urlscan.io logo urlscan.io
SecurityTrails logo

writbd.com Open in urlscan Pro
67.222.20.115  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Submission: On November 04 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 7 domains to perform 33 HTTP transactions. The main IP is 67.222.20.115, located in United States and belongs to PRIVATESYSTEMS, US. The main domain is writbd.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 9th 2021. Valid for: 3 months.
This is the only time writbd.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telekom (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 9 67.222.20.115 63410 (PRIVATESY...)
1 80.158.67.40 34086 (SCZN-AS)
1 1 2a00:cd0:104d... 48173 (UNBELIEVA...)
1 34.240.216.139 16509 (AMAZON-02)
2 7 185.54.150.52 60164 (WEBTREKK-AS)
7 2003:2:2:140:... 3320 (DTAG Inte...)
5 23.37.38.214 16625 (AKAMAI-AS)
3 80.158.66.21 34086 (SCZN-AS)
1 80.158.66.1 34086 (SCZN-AS)
2 4 185.54.150.123 60164 (WEBTREKK-AS)
33 9
9    67.222.20.115 (United States)

ASN63410 (PRIVATESYSTEMS, US)
PTR: host.guideline4web.com
writbd.com
1    80.158.67.40 (Germany)

ASN34086 (SCZN-AS, DE)
www.telekom.de
1    2a00:cd0:104d:1:80:82:200:32 (Germany)

ASN48173 (UNBELIEVABLE-AS, DE)
xdn-ttp.de
1    34.240.216.139 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-216-139.eu-west-1.compute.amazonaws.com
lns-ev.xplosion.de
7    185.54.150.52 (Germany)

ASN60164 (WEBTREKK-AS, DE)
PTR: pix.telekom.com
pix.telekom.de
7    2003:2:2:140:62:157:140:200 (Germany)

ASN3320 (DTAG Internet service provider operations, DE)
accounts.login.idm.telekom.com
5    23.37.38.214 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-214.deploy.static.akamaitechnologies.com
tags-eu.tiqcdn.com
3    80.158.66.21 (Germany)

ASN34086 (SCZN-AS, DE)
ebs10.telekom.de
1    80.158.66.1 (Germany)

ASN34086 (SCZN-AS, DE)
ebs01.telekom.de
4    185.54.150.123 (Germany)

ASN60164 (WEBTREKK-AS, DE)
fbc.wcfbc.net
Domain Requested by
9 writbd.com 1 redirects writbd.com
7 accounts.login.idm.telekom.com writbd.com
7 pix.telekom.de 2 redirects writbd.com
5 tags-eu.tiqcdn.com www.telekom.de
tags-eu.tiqcdn.com
4 fbc.wcfbc.net 2 redirects
3 ebs10.telekom.de tags-eu.tiqcdn.com
writbd.com
1 ebs01.telekom.de tags-eu.tiqcdn.com
1 lns-ev.xplosion.de writbd.com
1 xdn-ttp.de 1 redirects
1 www.telekom.de writbd.com
33 10

This site contains links to these domains. Also see Links.

Domain
www.telekom.de
meinkonto.telekom-dienste.de
Subject Issuer Validity Valid
writbd.com
cPanel, Inc. Certification Authority		 2021-09-09 -
2021-12-08		 3 months crt.sh
www.telekom.de
TeleSec ServerPass Class 2 CA		 2020-08-11 -
2022-08-16		 2 years crt.sh
pix.telekom.de
TeleSec ServerPass Class 2 CA		 2020-07-06 -
2022-07-11		 2 years crt.sh
accounts.login.idm.telekom.com
TeleSec ServerPass Extended Validation Class 3 CA		 2021-09-10 -
2022-09-14		 a year crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA		 2021-04-19 -
2022-04-27		 a year crt.sh
ebs10.telekom.de
TeleSec ServerPass Class 2 CA		 2021-01-11 -
2022-01-16		 a year crt.sh
ebs01.telekom.de
TeleSec ServerPass Class 2 CA		 2021-01-11 -
2022-01-16		 a year crt.sh

This page contains 2 frames:

Primary Page: https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Frame ID: 2639B960679FA2BD79A0A70AB946E3E1
Requests: 17 HTTP requests in this frame

Frame: https://www.telekom.de/resources/tbs-config/phoenix_login_tracking?page=benutzer&mode=%25mode%25&context=auth&status=first_attempt
Frame ID: 0DC8A4E0E007067D76C9292682D6B4A1
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Telekom Login

Page URL History Show full URLs

  1. https://writbd.com/VOLINHGGP/lnkl/ios/oauth2 HTTP 301
    https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/ Page URL

