urlscan.io logo urlscan.io
SecurityTrails logo

it-goethe-partner.de Open in urlscan Pro
2001:8d8:100f:f000::2cc  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://gallrhon.com/t.php
Effective URL: http://it-goethe-partner.de/accounts.login.idm.telekom.com/
Submission: On January 31 via api from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main IP is 2001:8d8:100f:f000::2cc, located in Germany and belongs to ONEANDONE-AS Brauerstrasse 48, DE. The main domain is it-goethe-partner.de.
This is the only time it-goethe-partner.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telekom (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 1 47.245.34.63 45102 (CNNIC-ALI...)
1 2 2001:8d8:100f... 8560 (ONEANDONE...)
5 2003:2:2:140:... 3320 (DTAG Inte...)
6 2
Apex Domain
Subdomains		 Transfer
5 telekom.com
accounts.login.idm.telekom.com
113 KB
2 it-goethe-partner.de
it-goethe-partner.de
3 KB
1 gallrhon.com
gallrhon.com
269 B
6 3
Domain Requested by
5 accounts.login.idm.telekom.com it-goethe-partner.de
2 it-goethe-partner.de 1 redirects
1 gallrhon.com 1 redirects
6 3

This site contains no links.

Subject Issuer Validity Valid
accounts.login.idm.telekom.com
TeleSec ServerPass Extended Validation Class 3 CA		 2018-11-06 -
2020-11-11		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://it-goethe-partner.de/accounts.login.idm.telekom.com/
Frame ID: 0E60E4CF399976B1B1C7F4F6B441A1CF
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://gallrhon.com/t.php HTTP 302
    http://it-goethe-partner.de/accounts.login.idm.telekom.com HTTP 301
    http://it-goethe-partner.de/accounts.login.idm.telekom.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

6
Requests

83 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

116 kB
Transfer

399 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://gallrhon.com/t.php HTTP 302
    http://it-goethe-partner.de/accounts.login.idm.telekom.com HTTP 301
    http://it-goethe-partner.de/accounts.login.idm.telekom.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
it-goethe-partner.de/accounts.login.idm.telekom.com/
Redirect Chain
  • http://gallrhon.com/t.php
  • http://it-goethe-partner.de/accounts.login.idm.telekom.com
  • http://it-goethe-partner.de/accounts.login.idm.telekom.com/
6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://it-goethe-partner.de/accounts.login.idm.telekom.com/
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::2cc , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software
Apache / PHP/7.0.33
Resource Hash
7e92455715b6d1ba82985a642df1bd1b809071d22ba6c0e3194f47b15090f0a3

Request headers

Host
it-goethe-partner.de
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=15
Date
Fri, 31 Jan 2020 17:16:20 GMT
Server
Apache
X-Powered-By
PHP/7.0.33
Content-Encoding
gzip

Redirect headers

Content-Type
text/html; charset=iso-8859-1
Content-Length
267
Connection
keep-alive
Keep-Alive
timeout=15
Date
Fri, 31 Jan 2020 17:16:20 GMT
Server
Apache
Location
http://it-goethe-partner.de/accounts.login.idm.telekom.com/
dtag.css
accounts.login.idm.telekom.com/static/dtag-css/stylesheets/ 		306 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://accounts.login.idm.telekom.com/static/dtag-css/stylesheets/dtag.css
Requested by
Host: it-goethe-partner.de
URL: http://it-goethe-partner.de/accounts.login.idm.telekom.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
09d509e53f80e5fbd039cffaa28e5c6d506ae95fea2a032f967ccf050c0c910a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
http://it-goethe-partner.de/accounts.login.idm.telekom.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 31 Jan 2020 17:16:20 GMT
Content-Encoding
gzip
SH
4105aead3b7c66615611eecd9f02c7e5
Last-Modified
Mon, 12 Feb 2018 09:30:22 GMT
Server
Apache
Vary
Accept-Encoding
Connection
Keep-Alive
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Cache-Control
public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Type
text/css; charset=utf-8
Keep-Alive
timeout=2, max=1000
Content-Length
28753
Expires
Fri, 07 Feb 2020 17:16:20 GMT
web.min.css
accounts.login.idm.telekom.com/static/stylesheets/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://accounts.login.idm.telekom.com/static/stylesheets/web.min.css
Requested by
Host: it-goethe-partner.de
URL: http://it-goethe-partner.de/accounts.login.idm.telekom.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
1e9b8dff87cfa82666141f733968f3f04130f8308b423fda13a160c76eee0d95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
http://it-goethe-partner.de/accounts.login.idm.telekom.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 31 Jan 2020 17:16:20 GMT
Content-Encoding
gzip
SH
329d6b7501374addb685e6b472534a04
Last-Modified
Wed, 14 Feb 2018 10:53:40 GMT
Server
Apache
Vary
Accept-Encoding
Connection
Keep-Alive
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Cache-Control
public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Type
text/css; charset=utf-8
Keep-Alive
timeout=2, max=1000
Content-Length
1773
Expires
Fri, 07 Feb 2020 17:16:20 GMT
TeleGroteskNormal.woff
accounts.login.idm.telekom.com/static/dtag-css/fonts/ 		80 KB
81 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://accounts.login.idm.telekom.com/static/dtag-css/fonts/TeleGroteskNormal.woff
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
419bf2f4f4f833e2dc27e13167c8be728b59fa2a20400df58ff8a32d974eba55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://accounts.login.idm.telekom.com/static/dtag-css/stylesheets/dtag.css
Origin
http://it-goethe-partner.de

Response headers

Date
Fri, 31 Jan 2020 17:16:20 GMT
SH
329d6b7501374addb685e6b472534a04
Last-Modified
Wed, 14 Feb 2018 10:53:41 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin
http://it-goethe-partner.de
Cache-Control
public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
application/x-font-woff
Keep-Alive
timeout=2, max=1000
Content-Length
82424
Expires
Fri, 07 Feb 2020 17:16:20 GMT
icons_16x16.png
accounts.login.idm.telekom.com/static/images/sprites/ 		431 B
875 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounts.login.idm.telekom.com/static/images/sprites/icons_16x16.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
c51918b2e8a90ec12f396f1fbda614322033a6897a6812c58233f8ad4d4e1c2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://accounts.login.idm.telekom.com/static/stylesheets/web.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 31 Jan 2020 17:16:20 GMT
SH
4105aead3b7c66615611eecd9f02c7e5
Last-Modified
Mon, 12 Feb 2018 09:30:23 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Cache-Control
public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=2, max=999
Content-Length
431
Expires
Fri, 07 Feb 2020 17:16:20 GMT
logo_short_50x25.png
accounts.login.idm.telekom.com/static/images/ 		310 B
754 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounts.login.idm.telekom.com/static/images/logo_short_50x25.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
5a1e69517c76c1fda68cff8b3b6fb6b7773a4b75932684b72b0a23325b14c5fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://accounts.login.idm.telekom.com/static/stylesheets/web.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 31 Jan 2020 17:16:20 GMT
SH
329d6b7501374addb685e6b472534a04
Last-Modified
Wed, 14 Feb 2018 10:53:41 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Cache-Control
public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=2, max=999
Content-Length
310
Expires
Fri, 07 Feb 2020 17:16:20 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telekom (Telecommunication)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies