![](/screenshots/f7d0b239-e5a3-40e5-9ee2-99eaeee0b7e3.png)
myblog-gmdh60bqw9.live-website.com
Open in
urlscan Pro
2001:8d8:100f:f000::200
Malicious Activity!
Public Scan
Effective URL: https://myblog-gmdh60bqw9.live-website.com/wp/Telekomlogin.html
Submission: On June 21 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on May 24th 2024. Valid for: a year.
This is the only time myblog-gmdh60bqw9.live-website.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telekom (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.230.228.124 54.230.228.124 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 44.209.98.209 44.209.98.209 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 213.187.12.47 213.187.12.47 | 50316 (NET_GLOBA...) (NET_GLOBAL_SRL) | |
1 21 | 2001:8d8:100f... 2001:8d8:100f:f000::200 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
22 | 3 |
ASN16509 (AMAZON-02, US)
PTR: server-54-230-228-124.muc50.r.cloudfront.net
url6691.getjobber.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-44-209-98-209.compute-1.amazonaws.com
lofty-octagonal-volleyball.glitch.me |
ASN50316 (NET_GLOBAL_SRL, IT)
PTR: 47-12-187-213.4all.it
paolosalvagnin.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
live-website.com
1 redirects
myblog-gmdh60bqw9.live-website.com |
208 KB |
1 |
paolosalvagnin.com
paolosalvagnin.com |
638 B |
1 |
glitch.me
lofty-octagonal-volleyball.glitch.me |
892 B |
1 |
getjobber.com
1 redirects
url6691.getjobber.com — Cisco Umbrella Rank: 177958 |
444 B |
22 | 4 |
Domain | Requested by | |
---|---|---|
21 | myblog-gmdh60bqw9.live-website.com |
1 redirects
myblog-gmdh60bqw9.live-website.com
|
1 | paolosalvagnin.com | |
1 | lofty-octagonal-volleyball.glitch.me | |
1 | url6691.getjobber.com | 1 redirects |
22 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
glitch.com Amazon RSA 2048 M03 |
2023-12-04 - 2025-01-01 |
a year | crt.sh |
paolosalvagnin.com R3 |
2024-05-10 - 2024-08-08 |
3 months | crt.sh |
*.live-website.com GeoTrust TLS RSA CA G1 |
2024-05-24 - 2025-06-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://myblog-gmdh60bqw9.live-website.com/wp/Telekomlogin.html
Frame ID: 1AAEE2E7E66E236545B3700A16760D3C
Requests: 22 HTTP requests in this frame
Screenshot
![](/screenshots/f7d0b239-e5a3-40e5-9ee2-99eaeee0b7e3.png)
Page Title
Telekom LoginPage URL History Show full URLs
-
https://url6691.getjobber.com/ls/click?upn=u001.XceLEBvGn4A6YrNGT1HHhlt9mLWtgz-2BAYdtWP7u1Ntm14967hx1O49yN...
HTTP 302
https://lofty-octagonal-volleyball.glitch.me/ Page URL
- https://paolosalvagnin.com/impianto43435/wf6c7meine7675/ Page URL
- https://myblog-gmdh60bqw9.live-website.com/wp/Telekomlogin.html Page URL
Detected technologies
Detected patterns
- /wp-(?:content|includes)/
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://url6691.getjobber.com/ls/click?upn=u001.XceLEBvGn4A6YrNGT1HHhlt9mLWtgz-2BAYdtWP7u1Ntm14967hx1O49yNK4KspY8FaKYfQjGqG04D4E0kenp9ZQ-3D-3Dzf9t_Gcp5CaaY8pSoRm5FzYs-2FxqD2nif43x3RnhUMu2GrG84G31EMjhTs3KMODQW7qrkjMzRNdzKU5zaAd8062DC0sMJ-2FJSffBVsb3ZCA4Cz3yMcmEKq3MJYom-2FwK-2F4pbgq14bHgpY4-2F8hM62cfxgJNuwI1cUk7o31nFOSqB2sOdE-2FZYSMt9jjIqs6OGTK0cMu-2FStCRKyRCmPqYSicDfdolVc-2Bz0iOUJkFkpiyT8NPyje94MWZkRW8c536IsanQnP-2Fu8ReILwSQXTAShsPg5kM54YMAKSzhz-2BHE4CdyNXxJirRfB1TlSBaerEaz8sHtw6xoCBgvK-2BgTHMfqakO81Xzvs6G-2FOkaq4BnH8TZVzRajQSyhH1zIKOvz1vapZ4dcQlssjK1hpRJdblMrJktGtG5LeZpQ-3D-3D
HTTP 302
https://lofty-octagonal-volleyball.glitch.me/ Page URL
- https://paolosalvagnin.com/impianto43435/wf6c7meine7675/ Page URL
- https://myblog-gmdh60bqw9.live-website.com/wp/Telekomlogin.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://url6691.getjobber.com/ls/click?upn=u001.XceLEBvGn4A6YrNGT1HHhlt9mLWtgz-2BAYdtWP7u1Ntm14967hx1O49yNK4KspY8FaKYfQjGqG04D4E0kenp9ZQ-3D-3Dzf9t_Gcp5CaaY8pSoRm5FzYs-2FxqD2nif43x3RnhUMu2GrG84G31EMjhTs3KMODQW7qrkjMzRNdzKU5zaAd8062DC0sMJ-2FJSffBVsb3ZCA4Cz3yMcmEKq3MJYom-2FwK-2F4pbgq14bHgpY4-2F8hM62cfxgJNuwI1cUk7o31nFOSqB2sOdE-2FZYSMt9jjIqs6OGTK0cMu-2FStCRKyRCmPqYSicDfdolVc-2Bz0iOUJkFkpiyT8NPyje94MWZkRW8c536IsanQnP-2Fu8ReILwSQXTAShsPg5kM54YMAKSzhz-2BHE4CdyNXxJirRfB1TlSBaerEaz8sHtw6xoCBgvK-2BgTHMfqakO81Xzvs6G-2FOkaq4BnH8TZVzRajQSyhH1zIKOvz1vapZ4dcQlssjK1hpRJdblMrJktGtG5LeZpQ-3D-3D HTTP 302
- https://lofty-octagonal-volleyball.glitch.me/
- https://myblog-gmdh60bqw9.live-website.com/favicon.ico HTTP 302