Page Statistics

33
Requests

91 %
HTTPS

20 %
IPv6

7
Domains

10
Subdomains

9
IPs

3
Countries

809 kB
Transfer

1148 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://writbd.com/VOLINHGGP/lnkl/ios/oauth2 HTTP 301
    https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • https://xdn-ttp.de/lns/import-event-0746?zid=653721ea-4998-4e08-8208-8d9e1dedf6ff HTTP 302
  • https://lns-ev.xplosion.de/xdn-import/import-event?zid=qxKGVnDscaCBFoWzGYLr01AKCkMDDULbKIuSJ8SUJz1U01UDwufW8Z2YPIUPnrTT&partner=0746
Request Chain 28
  • https://pix.telekom.de/196380495960676/cc?a=r&c=wteid_196380495960676&t=https%3A%2F%2Ffbc.wcfbc.net%2Fv1%2Ffbc%3Fp%3D453%2C0%26acc%3D196380495960676%26t%3D1636041864363%26err%3D HTTP 301
  • https://fbc.wcfbc.net/v1/fbc?p=453,0&acc=196380495960676&t=1636041864363&err=&c=wteid_196380495960676&v=4163604186400871242 HTTP 307
  • https://fbc.wcfbc.net/v1/fbc?p=453,0&acc=196380495960676&t=1636041864363&err=&c=wteid_196380495960676&v=4163604186400871242&rc
Request Chain 29
  • https://pix.telekom.de/827974826901109/cc?a=r&c=wteid_827974826901109&t=https%3A%2F%2Ffbc.wcfbc.net%2Fv1%2Ffbc%3Fp%3D453%2C0%26acc%3D827974826901109%26t%3D1636041864371%26err%3D HTTP 301
  • https://fbc.wcfbc.net/v1/fbc?p=453,0&acc=827974826901109&t=1636041864371&err=&c=wteid_827974826901109&v=4163604186400381711 HTTP 307
  • https://fbc.wcfbc.net/v1/fbc?p=453,0&acc=827974826901109&t=1636041864371&err=&c=wteid_827974826901109&v=4163604186400381711&rc

33 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Redirect Chain
  • https://writbd.com/VOLINHGGP/lnkl/ios/oauth2
  • https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
13 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.222.20.115 , United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.guideline4web.com
Software
Apache /
Resource Hash
4846b006021c37c16c53aa09e34927461ab6b26a49fb32381255dc8fbb673c83

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Thu, 04 Nov 2021 16:04:22 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Thu, 04 Nov 2021 16:04:22 GMT
Server
Apache
Location
https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Content-Length
253
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
components.min.css
writbd.com/VOLINHGGP/lnkl/ios/static/factorx/css/ 		98 KB
98 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://writbd.com/VOLINHGGP/lnkl/ios/static/factorx/css/components.min.css
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.222.20.115 , United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.guideline4web.com
Software
Apache /
Resource Hash
f58ecb754487f42fbec18a84421310ab268024c38ec4f4e125aefbcc26fa2fe1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:23 GMT
Last-Modified
Wed, 25 Nov 2020 12:40:34 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
100523
login-24.05.1.css
writbd.com/VOLINHGGP/lnkl/ios/static/factorx/css/ 		18 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://writbd.com/VOLINHGGP/lnkl/ios/static/factorx/css/login-24.05.1.css
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.222.20.115 , United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.guideline4web.com
Software
Apache /
Resource Hash
5baf3f6d6e798840ba02b6f22e9c1e7eee26abfb36fb8dc32513b2e8f3a6964c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:23 GMT
Last-Modified
Wed, 07 Apr 2021 11:14:02 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
18252
jquery-3.2.1.min.js
writbd.com/VOLINHGGP/lnkl/ios/static/factorx/js/ 		85 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://writbd.com/VOLINHGGP/lnkl/ios/static/factorx/js/jquery-3.2.1.min.js
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.222.20.115 , United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.guideline4web.com
Software
Apache /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:23 GMT
Last-Modified
Wed, 25 Nov 2020 12:40:34 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
86659
jquery-matchheight-0.7.2.min.js
writbd.com/VOLINHGGP/lnkl/ios/static/factorx/js/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://writbd.com/VOLINHGGP/lnkl/ios/static/factorx/js/jquery-matchheight-0.7.2.min.js
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.222.20.115 , United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.guideline4web.com
Software
Apache /
Resource Hash
6ebd3995a2d04fc1550f8d025400411954fdb51dcaa24def899d8fc33b2504a7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:23 GMT
Last-Modified
Wed, 25 Nov 2020 12:40:32 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
3376
components.min.js
writbd.com/VOLINHGGP/lnkl/ios/static/factorx/js/ 		76 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://writbd.com/VOLINHGGP/lnkl/ios/static/factorx/js/components.min.js
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.222.20.115 , United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.guideline4web.com
Software
Apache /
Resource Hash
42d274b3c3f7c6565c2f3cc9b009770f143ceca121b91bc25f844f7040f18c94

