web.br.de
Open in
urlscan Pro
194.187.162.174
Public Scan
Submitted URL: https://web.br.de/interaktiv/winnti/english
Effective URL: http://web.br.de/interaktiv/winnti/english/
Submission: On October 09 via api from US
Effective URL: http://web.br.de/interaktiv/winnti/english/
Submission: On October 09 via api from US
Summary
This website contacted 7 IPs
in 3 countries
across 4 domains to perform 21 HTTP transactions.
The main IP is 194.187.162.174, located in
Munich, Germany and
belongs to BRNET, DE.
The main domain is web.br.de.
This is the only time web.br.de was scanned on urlscan.io!
This is the only time web.br.de was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 12 | 194.187.162.174 194.187.162.174 | 35739 (BRNET) (BRNET) | |
| 1 | 23.45.99.146 23.45.99.146 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 91.215.100.39 91.215.100.39 | 43407 (INFONLINE-AS) (INFONLINE-AS) | |
| 1 | 184.31.89.48 184.31.89.48 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 2 | 34.254.129.236 34.254.129.236 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 2 | 91.215.103.65 91.215.103.65 | 43407 (INFONLINE-AS) (INFONLINE-AS) | |
| 5 | 194.187.162.162 194.187.162.162 | 35739 (BRNET) (BRNET) | |
| 21 | 7 |
1
23.45.99.146
(Netherlands)
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-99-146.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-99-146.deploy.static.akamaitechnologies.com
| tag.aticdn.net |
1
184.31.89.48
(Netherlands)
ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-89-48.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-89-48.deploy.static.akamaitechnologies.com
| www.br.de |
2
34.254.129.236
(Dublin, Ireland)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-254-129-236.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-254-129-236.eu-west-1.compute.amazonaws.com
| logs1413.xiti.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 18 |
br.de
1 redirects
web.br.de www.br.de ddj.br.de |
419 KB |
| 3 |
ioam.de
1 redirects
script.ioam.de de.ioam.de |
13 KB |
| 2 |
xiti.com
1 redirects
logs1413.xiti.com |
650 B |
| 1 |
aticdn.net
tag.aticdn.net |
16 KB |
| 21 | 4 |
| Domain | Requested by | |
|---|---|---|
| 12 | web.br.de |
1 redirects
web.br.de
|
| 5 | ddj.br.de |
web.br.de
|
| 2 | de.ioam.de |
1 redirects
web.br.de
|
| 2 | logs1413.xiti.com |
1 redirects
web.br.de
|
| 1 | www.br.de |
web.br.de
|
| 1 | script.ioam.de |
web.br.de
|
| 1 | tag.aticdn.net |
web.br.de
|
| 21 | 7 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.facebook.com |
| twitter.com |
| www.syssec.ruhr-uni-bochum.de |
| www.youtube.com |
| github.com |
| br.de |
| ndr.de |
| www.spiegel.de |
| www.wiwo.de |
| www.justice.gov |
| tagesschau.de |
| www.br.de |
| www.daserste.de |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| tag.aticdn.net GeoTrust RSA CA 2018 |
2019-01-25 - 2020-03-25 |
a year | crt.sh |
| *.ioam.de COMODO RSA Organization Validation Secure Server CA |
2017-12-22 - 2020-12-21 |
3 years | crt.sh |
| *.br.de GeoTrust RSA CA 2018 |
2019-03-15 - 2020-06-13 |
a year | crt.sh |
| *.xiti.com Thawte RSA CA 2018 |
2019-03-12 - 2020-05-22 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
http://web.br.de/interaktiv/winnti/english/
Frame ID: C37DC41291B96DFE6CC2B88024FCFACD
Requests: 20 HTTP requests in this frame
Frame:
https://www.br.de/mediathek/podcast/embed?episode=1684073
Frame ID: 1F83A7190B858539B50857E79BB29715
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://web.br.de/interaktiv/winnti/english
HTTP 301
http://web.br.de/interaktiv/winnti/english/ Page URL
Detected technologies
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
19 Outgoing links
These are links going to different origins than the main page.