- https://myblog-gmdh60bqw9.live-website.com/wp-includes/images/w-logo-blue-white-bg.png
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
lofty-octagonal-volleyball.glitch.me/ Redirect Chain
|
515 B 892 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
paolosalvagnin.com/impianto43435/wf6c7meine7675/ |
522 B 638 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
Telekomlogin.html
myblog-gmdh60bqw9.live-website.com/wp/ |
7 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
components.min.css
myblog-gmdh60bqw9.live-website.com/wp/Telekom%20Login_files/ |
96 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-25.00.0.css
myblog-gmdh60bqw9.live-website.com/wp/Telekom%20Login_files/ |
18 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js.download
myblog-gmdh60bqw9.live-website.com/wp/Telekom%20Login_files/ |
85 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-matchheight-0.7.2.min.js.download
myblog-gmdh60bqw9.live-website.com/wp/Telekom%20Login_files/ |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
components.min.js.download
myblog-gmdh60bqw9.live-website.com/wp/Telekom%20Login_files/ |
76 KB 22 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.js.download
myblog-gmdh60bqw9.live-website.com/wp/Telekom%20Login_files/ |
17 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
behavioweb_form_2021-06-24.min.js.download
myblog-gmdh60bqw9.live-website.com/wp/Telekom%20Login_files/ |
22 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t-online-logo-29112019.png
myblog-gmdh60bqw9.live-website.com/wp/Telekom%20Login_files/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-eye-display.svg
myblog-gmdh60bqw9.live-website.com/wp/images/ |
56 KB 56 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
data_protection.svg
myblog-gmdh60bqw9.live-website.com/static/factorx/images/ |
56 KB 56 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
teleicon-outline.woff
myblog-gmdh60bqw9.live-website.com/wp/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
telegroteskscreen-ultra.woff
myblog-gmdh60bqw9.live-website.com/wp/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
telegroteskscreen-thin.woff
myblog-gmdh60bqw9.live-website.com/wp/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
telegroteskscreen-regular.woff
myblog-gmdh60bqw9.live-website.com/wp/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
teleicon-outline.ttf
myblog-gmdh60bqw9.live-website.com/wp/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
telegroteskscreen-ultra.ttf
myblog-gmdh60bqw9.live-website.com/wp/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
telegroteskscreen-thin.ttf
myblog-gmdh60bqw9.live-website.com/wp/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
telegroteskscreen-regular.ttf
myblog-gmdh60bqw9.live-website.com/wp/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w-logo-blue-white-bg.png
myblog-gmdh60bqw9.live-website.com/wp-includes/images/ Redirect Chain
|
4 KB 4 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telekom (Telecommunication)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage boolean| accountLocked boolean| accountLockedPermanent number| accountLockExpiration boolean| loginFailed function| $ function| jQuery object| Login function| Monitor object| bw boolean| K0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
10 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
lofty-octagonal-volleyball.glitch.me
myblog-gmdh60bqw9.live-website.com
paolosalvagnin.com
url6691.getjobber.com
2001:8d8:100f:f000::200
213.187.12.47
44.209.98.209
54.230.228.124
11eed36ec8f3c28fd90958d9881d080cf237ab18d6792dd22785e729f06795ba
125296e1f123e0cd61c3a80d1d44fd6518af3bdbacd52917d819550007c8e702
1335368541607a1ec22e3b39daecce5a04ebdfe42f2d58a5db21dedbdbe78e97
1358923710816dc0ed74a6276d0917f173fc34bb3af584c45084f5adf7a2ff60
42d274b3c3f7c6565c2f3cc9b009770f143ceca121b91bc25f844f7040f18c94
6bc4cb95356938694c444e05063a18fb77ef9a804edc1a1a8c9a9f6460f95533
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
6ebd3995a2d04fc1550f8d025400411954fdb51dcaa24def899d8fc33b2504a7
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8ebdecd626a8b90569845752ff2127d026d88f4b314440627bf1987acdec5595
9d34f2b8d86dfcbbdb3da353eb04b805b0bf60cd3d90e8a0a1723f2dfff7a916
e37558416f7f8ca4fb315cd424bda701eab80b0d2ff688b862926e037e401a33
f7c9a6a063bebf358281210d89deab95b3664efdaa7221d33003e76bb819481a