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:23 GMT
Last-Modified
Wed, 25 Nov 2020 13:16:22 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
77706
login.js
writbd.com/VOLINHGGP/lnkl/ios/static/factorx/js/ 		17 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://writbd.com/VOLINHGGP/lnkl/ios/static/factorx/js/login.js
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.222.20.115 , United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.guideline4web.com
Software
Apache /
Resource Hash
295d169c7fffd85246d74c76766fe54f5f28658c0229d5ad2294a561ccf45340

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:23 GMT
Last-Modified
Tue, 23 Mar 2021 11:39:00 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
17512
services.png
writbd.com/VOLINHGGP/lnkl/ios/static/factorx/images/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://writbd.com/VOLINHGGP/lnkl/ios/static/factorx/images/services.png
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.222.20.115 , United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.guideline4web.com
Software
Apache /
Resource Hash
14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:23 GMT
Last-Modified
Wed, 25 Nov 2020 12:40:32 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
22647
phoenix_login_tracking
www.telekom.de/resources/tbs-config/ Frame 0DC8 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.telekom.de/resources/tbs-config/phoenix_login_tracking?page=benutzer&mode=%25mode%25&context=auth&status=first_attempt
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
80.158.67.40 , Germany, ASN34086 (SCZN-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
e83c5b67f2782dc1fd5260cb35b2c10242101b5a81a49093009be2f94227bcdf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://writbd.com/

Response headers

date
Thu, 04 Nov 2021 15:21:01 GMT
server
Apache
content-disposition
inline; filename="phoenix_login_tracking.html"
etag
"8bc87a15f4a7ebacfcf91ab31f7682be"
cache-control
max-age=3600
xkey
301466
content-type
text/html;charset=UTF-8
content-language
de
x-varnish
106198479 107368789
age
2602
x-cache
HIT
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-length
1233
import-event
lns-ev.xplosion.de/xdn-import/
Redirect Chain
  • https://xdn-ttp.de/lns/import-event-0746?zid=653721ea-4998-4e08-8208-8d9e1dedf6ff
  • https://lns-ev.xplosion.de/xdn-import/import-event?zid=qxKGVnDscaCBFoWzGYLr01AKCkMDDULbKIuSJ8SUJz1U01UDwufW8Z2YPIUPnrTT&partner=0746
0
218 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lns-ev.xplosion.de/xdn-import/import-event?zid=qxKGVnDscaCBFoWzGYLr01AKCkMDDULbKIuSJ8SUJz1U01UDwufW8Z2YPIUPnrTT&partner=0746
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Protocol
H2
Server
34.240.216.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-240-216-139.eu-west-1.compute.amazonaws.com
Software
fasthttp /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://writbd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 04 Nov 2021 16:04:23 GMT
access-control-allow-credentials
true
server
fasthttp
access-control-allow-headers
x-requested-with, Content-Type, origin, authorization, accept, client-security-token
access-control-allow-methods
GET, OPTIONS

