www.cargokoehler.de
Open in
urlscan Pro
81.169.236.145
Malicious Activity!
Public Scan
Effective URL: https://www.cargokoehler.de/log1/i/flow/login.php
Submission: On July 06 via api from IE — Scanned from DE
Summary
TLS certificate: Issued by R3 on June 15th 2022. Valid for: 3 months.
This is the only time www.cargokoehler.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Twitter (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 3 | 2a00:1450:400... 2a00:1450:4001:806::2001 | 15169 (GOOGLE) (GOOGLE) | |
9 | 81.169.236.145 81.169.236.145 | 6724 (STRATO ST...) (STRATO STRATO AG) | |
9 | 2606:4700:10:... 2606:4700:10::ac43:2642 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700:10:... 2606:4700:10::6816:1983 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
21 | 4 |
ASN15169 (GOOGLE, US)
oracle-avant-testnet.blogspot.be | |
oracle-avant-testnet.blogspot.com |
ASN6724 (STRATO STRATO AG, DE)
PTR: h2916694.stratoserver.net
www.cargokoehler.de |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
tawk.to
embed.tawk.to — Cisco Umbrella Rank: 8273 va.tawk.to — Cisco Umbrella Rank: 7866 |
134 KB |
9 |
cargokoehler.de
www.cargokoehler.de |
81 KB |
2 |
blogspot.com
1 redirects
oracle-avant-testnet.blogspot.com |
16 KB |
1 |
blogspot.be
1 redirects
oracle-avant-testnet.blogspot.be |
441 B |
21 | 4 |
Domain | Requested by | |
---|---|---|
9 | www.cargokoehler.de |
oracle-avant-testnet.blogspot.com
www.cargokoehler.de |
8 | embed.tawk.to |
www.cargokoehler.de
embed.tawk.to |
3 | va.tawk.to |
embed.tawk.to
|
2 | oracle-avant-testnet.blogspot.com | 1 redirects |
1 | oracle-avant-testnet.blogspot.be | 1 redirects |
21 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
misc-sni.blogspot.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
cargokoehler.de R3 |
2022-06-15 - 2022-09-13 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-05-28 - 2023-05-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.cargokoehler.de/log1/i/flow/login.php
Frame ID: B0E24B8A72DBF6E940F55E31C4536590
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
TwitterPage URL History Show full URLs
-
http://oracle-avant-testnet.blogspot.be/
HTTP 302
http://oracle-avant-testnet.blogspot.com/ HTTP 301
https://oracle-avant-testnet.blogspot.com/ Page URL
- https://www.cargokoehler.de/log1/i/flow/login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Tawk.to (Live Chat) Expand
Detected patterns
- //embed\.tawk\.to
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://oracle-avant-testnet.blogspot.be/
HTTP 302
http://oracle-avant-testnet.blogspot.com/ HTTP 301
https://oracle-avant-testnet.blogspot.com/ Page URL
- https://www.cargokoehler.de/log1/i/flow/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://oracle-avant-testnet.blogspot.be/ HTTP 302
- http://oracle-avant-testnet.blogspot.com/ HTTP 301
- https://oracle-avant-testnet.blogspot.com/
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
oracle-avant-testnet.blogspot.com/ Redirect Chain
|
70 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
www.cargokoehler.de/log1/i/flow/ |
4 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.6.0.min.js
www.cargokoehler.de/log1/i/flow/js/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.redirect.js
www.cargokoehler.de/log1/i/flow/js/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
www.cargokoehler.de/log1/i/flow/js/ |
623 B 680 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
www.cargokoehler.de/log1/i/flow/bootstrap/js/ |
61 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
www.cargokoehler.de/log1/i/flow/bootstrap/css/ |
