it-goethe-partner.de
Open in
urlscan Pro
2001:8d8:100f:f000::2cc
Malicious Activity!
Public Scan
Effective URL: http://it-goethe-partner.de/accounts.login.idm.telekom.com/
Submission: On January 31 via api from CA
Summary
This is the only time it-goethe-partner.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telekom (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 47.245.34.63 47.245.34.63 | 45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co.) | |
1 2 | 2001:8d8:100f... 2001:8d8:100f:f000::2cc | 8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48) | |
5 | 2003:2:2:140:... 2003:2:2:140:62:157:140:200 | 3320 (DTAG Inte...) (DTAG Internet service provider operations) | |
6 | 2 |
ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)
gallrhon.com |
ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)
it-goethe-partner.de |
ASN3320 (DTAG Internet service provider operations, DE)
accounts.login.idm.telekom.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
telekom.com
accounts.login.idm.telekom.com |
113 KB |
2 |
it-goethe-partner.de
1 redirects
it-goethe-partner.de |
3 KB |
1 |
gallrhon.com
1 redirects
gallrhon.com |
269 B |
6 | 3 |
Domain | Requested by | |
---|---|---|
5 | accounts.login.idm.telekom.com |
it-goethe-partner.de
|
2 | it-goethe-partner.de | 1 redirects |
1 | gallrhon.com | 1 redirects |
6 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
accounts.login.idm.telekom.com TeleSec ServerPass Extended Validation Class 3 CA |
2018-11-06 - 2020-11-11 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://it-goethe-partner.de/accounts.login.idm.telekom.com/
Frame ID: 0E60E4CF399976B1B1C7F4F6B441A1CF
Requests: 6 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://gallrhon.com/t.php
HTTP 302
http://it-goethe-partner.de/accounts.login.idm.telekom.com HTTP 301
http://it-goethe-partner.de/accounts.login.idm.telekom.com/ Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://gallrhon.com/t.php
HTTP 302
http://it-goethe-partner.de/accounts.login.idm.telekom.com HTTP 301
http://it-goethe-partner.de/accounts.login.idm.telekom.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
it-goethe-partner.de/accounts.login.idm.telekom.com/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dtag.css
accounts.login.idm.telekom.com/static/dtag-css/stylesheets/ |
306 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
web.min.css
accounts.login.idm.telekom.com/static/stylesheets/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TeleGroteskNormal.woff
accounts.login.idm.telekom.com/static/dtag-css/fonts/ |
80 KB 81 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icons_16x16.png
accounts.login.idm.telekom.com/static/images/sprites/ |
431 B 875 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_short_50x25.png
accounts.login.idm.telekom.com/static/images/ |
310 B 754 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telekom (Telecommunication)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.login.idm.telekom.com
gallrhon.com
it-goethe-partner.de
2001:8d8:100f:f000::2cc
2003:2:2:140:62:157:140:200
47.245.34.63
09d509e53f80e5fbd039cffaa28e5c6d506ae95fea2a032f967ccf050c0c910a
1e9b8dff87cfa82666141f733968f3f04130f8308b423fda13a160c76eee0d95
419bf2f4f4f833e2dc27e13167c8be728b59fa2a20400df58ff8a32d974eba55
5a1e69517c76c1fda68cff8b3b6fb6b7773a4b75932684b72b0a23325b14c5fd
7e92455715b6d1ba82985a642df1bd1b809071d22ba6c0e3194f47b15090f0a3
c51918b2e8a90ec12f396f1fbda614322033a6897a6812c58233f8ad4d4e1c2a