Redirect headers

Date
Thu, 04 Nov 2021 16:04:23 GMT
Server
Jetty(9.4.z-SNAPSHOT)
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, OPTIONS, PUT
Location
https://lns-ev.xplosion.de/xdn-import/import-event?zid=qxKGVnDscaCBFoWzGYLr01AKCkMDDULbKIuSJ8SUJz1U01UDwufW8Z2YPIUPnrTT&partner=0746
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
x-requested-with, Content-Type, origin, authorization, accept, client-security-token
Content-Length
0
wt
pix.telekom.de/196380495960676/ 		43 B
642 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.telekom.de/196380495960676/wt?p=441,www.telekom.de.privatkunden.login-idm-id,0,0,0,0,0,0,0,0&cg1=www.telekom.de&cg2=login&cg8=privatkunden&cg9=login-idm-id&cp19=653721ea-4998-4e08-8208-8d9e1dedf6ff
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.54.150.52 , Germany, ASN60164 (WEBTREKK-AS, DE),
Reverse DNS
pix.telekom.com
Software
45c48cce /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://writbd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Nov 2021 16:04:23 GMT
last-modified
Thu, 04 Nov 2021 16:04:24 GMT
server
45c48cce
x-robots-tag
noindex, nofollow, noarchive
p3p
policyref="https://q3.webtrekk.net/w3c/p3p.xml", CP="NOI DSP IND COM NAV INT"
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, private, post-check=0, pre-check=0
content-type
image/gif;charset=UTF-8
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT
data_protection.svg
accounts.login.idm.telekom.com/static/factorx/images/ 		673 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounts.login.idm.telekom.com/static/factorx/images/data_protection.svg
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/static/factorx/css/login-24.05.1.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
53637a2d4745687c07969427a743c6b9207b3ba6e261fa19a61cccaab46eb316
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://writbd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:23 GMT
SH
1b26521a07b2757b93cead392a27c03b
Last-Modified
Wed, 25 Nov 2020 05:40:34 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Cache-Control
public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
image/svg+xml
Keep-Alive
timeout=2, max=1000
Content-Length
673
Expires
Thu, 04 Nov 2021 17:04:23 GMT
teleicon-outline.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://accounts.login.idm.telekom.com/static/factorx/fonts/teleicon-outline.woff
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/static/factorx/css/components.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
01fa42140c7fd1e43496b320027681e75123e8121c4ff52e7a390a4ec37d9379
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://writbd.com/
Origin
https://writbd.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:23 GMT
SH
93af4dd1b134b2f36da439adedb1c728
Last-Modified
Wed, 25 Nov 2020 05:40:33 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin
https://writbd.com
Cache-Control
public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
application/x-font-woff
Keep-Alive
timeout=2, max=1000
Content-Length
8824
Expires
Thu, 11 Nov 2021 16:04:23 GMT
telegroteskscreen-ultra.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 		52 KB
53 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-ultra.woff
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/static/factorx/css/components.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
3b6317d7c6288f6380f182e8bdc16b4cea82df91bc0f0209dfbce457b3e16910
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://writbd.com/
Origin
https://writbd.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:23 GMT
SH
9291c7b1a9bd46c8c999944c8eb3a0fa
Last-Modified
Wed, 25 Nov 2020 05:40:32 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin
https://writbd.com
Cache-Control
public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
application/x-font-woff
Keep-Alive
timeout=2, max=1000
Content-Length
53428
Expires
Thu, 11 Nov 2021 16:04:23 GMT
telegroteskscreen-bold.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 		52 KB
53 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-bold.woff
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/static/factorx/css/components.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
dff75c72abbd5b70b8cf2acb31155760116d14517cc89b81d00285da85306497
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://writbd.com/
Origin
https://writbd.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:23 GMT
SH
fff2e4ee58a03de6530c33d259099cda
Last-Modified
Wed, 25 Nov 2020 06:16:23 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin
https://writbd.com
Cache-Control
public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
application/x-font-woff
Keep-Alive
timeout=2, max=1000
Content-Length
53500
Expires
Thu, 11 Nov 2021 16:04:23 GMT
telegroteskscreen-thin.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 		57 KB
57 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-thin.woff
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/static/factorx/css/components.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
3c3cff57406992d5b880806e120965b2a77f6a9ac1bbe7a781bfc9f752b4ab5c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://writbd.com/
