.com/; base-uri 'self'

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8b92db6b880235f9-FRA
content-encoding: br
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
content-type: text/html; charset=UTF-8
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Mon, 26 Aug 2024 09:39:52 GMT
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.aktien-chatgpt.de
URL: blob:https://www.aktien-chatgpt.de/d59b1a90-de89-4ff7-9462-a27273828b20

Domain: www.aktien-chatgpt.de
URL: blob:https://www.aktien-chatgpt.de/7ba80991-27ca-4072-a27a-3b032c16feba

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.www.aktien-chatgpt.de/	1970-01-20 23:05:51	Name: __cf_mw_byp Value: 7AntGzXjls7sce6U5NDsJSbs6hiNbwgFN6fwkV.Gvtw-1724665186-0.0.1.1-/

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.aktien-chatgpt.de/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.aktien-chatgpt.de/ Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.aktien-chatgpt.de/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.aktien-chatgpt.de/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

challenges.cloudflare.com
investment.emdad-yem.com
www.aktien-chatgpt.de
www.aktien-chatgpt.de
104.18.95.41
107.189.30.112
172.67.205.157
430218020759871ac48f61f686cf234a97a37b79b2f52a75816da6c4fe0756c8
66fbd948070f1ba9a3789f02e0969b1e509322738e2e9af002d97444756dd3b8
76c67a3ff2ac26a080275ae660633b0605f1d92fcb6d0adccab4639a9fae09dd
7eda47b0c02c44bdaa43a5b14857f1257ddbd620b0397c32aa3ae8baf769ab55
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8feec774690316890ea3e99b36ccc67652d76b95d94d67d6256b3330e1891bfe
bdf0d41533fea8d8ca53fcd2b638c3ae9c19f561a1c85d856d8b35f5d1f28996
d3fce0acf4a8ef678b1db98deb0ea2cc10b08183cf53dddc7fcd0f58bd122152
d85358d21407c2dc6931b3e5fe10c7999e73a4fad2d762a5a67de21b6bbcfc69
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

www.aktien-chatgpt.de Open in urlscan Pro 172.67.205.157 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

14 Requests

79 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

3 Countries

101 kBTransfer

230 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

18 JavaScript Global Variables

1 Cookies

4 Console Messages

Indicators

www.aktien-chatgpt.de Open in urlscan Pro
172.67.205.157 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

79 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

101 kB
Transfer

230 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!