158 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.cargokoehler.de/log1/i/flow/css/ |
2 KB 893 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
twitter.png
www.cargokoehler.de/log1/i/flow/img/ |
787 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Other.png
www.cargokoehler.de/log1/i/flow/img/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1g76ik1r1
embed.tawk.to/62c3e1ccb0d10b6f3e7ad4ab/ |
2 KB 1020 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
twk-main.js
embed.tawk.to/_s/v4/app/62835fee0eb/js/ |
121 B 275 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
twk-vendor.js
embed.tawk.to/_s/v4/app/62835fee0eb/js/ |
76 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
twk-chunk-vendors.js
embed.tawk.to/_s/v4/app/62835fee0eb/js/ |
206 KB 61 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
twk-chunk-common.js
embed.tawk.to/_s/v4/app/62835fee0eb/js/ |
157 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
twk-runtime.js
embed.tawk.to/_s/v4/app/62835fee0eb/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
twk-app.js
embed.tawk.to/_s/v4/app/62835fee0eb/js/ |
151 B 208 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
widget-settings
va.tawk.to/v1/ |
3 KB 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
start
va.tawk.to/v1/session/ |
60 B 438 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
start
va.tawk.to/v1/session/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
en.js
embed.tawk.to/_s/v4/app/62835fee0eb/languages/ |
16 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Twitter (Social Network)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery object| bootstrap object| Tawk_API object| Tawk_LoadStart string| $_Tawk_AccountKey string| $_Tawk_WidgetId boolean| $_Tawk_Unstable object| $_Tawk object| tawkJsonp object| regeneratorRuntime function| $__TawkEngine function| EventEmitter function| $__TawkSocket object| Tawk_Window2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.cargokoehler.de/ | Name: twk_idm_key Value: bnSJctEjYl6aqSfnOJ7e- |
|
www.cargokoehler.de/ | Name: TawkConnectionTime Value: 0 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
embed.tawk.to
oracle-avant-testnet.blogspot.be
oracle-avant-testnet.blogspot.com
va.tawk.to
www.cargokoehler.de
2606:4700:10::6816:1983
2606:4700:10::ac43:2642
2a00:1450:4001:806::2001
81.169.236.145
0c5ed985fdbddc027124d4e6879ce1a1860832cda85e2b517c18d8fbd2fffc06
0f0aef9670e1b3f32b79f61f847d0f470c062a9d17ff4c0a8ce2517710ff3411
138180bb51412a7b5c7d22ac7aeff4b8450080a6588984807afa9618dafff7fb
13cf82e6f9d48221cd55f8b3c3d206f7bdb83f291034b478e484ccfef7d500dd
161f78f0d9ea5a5025a082c14b694df6ca43e2d48db62ee35f3368ff3da02cc1
4b24eee82c2b7ce85ace76193e8a25570dabc6863b94a60a42fa9bb6a37ddc72
52662b26c92fe84babf58925f433fc700d615fac6e8c303231912c66a6f0dd5e
5958b8f2069b0a3292ed7a9db46b8109adac7e81591238557125893ee7e87bb7
6d69ae5c4892d35573385da52afebec92fb02feaf7670b0684c1b2aa6f2cfb98
705186becc9e0a306a6b4867ae2768aa9dd3b8c12393d9f9c52029e9a6fcf31c
a31468a8bcc6a38df3e647708976a861d3579155082a3dc8ec193a58b73f7d38
a64beb2b04d49987241b23aa3130a829871eece47ae45837221e0580346eaeb8
a6cdb2fe9d4f3c136d30f4e57f96a0aa063ddb093c1c6fefcf3943eee3e834b7
ae1e8d13b6bb654346aef617cb6990509c3587ec8f1922711a9d9e15bd849bb9
b126d9a214a72de525e4092536f8b196706433328d7bf122c295937d4ba99a10
b5b1592fa8ab8256ceae1cf00cbe53ad23b82f85964514f421492df2a8735d2f
d2a37b3244a9a215cc8c90b8bc11388c4fd8b2dd23d415acfccf16e3224250d7
f21e99abe3dd3d1cca56b3523085e7026314de044474edcdc933f31754240fd2
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e