Origin
https://writbd.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:23 GMT
SH
88d63fe29640802893c96b9b0bf83380
Last-Modified
Wed, 25 Nov 2020 06:16:22 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin
https://writbd.com
Cache-Control
public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
application/x-font-woff
Keep-Alive
timeout=2, max=1000
Content-Length
58248
Expires
Thu, 11 Nov 2021 16:04:23 GMT
telegroteskscreen-regular.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 		53 KB
54 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-regular.woff
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/static/factorx/css/components.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
b80effdb6b1baee7ad8a926a027a9f085d0b91a1b52e3a8cf34e9a6b087aad97
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://writbd.com/
Origin
https://writbd.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:23 GMT
SH
132f148de0b13348a2e3b12a1fb789b5
Last-Modified
Wed, 25 Nov 2020 06:16:22 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin
https://writbd.com
Cache-Control
public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
application/x-font-woff
Keep-Alive
timeout=2, max=1000
Content-Length
54684
Expires
Thu, 11 Nov 2021 16:04:23 GMT
teleicon-ui.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 		3 KB
3 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://accounts.login.idm.telekom.com/static/factorx/fonts/teleicon-ui.woff
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/static/factorx/css/components.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
3cf35b128c4c5dcd9bb0a12bcc009f2e46e382edec4737360a623d0052a6fe34
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://writbd.com/
Origin
https://writbd.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:23 GMT
SH
93af4dd1b134b2f36da439adedb1c728
Last-Modified
Wed, 25 Nov 2020 05:40:33 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin
https://writbd.com
Cache-Control
public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
application/x-font-woff
Keep-Alive
timeout=2, max=999
Content-Length
2736
Expires
Thu, 11 Nov 2021 16:04:23 GMT
utag.js
tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/ Frame 0DC8 		239 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/utag.js
Requested by
Host: www.telekom.de
URL: https://www.telekom.de/resources/tbs-config/phoenix_login_tracking?page=benutzer&mode=%25mode%25&context=auth&status=first_attempt
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.38.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-38-214.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
8cf9d2422c2750249fec853f27c4532cac2790daf9b6f5fe333c8a97554019f7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.telekom.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 16:04:23 GMT
content-encoding
gzip
last-modified
Wed, 03 Nov 2021 10:20:09 GMT
server
AkamaiNetStorage
etag
"528df1c0bf331d8a7eb47cfa0fb2022f:1635934809.568124"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=300
accept-ranges
bytes
content-length
62716
cookie.php
ebs10.telekom.de/opt-in/ Frame 0DC8 		0
446 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ebs10.telekom.de/opt-in/cookie.php
Requested by
Host: tags-eu.tiqcdn.com
URL: https://tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/utag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
80.158.66.21 , Germany, ASN34086 (SCZN-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.telekom.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:23 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
https://www.telekom.de
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Keep-Alive
timeout=3, max=100
Content-Length
20
X-XSS-Protection
1; mode=block
utag.223.js
tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/ Frame 0DC8 		100 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/utag.223.js?utv=ut4.44.202111011238
Requested by
Host: tags-eu.tiqcdn.com
URL: https://tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.38.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-38-214.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
ef29200ef7b4e594c2115db943e9e3c213f8fd57f236e7006c31af3d3d5876f3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.telekom.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 16:04:23 GMT
content-encoding
gzip
last-modified
Mon, 01 Nov 2021 12:39:16 GMT
server
AkamaiNetStorage
etag
"cfba4cda1ca61eb217f2915e54898d3f:1635770356.230942"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=2592000
accept-ranges
bytes
content-length
28470
utag.225.js
tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/ Frame 0DC8 		93 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/utag.225.js?utv=ut4.44.202109280848
Requested by
Host: tags-eu.tiqcdn.com
URL: https://tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.38.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-38-214.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
58f33125f5843f4e0f816b8d0e431be5e32b623b167b3f2306561fcb9e7e6450