URL: https://www.facebook.com/sharer/sharer.php?u=http%3A//br24.de/winnti/english
Title:
Title:
Search URL Search Domain Scan URL
URL: https://twitter.com/intent/tweet?url=https://br24.de/winnti/english&text=Winnti+is+a+notorious+group+of+%E2%80%9Chackers+for+hire%E2%80%9D%2C+which+successfully+infiltrated+major+companies+around+the+world.+An+in-depth+investigation+shows+how+they+operate+and+what+mistakes+they+made.&hashtags=infosec,cybersecurity&via=br24&related=ndr,br_data,br_recherche
Title:
Title:
Search URL Search Domain Scan URL
URL: https://www.syssec.ruhr-uni-bochum.de/chair/staff/mcontag/
Title: Moritz Contag
Title: Moritz Contag
Search URL Search Domain Scan URL
URL: https://www.youtube.com/watch?v=1bSjVFawpqs
Title: In a commercial on Youtube
Title: In a commercial on Youtube
Search URL Search Domain Scan URL
URL: https://github.com/br-data/2019-winnti-analyse
Title: here
Title: here
Search URL Search Domain Scan URL
URL: https://br.de/
Search URL Search Domain Scan URL
URL: https://ndr.de/
Search URL Search Domain Scan URL
URL: https://www.spiegel.de/plus/teamviewer-wie-hacker-das-deutsche-vorzeige-start-up-ausspionierten-a-00000000-0002-0001-0000-000163955857
Title: “Spiegel” magazine was the first to report about it
Title: “Spiegel” magazine was the first to report about it
Search URL Search Domain Scan URL
URL: https://www.wiwo.de/my/technologie/digitale-welt/attacke-auf-thyssenkrupp-schon-2016-griff-winnti-an-exklusiver-report-aus-dem-auge-des-sturms/14949912.html
Title: six-month defensive battle
Title: six-month defensive battle
Search URL Search Domain Scan URL
URL: https://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal
Title: the US government brought charges against ten Chinese nationals
Title: the US government brought charges against ten Chinese nationals
Search URL Search Domain Scan URL
URL: http://tagesschau.de/investigativ/ndr/winnti-101.html
Title: <img src="../assets/images/tagesschau.jpg" alt="Logo Tagesschau.de"> Tagesschau.de: Industriespionage: Mehrere Dax-Firmen von Hackerangriff betroffen
Title: <img src="../assets/images/tagesschau.jpg" alt="Logo Tagesschau.de"> Tagesschau.de: Industriespionage: Mehrere Dax-Firmen von Hackerangriff betroffen
Search URL Search Domain Scan URL
URL: https://www.br.de/radio/b5-aktuell/sendungen/der-funkstreifzug/index.html
Title: <img src="../assets/images/funkstreifzug.jpg" alt="Logo Funkstreifzug"> Der Funkstreifzug: Hackerangriffe auf deutsche Dax-Unternehmen
Title: <img src="../assets/images/funkstreifzug.jpg" alt="Logo Funkstreifzug"> Der Funkstreifzug: Hackerangriffe auf deutsche Dax-Unternehmen
Search URL Search Domain Scan URL
URL: https://www.daserste.de/information/wirtschaft-boerse/plusminus/sendung/daten-gefahr-unternehmen-100.html
Title: <img src="../assets/images/plusminus.jpg" alt="Logo Plusminus.de"> Plusminus: Deutsche Unternehmen stärker im Visier von Industriespionen (Mai 2019).
Title: <img src="../assets/images/plusminus.jpg" alt="Logo Plusminus.de"> Plusminus: Deutsche Unternehmen stärker im Visier von Industriespionen (Mai 2019).
Search URL Search Domain Scan URL
URL: https://br.de/recherche
Title: BR Recherche
Title: BR Recherche
Search URL Search Domain Scan URL
URL: https://www.br.de/extra/br-data/index.html
Title: BR Data
Title: BR Data
Search URL Search Domain Scan URL
URL: https://www.br.de/nachrichten/
Search URL Search Domain Scan URL
URL: https://www.br.de/unternehmen/service/impressum/index.html
Title: Impressum
Title: Impressum
Search URL Search Domain Scan URL
URL: https://www.br.de/unternehmen/service/impressum/impressum-datenschutzerklaerung-unternehmen100.html
Title: Datenschutz
Title: Datenschutz
Search URL Search Domain Scan URL
URL: https://www.br.de/
Title: Bayerischer Rundfunk 2019
Title: Bayerischer Rundfunk 2019
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://web.br.de/interaktiv/winnti/english
HTTP 301
http://web.br.de/interaktiv/winnti/english/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- https://logs1413.xiti.com/hit.xiti?s=596277&ts=1570653677669&vtag=5.14.0&ptag=js&r=1600x1200x24x24&re=1600x1200&hl=22x41x17&lng=en-US&idp=2241179437217&jv=0&p=winnti-english&s2=19&vrn=1&x1=[Sonstiges]&x2=[ohne%20Wellenbezug]&x5=[keine%20Sendereihe]&x6=[Artikel]&x7=[winnti-english]&x8=[Attacking%20the%20Heart%20of%20the%20German%20Industry]&x10=20190611&x11=[https://web.br.de/interaktiv/winnti/english]&x12=[winnti-english]&x13=null&x14=[Web]&ref= HTTP 302
