antje-pfingsten.de
Open in
urlscan Pro
136.243.60.133
Malicious Activity!
Public Scan
Effective URL: https://antje-pfingsten.de/tamu.edu/
Submission: On January 11 via manual from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on December 14th 2018. Valid for: 3 months.
This is the only time antje-pfingsten.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: US Universities (Education)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 88.208.250.182 88.208.250.182 | 8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48) | |
1 | 136.243.60.133 136.243.60.133 | 24940 (HETZNER-AS) (HETZNER-AS) | |
7 | 2606:aa00:3:2... 2606:aa00:3:202::11 | 3794 (TAMU) (TAMU - Texas A&M University) | |
6 | 128.194.43.60 128.194.43.60 | 3794 (TAMU) (TAMU - Texas A&M University) | |
1 | 2a00:1450:400... 2a00:1450:4001:81b::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
21 | 5 |
ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)
PTR: server.scobid.co.uk
benbeckforwarding.co.uk |
ASN3794 (TAMU - Texas A&M University, US)
PTR: tamulink.tamu.edu
it.tamu.edu |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
tamu.edu
cas.tamu.edu it.tamu.edu |
727 KB |
1 |
googleapis.com
fonts.googleapis.com |
562 B |
1 |
antje-pfingsten.de
antje-pfingsten.de |
3 KB |
1 |
benbeckforwarding.co.uk
1 redirects
benbeckforwarding.co.uk |
259 B |
21 | 4 |
Domain | Requested by | |
---|---|---|
7 | cas.tamu.edu |
antje-pfingsten.de
|
6 | it.tamu.edu |
antje-pfingsten.de
|
1 | fonts.googleapis.com |
antje-pfingsten.de
|
1 | antje-pfingsten.de | |
1 | benbeckforwarding.co.uk | 1 redirects |
21 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
antje-pfingsten.de Let's Encrypt Authority X3 |
2018-12-14 - 2019-03-14 |
3 months | crt.sh |
cas.tamu.edu InCommon RSA Server CA |
2017-09-19 - 2019-09-19 |
2 years | crt.sh |
www.it.tamu.edu InCommon RSA Server CA |
2018-10-02 - 2020-10-01 |
2 years | crt.sh |
*.googleapis.com Google Internet Authority G3 |
2018-12-19 - 2019-03-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://antje-pfingsten.de/tamu.edu/
Frame ID: A8653A665E07C30FB089265B17D5003E
Requests: 21 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://benbeckforwarding.co.uk/
HTTP 302
https://antje-pfingsten.de/tamu.edu/ Page URL
Detected technologies
Python (Programming Languages) ExpandDetected patterns
- html /(?:powered by <a[^>]+>Django ?([\d.]+)?|<input[^>]*name=["']csrfmiddlewaretoken["'][^>]*>)/i
Django (Web Frameworks) Expand
Detected patterns
- html /(?:powered by <a[^>]+>Django ?([\d.]+)?|<input[^>]*name=["']csrfmiddlewaretoken["'][^>]*>)/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- env /^Modernizr$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://benbeckforwarding.co.uk/
HTTP 302
https://antje-pfingsten.de/tamu.edu/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
antje-pfingsten.de/tamu.edu/ Redirect Chain
|
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style-cas.css
cas.tamu.edu/cas/media/css/ |
198 KB 33 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base.css
it.tamu.edu/assets/css/ |
213 B 600 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer.css
it.tamu.edu/assets/css/ |
3 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fonts.css
it.tamu.edu/assets/css/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header.css
it.tamu.edu/assets/css/ |
4 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
cas.tamu.edu/cas/media/js/ |
252 KB 252 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
foundation.js
cas.tamu.edu/cas/media/js/ |
319 KB 319 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
foundation.reveal.js
cas.tamu.edu/cas/media/js/ |
18 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modernizer.js
cas.tamu.edu/cas/media/js/ |
6 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hideShowPassword.min.js
cas.tamu.edu/cas/media/js/ |
8 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas.js
cas.tamu.edu/cas/media/js/ |
940 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
3 KB 562 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TAM-Logo-White.svg
it.tamu.edu/assets/img/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TAM-PrimaryMarkB-white.svg
it.tamu.edu/assets/img/ |
74 KB 75 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Regular-webfont.woff
cas.tamu.edu/cas/media/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Bold-webfont.woff
cas.tamu.edu/cas/media/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
oswald-light-webfont.woff
cas.tamu.edu/cas/media/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Regular-webfont.ttf
cas.tamu.edu/cas/media/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Bold-webfont.ttf
cas.tamu.edu/cas/media/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
oswald-light-webfont.ttf
cas.tamu.edu/cas/media/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cas.tamu.edu
- URL
- https://cas.tamu.edu/cas/media/fonts/OpenSans-Regular-webfont.woff
- Domain
- cas.tamu.edu
- URL
- https://cas.tamu.edu/cas/media/fonts/OpenSans-Bold-webfont.woff
- Domain
- cas.tamu.edu
- URL
- https://cas.tamu.edu/cas/media/fonts/oswald-light-webfont.woff
- Domain
- cas.tamu.edu
- URL
- https://cas.tamu.edu/cas/media/fonts/OpenSans-Regular-webfont.ttf
- Domain
- cas.tamu.edu
- URL
- https://cas.tamu.edu/cas/media/fonts/OpenSans-Bold-webfont.ttf
- Domain
- cas.tamu.edu
- URL
- https://cas.tamu.edu/cas/media/fonts/oswald-light-webfont.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: US Universities (Education)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery function| _createClass function| _classCallCheck object| Foundation object| Modernizr0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
antje-pfingsten.de
benbeckforwarding.co.uk
cas.tamu.edu
fonts.googleapis.com
it.tamu.edu
cas.tamu.edu
128.194.43.60
136.243.60.133
2606:aa00:3:202::11
2a00:1450:4001:81b::200a
88.208.250.182
073d530dde08f02aceaaf3f0bf34300d5a68d9563191dc6d96250354a9bf9bb3
12a85fbb339fc7479d8ac9bb92533b478b83fce6ba3c56219fc3b743069dc16b
1e2719194b6e63d95d2f2cd63fecc4f3f9ba737a64ac5b124229838f69e39b16
55677f361c96314f3cfc07b6b8aec53e168d50dae6243d21e955dae5891f0f8a
5a9f8ed703f21857b1944e5e5eeea5dd96beb3ff3b4e874c844eed5e4ede5b0a
6b8ae92753273b1a378635d8002bb3298672cd3a245f39cb4679dfde4adc1ec1
893e90f6230962e42231635df650f20544ad22affc3ee396df768eaa6bc5a6a2
9597ab4ac47cdd52e46b7bc24a3c91207d6b6c8287ceeb14c35988b6f3b2b5a7
9a3deda747d617586abd7d57857ed38af83526c29866334ac54a492a279ee94f
a0e3a2ceda0f7ba7ac8e4d62b11e0914f6d0fcf85d6fb2977b34a3ce42e580cb
b188f3f2028d6539e802b04bb4ffa030ce649dea3b49bb6835d7e0d0f8a345df
b5657b766376a15f5ac7b2b8b2f1a0d2427ebf2d3c0393930a14212158b31d43
d035e42fa50d3a45236f8cdc9588c1958e0d7051631decd00ef94681c6701713
d352b6e1369989c39ea7c9c82dc60dddcc83efde7ddd139e4b7e64bd67574f4f
ee918c86326e1dd02d4b7197d7d51651e26578c1674d4f7345b81a3bbba0e185