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.telekom.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 16:04:23 GMT
content-encoding
gzip
last-modified
Tue, 28 Sep 2021 08:49:02 GMT
server
AkamaiNetStorage
etag
"c847a56c88f7b8303ef66d4391ccb554:1632818941.943838"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=2592000
accept-ranges
bytes
content-length
26233
utag.216.js
tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/ Frame 0DC8 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/utag.216.js?utv=ut4.44.202106140931
Requested by
Host: tags-eu.tiqcdn.com
URL: https://tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.38.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-38-214.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
9caa474077788819f478507a542993b1c75648f25862aa8705df955b4c691893

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.telekom.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 16:04:23 GMT
content-encoding
gzip
last-modified
Mon, 14 Jun 2021 09:31:21 GMT
server
AkamaiNetStorage
etag
"b64f3355f5097a2a2e75f1ff67066229:1623663081.566691"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=2592000
accept-ranges
bytes
content-length
2096
utag.v.js
tags-eu.tiqcdn.com/utag/tiqapp/ Frame 0DC8 		2 B
221 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags-eu.tiqcdn.com/utag/tiqapp/utag.v.js?a=telekom/phoenix/202111031019&cb=1636041863969
Requested by
Host: tags-eu.tiqcdn.com
URL: https://tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.38.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-38-214.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.telekom.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 16:04:23 GMT
content-encoding
gzip
last-modified
Thu, 14 Apr 2016 16:57:51 GMT
server
AkamaiNetStorage
etag
"7bc0ee636b3b83484fc3b9348863bd22:1460653071"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=2592000
accept-ranges
bytes
content-length
22
unsupported-browser-hint.js
ebs01.telekom.de/resout/pk/unsupported-browser-hint/ Frame 0DC8 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ebs01.telekom.de/resout/pk/unsupported-browser-hint/unsupported-browser-hint.js
Requested by
Host: tags-eu.tiqcdn.com
URL: https://tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/utag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
80.158.66.1 , Germany, ASN34086 (SCZN-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
1eeeff19180291d40aab26257151123e9c3c7dbe499e65b8173b7576251bc0fb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.telekom.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:24 GMT
Content-Encoding
gzip
Last-Modified
Wed, 23 Jun 2021 12:01:06 GMT
Server
Apache
ETag
"b5ea-5c56da953a8d5-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=100
Content-Length
17611
X-XSS-Protection
1; mode=block
wt
pix.telekom.de/196380495960676/ Frame 0DC8 		43 B
372 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.telekom.de/196380495960676/wt?p=453,www.telekom.de.privatkunden.login.benutzer,1,1600x1200,24,1,1636041864015,https%3A%2F%2Fwritbd.com%2F,1x1,0&la=en&cg1=www.telekom.de&cg2=login&cg3=benutzer&cg8=privatkunden&cg9=benutzer&cg10=authentication.login&cp44=pk-omni-sales&cp54=not-logged-in&cs1=nicht-bestandskunde&cs16=983&np=&pu=https%3A%2F%2Fwww.telekom.de%2Fresources%2Ftbs-config%2Fphoenix_login_tracking%3Fpage%3Dbenutzer%26mode%3D%2525mode%2525%26context%3Dauth%26status%3Dfirst_attempt
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.54.150.52 , Germany, ASN60164 (WEBTREKK-AS, DE),
Reverse DNS
pix.telekom.com
Software
45c48cce /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.telekom.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Nov 2021 16:04:23 GMT
last-modified
Thu, 04 Nov 2021 16:04:24 GMT
server
45c48cce
x-robots-tag
noindex, nofollow, noarchive
p3p
policyref="https://q3.webtrekk.net/w3c/p3p.xml", CP="NOI DSP IND COM NAV INT"
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, private, post-check=0, pre-check=0
content-type
image/gif;charset=UTF-8
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT
wt
pix.telekom.de/827974826901109/ Frame 0DC8 		43 B
395 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.telekom.de/827974826901109/wt?p=453,www.telekom.de.privatkunden.login.benutzer,1,1600x1200,24,1,1636041864020,https%3A%2F%2Fwritbd.com%2F,1x1,0&la=en&cg1=www.telekom.de&cg2=login&cg3=benutzer&cg8=privatkunden&cg9=benutzer&cg10=authentication.login&cp44=pk-omni-sales&cp54=not-logged-in&cp57=www.telekom.de&cs1=nicht-bestandskunde&np=&pu=https%3A%2F%2Fwww.telekom.de%2Fresources%2Ftbs-config%2Fphoenix_login_tracking%3Fpage%3Dbenutzer%26mode%3D%2525mode%2525%26context%3Dauth%26status%3Dfirst_attempt
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.54.150.52 , Germany, ASN60164 (WEBTREKK-AS, DE),
Reverse DNS
pix.telekom.com
Software
45c48cce /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.telekom.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Nov 2021 16:04:23 GMT
last-modified
Thu, 04 Nov 2021 16:04:24 GMT
server
45c48cce
x-robots-tag
noindex, nofollow, noarchive
p3p
policyref="https://q3.webtrekk.net/w3c/p3p.xml", CP="NOI DSP IND COM NAV INT"
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, private, post-check=0, pre-check=0
content-type
image/gif;charset=UTF-8
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT
teleneo-bold.woff2
ebs10.telekom.de/opt-in/font/teleneo/ Frame 0DC8 		52 KB
53 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ebs10.telekom.de/opt-in/font/teleneo/teleneo-bold.woff2
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
80.158.66.21 , Germany, ASN34086 (SCZN-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
2088675a0c256dd535f832bf6fe59b3a20f9fd46f41ef5bdb62d6ab265603728
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.telekom.de/
Origin
https://www.telekom.de
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:24 GMT
Content-Encoding
gzip
Last-Modified
Thu, 11 Mar 2021 15:57:14 GMT
Server
Apache
ETag
"d060-5bd44d64d5a72-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=100
Content-Length
53335
X-XSS-Protection
1; mode=block
teleneo-regular.woff2
ebs10.telekom.de/opt-in/font/teleneo/ Frame 0DC8 		52 KB
52 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ebs10.telekom.de/opt-in/font/teleneo/teleneo-regular.woff2
Requested by
Host: writbd.com
URL: https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
80.158.66.21 , Germany, ASN34086 (SCZN-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
2e3c8a492ea46b6bad0cb1f2a94a18d41ae3cb2fbf514f85388392cef4983d3e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.telekom.de/
Origin
https://www.telekom.de
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:24 GMT
Content-Encoding
gzip
Last-Modified
Thu, 11 Mar 2021 15:57:13 GMT
Server
Apache
ETag
"cee4-5bd44d646e22a-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=100
Content-Length
52952
X-XSS-Protection
1; mode=block
fbc
fbc.wcfbc.net/v1/ Frame 0DC8
Redirect Chain
  • https://pix.telekom.de/196380495960676/cc?a=r&c=wteid_196380495960676&t=https%3A%2F%2Ffbc.wcfbc.net%2Fv1%2Ffbc%3Fp%3D453%2C0%26acc%3D196380495960676%26t%3D1636041864363%26err%3D
  • https://fbc.wcfbc.net/v1/fbc?p=453,0&acc=196380495960676&t=1636041864363&err=&c=wteid_196380495960676&v=4163604186400871242
  • https://fbc.wcfbc.net/v1/fbc?p=453,0&acc=196380495960676&t=1636041864363&err=&c=wteid_196380495960676&v=4163604186400871242&rc
69 B
209 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fbc.wcfbc.net/v1/fbc?p=453,0&acc=196380495960676&t=1636041864363&err=&c=wteid_196380495960676&v=4163604186400871242&rc
Protocol
HTTP/1.1
Server
185.54.150.123 , Germany, ASN60164 (WEBTREKK-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash
c1a69853198ae592f980806d6d489f43d03ee49f60df58b32ad375c03127703a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.telekom.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:24 GMT
Server
nginx
Connection
keep-alive
Content-Length
69
Content-Type
image/png