- https://logs1413.xiti.com/hit.xiti?s=596277&ts=1570653677669&vtag=5.14.0&ptag=js&r=1600x1200x24x24&re=1600x1200&hl=22x41x17&lng=en-US&idp=2241179437217&jv=0&p=winnti-english&s2=19&vrn=1&x1=[Sonstiges]&x2=[ohne%20Wellenbezug]&x5=[keine%20Sendereihe]&x6=[Artikel]&x7=[winnti-english]&x8=[Attacking%20the%20Heart%20of%20the%20German%20Industry]&x10=20190611&x11=[https://web.br.de/interaktiv/winnti/english]&x12=[winnti-english]&x13=null&x14=[Web]&ref=&Rdt=On
- https://de.ioam.de/tx.io?st=bronline&cp=br_online%2Fnachrichten%2F&pt=CP&ps=lin&er=N22&rf=&r2=&ur=web.br.de&xy=1600x1200x24&lo=NL%2FUtrecht&cb=0011&i2=001156e503c5d17f75d9e45ed&ep=1601827578&vr=415&id=sxnjyl&i3=nocookie&n1=1&dntt=0<=1570653677672&ev=&cs=q2n7wl&mo=1 HTTP 302
- https://de.ioam.de/tx.io?st=bronline&cp=br_online%2Fnachrichten%2F&pt=CP&ps=lin&er=N22&rf=&r2=&ur=web.br.de&xy=1600x1200x24&lo=NL%2FUtrecht&cb=0011&i2=001156e503c5d17f75d9e45ed&ep=1601827578&vr=415&id=sxnjyl&i3=nocookie&n1=1&dntt=0<=1570653677672&ev=&cs=q2n7wl&mo=1&sr=71
21 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
web.br.de/interaktiv/winnti/english/ Redirect Chain
|
90 KB 90 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
smarttag.js
tag.aticdn.net/596277/ |
51 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
iam.js
script.ioam.de/ |
34 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bundle.css
web.br.de/interaktiv/winnti/css/ |
17 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
br-logo.svg
web.br.de/interaktiv/winnti/assets/images/ |
812 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ndr-logo.svg
web.br.de/interaktiv/winnti/assets/images/ |
751 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
br24-logo.svg
web.br.de/interaktiv/winnti/assets/images/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
app.js
web.br.de/interaktiv/winnti/js/ |
57 KB 57 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
embed
www.br.de/mediathek/podcast/ Frame 1F83 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
icons.woff2
web.br.de/interaktiv/winnti/assets/fonts/ |
6 KB 6 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
open-sans-v16-latin-700.woff2
web.br.de/interaktiv/winnti/assets/fonts/ |
15 KB 15 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
open-sans-v16-latin-300.woff2
web.br.de/interaktiv/winnti/assets/fonts/ |
15 KB 15 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
exo-v9-latin-700.woff2
web.br.de/interaktiv/winnti/assets/fonts/ |
10 KB 11 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
hit.xiti
logs1413.xiti.com/ Redirect Chain
|
35 B 100 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tx.io
de.ioam.de/ Redirect Chain
|
0 694 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
track
ddj.br.de/analytics/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
track
ddj.br.de/analytics/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
track
ddj.br.de/analytics/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
track
ddj.br.de/analytics/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
hacker.jpg
web.br.de/interaktiv/winnti/assets/images/ |
204 KB 204 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
track
ddj.br.de/analytics/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| ATInternet function| ATCustomEvent string| szmvars object| iom string| referrer object| tag1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| web.br.de/ | Name: SERVERID Value: s3 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ddj.br.de
de.ioam.de
logs1413.xiti.com
script.ioam.de
tag.aticdn.net
web.br.de
www.br.de
184.31.89.48
194.187.162.162
194.187.162.174
23.45.99.146
34.254.129.236
91.215.100.39
91.215.103.65
11b27c8f30ea92ac31081241f36106448d082996a9d06fae27e9b334672933fe
1674379ea7287ba0b89ef95dae4d94ddfc7d4a19bbf307b3c34cd9f77fbdbb24
324a7442145dcfb3b5c2027916be84159f185f075b2486ca96b9e3e03d5148f2
5455e446157d5dafe72db38af0fdfe9f3563a40d04ef4d4dee880ac683429b0e
6727046810181ce128da55c77ec780af7402197036e68300ae2ee45de51d9917
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b
81497ef20e95d5b2343304852fef2c9684a3b91cd4a049b26a676fec0a201750
8b84365ba2da54c10a180cb577f710749b2d49110e491e6d13f0181648bf1979
8f20bb7d0c25591483e161b7301e5707bbba0b18b53d6c514b420d7f328b01fe
bc95bd1bc756a1701ba74d8d3c30c49d1eae346751f9da2f611ea1cf620ed59f
c9b50ed9391a3e68709667f956b696532c056f3db7a73c09a00373c4025799ec
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e969c19c4e1535c3f378123777022ce7d258e8e9c6851637a213c85f23fed98b
f677ee2d82dfb11f08175f673cf3f065b0d5e491b4485e01259a492715c746e2