Redirect headers

Location
/v1/fbc?p=453,0&acc=196380495960676&t=1636041864363&err=&c=wteid_196380495960676&v=4163604186400871242&rc
Date
Thu, 04 Nov 2021 16:04:24 GMT
Server
nginx
Connection
keep-alive
Content-Length
217
Content-Type
text/html; charset=UTF-8
fbc
fbc.wcfbc.net/v1/ Frame 0DC8
Redirect Chain
  • https://pix.telekom.de/827974826901109/cc?a=r&c=wteid_827974826901109&t=https%3A%2F%2Ffbc.wcfbc.net%2Fv1%2Ffbc%3Fp%3D453%2C0%26acc%3D827974826901109%26t%3D1636041864371%26err%3D
  • https://fbc.wcfbc.net/v1/fbc?p=453,0&acc=827974826901109&t=1636041864371&err=&c=wteid_827974826901109&v=4163604186400381711
  • https://fbc.wcfbc.net/v1/fbc?p=453,0&acc=827974826901109&t=1636041864371&err=&c=wteid_827974826901109&v=4163604186400381711&rc
69 B
209 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fbc.wcfbc.net/v1/fbc?p=453,0&acc=827974826901109&t=1636041864371&err=&c=wteid_827974826901109&v=4163604186400381711&rc
Protocol
HTTP/1.1
Server
185.54.150.123 , Germany, ASN60164 (WEBTREKK-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash
c1a69853198ae592f980806d6d489f43d03ee49f60df58b32ad375c03127703a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.telekom.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 16:04:24 GMT
Server
nginx
Connection
keep-alive
Content-Length
69
Content-Type
image/png

Redirect headers

Location
/v1/fbc?p=453,0&acc=827974826901109&t=1636041864371&err=&c=wteid_827974826901109&v=4163604186400381711&rc
Date
Thu, 04 Nov 2021 16:04:24 GMT
Server
nginx
Connection
keep-alive
Content-Length
217
Content-Type
text/html; charset=UTF-8
wt
pix.telekom.de/196380495960676/ Frame 0DC8 		43 B
268 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.telekom.de/196380495960676/wt?p=453,www.telekom.de.privatkunden.login.benutzer,1,1600x1200,24,1,1636041865012,2,1x1,0&ct=content.layer.consent-view&la=en&cg1=www.telekom.de&cg2=login&cg3=benutzer&cg8=privatkunden&cg9=benutzer&cg10=authentication.login&cp44=pk-omni-sales&cp54=not-logged-in&cs1=nicht-bestandskunde&cs16=983&pu=https%3A%2F%2Fwww.telekom.de%2Fresources%2Ftbs-config%2Fphoenix_login_tracking%3Fpage%3Dbenutzer%26mode%3D%2525mode%2525%26context%3Dauth%26status%3Dfirst_attempt
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.54.150.52 , Germany, ASN60164 (WEBTREKK-AS, DE),
Reverse DNS
pix.telekom.com
Software
45c48cce /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.telekom.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Nov 2021 16:04:24 GMT
last-modified
Thu, 04 Nov 2021 16:04:25 GMT
server
45c48cce
x-robots-tag
noindex, nofollow, noarchive
p3p
policyref="https://q3.webtrekk.net/w3c/p3p.xml", CP="NOI DSP IND COM NAV INT"
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, private, post-check=0, pre-check=0
content-type
image/gif;charset=UTF-8
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT
wt
pix.telekom.de/827974826901109/ Frame 0DC8 		43 B
247 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.telekom.de/827974826901109/wt?p=453,www.telekom.de.privatkunden.login.benutzer,1,1600x1200,24,1,1636041865014,2,1x1,0&ct=content.layer.consent-view&la=en&cg1=www.telekom.de&cg2=login&cg3=benutzer&cg8=privatkunden&cg9=benutzer&cg10=authentication.login&cp44=pk-omni-sales&cp54=not-logged-in&cp57=www.telekom.de&cs1=nicht-bestandskunde&pu=https%3A%2F%2Fwww.telekom.de%2Fresources%2Ftbs-config%2Fphoenix_login_tracking%3Fpage%3Dbenutzer%26mode%3D%2525mode%2525%26context%3Dauth%26status%3Dfirst_attempt
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.54.150.52 , Germany, ASN60164 (WEBTREKK-AS, DE),
Reverse DNS
pix.telekom.com
Software
45c48cce /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.telekom.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Nov 2021 16:04:24 GMT
last-modified
Thu, 04 Nov 2021 16:04:25 GMT
server
45c48cce
x-robots-tag
noindex, nofollow, noarchive
p3p
policyref="https://q3.webtrekk.net/w3c/p3p.xml", CP="NOI DSP IND COM NAV INT"
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, private, post-check=0, pre-check=0
content-type
image/gif;charset=UTF-8
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telekom (Telecommunication)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler boolean| accountLocked boolean| accountLockedPermanent number| accountLockExpiration boolean| loginFailed function| $ function| jQuery object| Login

7 Cookies

Domain/Path Name / Value
pix.telekom.de/827974826901109 Name: wteid_827974826901109
Value: 4163604186400381711
pix.telekom.de/827974826901109 Name: wtsid_827974826901109
Value: 1
writbd.com/ Name: PHPSESSID
Value: 1da111f1c86a6db004e4214696474b57
.telekom.de/ Name: wtsid_196380495960676
Value: 1
.telekom.de/ Name: wteid_196380495960676
Value: 4163604186400871242
pix.telekom.de/ Name: wt_nbg_Q3
Value: !lOO/El1kGcYhQbF4rilbAvsT7ogyB5lNqQ5kbp5m+tAf4mIiwfFODVtZiZzc8qDP5uF1mI8KeTOrEw==
.wcfbc.net/ Name: wt_cdbeid
Value: 0d810ec9638218556092dbadb43fe82d

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.login.idm.telekom.com
ebs01.telekom.de
ebs10.telekom.de
fbc.wcfbc.net
lns-ev.xplosion.de
pix.telekom.de
tags-eu.tiqcdn.com
writbd.com
www.telekom.de
xdn-ttp.de
185.54.150.123
185.54.150.52
2003:2:2:140:62:157:140:200
23.37.38.214
2a00:cd0:104d:1:80:82:200:32
34.240.216.139
67.222.20.115
80.158.66.1
80.158.66.21
80.158.67.40
01fa42140c7fd1e43496b320027681e75123e8121c4ff52e7a390a4ec37d9379
14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22
1eeeff19180291d40aab26257151123e9c3c7dbe499e65b8173b7576251bc0fb
2088675a0c256dd535f832bf6fe59b3a20f9fd46f41ef5bdb62d6ab265603728
295d169c7fffd85246d74c76766fe54f5f28658c0229d5ad2294a561ccf45340
2e3c8a492ea46b6bad0cb1f2a94a18d41ae3cb2fbf514f85388392cef4983d3e
3b6317d7c6288f6380f182e8bdc16b4cea82df91bc0f0209dfbce457b3e16910
3c3cff57406992d5b880806e120965b2a77f6a9ac1bbe7a781bfc9f752b4ab5c
3cf35b128c4c5dcd9bb0a12bcc009f2e46e382edec4737360a623d0052a6fe34
42d274b3c3f7c6565c2f3cc9b009770f143ceca121b91bc25f844f7040f18c94
4846b006021c37c16c53aa09e34927461ab6b26a49fb32381255dc8fbb673c83
53637a2d4745687c07969427a743c6b9207b3ba6e261fa19a61cccaab46eb316
58f33125f5843f4e0f816b8d0e431be5e32b623b167b3f2306561fcb9e7e6450
5baf3f6d6e798840ba02b6f22e9c1e7eee26abfb36fb8dc32513b2e8f3a6964c
6ebd3995a2d04fc1550f8d025400411954fdb51dcaa24def899d8fc33b2504a7
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8cf9d2422c2750249fec853f27c4532cac2790daf9b6f5fe333c8a97554019f7
9caa474077788819f478507a542993b1c75648f25862aa8705df955b4c691893
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b80effdb6b1baee7ad8a926a027a9f085d0b91a1b52e3a8cf34e9a6b087aad97
c1a69853198ae592f980806d6d489f43d03ee49f60df58b32ad375c03127703a
dff75c72abbd5b70b8cf2acb31155760116d14517cc89b81d00285da85306497
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e83c5b67f2782dc1fd5260cb35b2c10242101b5a81a49093009be2f94227bcdf
ef29200ef7b4e594c2115db943e9e3c213f8fd57f236e7006c31af3d3d5876f3
f58ecb754487f42fbec18a84421310ab268024c38ec4f4e125aefbcc26fa2fe1