telekom.t-online.de.foto-braun.de
Open in
urlscan Pro
2a01:4f8:d0a:52cb::2
Malicious Activity!
Public Scan
Effective URL: https://telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom-Login.htm
Submission: On March 22 via api from US — Scanned from US
Summary
TLS certificate: Issued by R3 on March 22nd 2024. Valid for: 3 months.
This is the only time telekom.t-online.de.foto-braun.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telekom (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 176.34.82.253 176.34.82.253 | 16509 (AMAZON-02) (AMAZON-02) | |
9 | 2a01:4f8:d0a:... 2a01:4f8:d0a:52cb::2 | 24940 (HETZNER-AS) (HETZNER-AS) | |
17 | 2 |
ASN16509 (AMAZON-02, US)
PTR: ec2-176-34-82-253.eu-west-1.compute.amazonaws.com
383878.seu2.cleverreach.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
foto-braun.de
telekom.t-online.de.foto-braun.de |
319 KB |
1 |
cleverreach.com
1 redirects
383878.seu2.cleverreach.com |
557 B |
17 | 2 |
Domain | Requested by | |
---|---|---|
9 | telekom.t-online.de.foto-braun.de |
telekom.t-online.de.foto-braun.de
|
1 | 383878.seu2.cleverreach.com | 1 redirects |
17 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.telekom.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
telekom.t-online.de.foto-braun.de R3 |
2024-03-22 - 2024-06-20 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom-Login.htm
Frame ID: 22231DA3ABF5ECB8C02C3ED4CABD7326
Requests: 16 HTTP requests in this frame
Frame:
https://telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom%20Login-Dateien/emetriq-xdn.htm
Frame ID: 2E899FD76D1B5F2D7555D25D59795858
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Telekom LoginPage URL History Show full URLs
-
https://383878.seu2.cleverreach.com/c/93241363/72f49f6d1cf1-saqywm
HTTP 302
https://telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom-Login.htm Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Datenschutzhinweisen
Search URL Search Domain Scan URL
Title: Benötigen Sie Hilfe?
Search URL Search Domain Scan URL
Title: Telekom Login erstellen
Search URL Search Domain Scan URL
Title: Hier informieren über VERIMI
Search URL Search Domain Scan URL
Title: Impressum
Search URL Search Domain Scan URL
Title: Datenschutz
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://383878.seu2.cleverreach.com/c/93241363/72f49f6d1cf1-saqywm
HTTP 302
https://telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom-Login.htm Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Telekom-Login.htm
telekom.t-online.de.foto-braun.de/telekom.t-online/ Redirect Chain
|
11 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
components.min.css
telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom%20Login-Dateien/ |
96 KB 96 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-26.02.0.css
telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom%20Login-Dateien/ |
18 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.3.min.js
telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom%20Login-Dateien/ |
88 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
components.min.js
telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom%20Login-Dateien/ |
76 KB 76 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.js
telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom%20Login-Dateien/ |
16 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webauthnJsonBundle_V_2_1_1.js
telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom%20Login-Dateien/ |
7 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webauthn_1.js
telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom%20Login-Dateien/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
telekom-logo-claim.svg
telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom%20Login-Dateien/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
t-online-logo-29112019.png
telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom%20Login-Dateien/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
services.png
telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom%20Login-Dateien/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
emetriq-xdn.htm
telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom%20Login-Dateien/ Frame 2E89 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
data_protection.svg
telekom.t-online.de.foto-braun.de/static/factorx/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
telegroteskscreen-thin.woff
telekom.t-online.de.foto-braun.de/telekom.t-online/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
telegroteskscreen-regular.woff
telekom.t-online.de.foto-braun.de/telekom.t-online/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
teleicon-outline.woff
telekom.t-online.de.foto-braun.de/telekom.t-online/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
teleicon-ui.woff
telekom.t-online.de.foto-braun.de/telekom.t-online/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- telekom.t-online.de.foto-braun.de
- URL
- https://telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom%20Login-Dateien/t-online-logo-29112019.png
- Domain
- telekom.t-online.de.foto-braun.de
- URL
- https://telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom%20Login-Dateien/services.png
- Domain
- telekom.t-online.de.foto-braun.de
- URL
- https://telekom.t-online.de.foto-braun.de/telekom.t-online/Telekom%20Login-Dateien/emetriq-xdn.htm
- Domain
- telekom.t-online.de.foto-braun.de
- URL
- https://telekom.t-online.de.foto-braun.de/static/factorx/images/data_protection.svg
- Domain
- telekom.t-online.de.foto-braun.de
- URL
- https://telekom.t-online.de.foto-braun.de/telekom.t-online/fonts/telegroteskscreen-thin.woff
- Domain
- telekom.t-online.de.foto-braun.de
- URL
- https://telekom.t-online.de.foto-braun.de/telekom.t-online/fonts/telegroteskscreen-regular.woff
- Domain
- telekom.t-online.de.foto-braun.de
- URL
- https://telekom.t-online.de.foto-braun.de/telekom.t-online/fonts/teleicon-outline.woff
- Domain
- telekom.t-online.de.foto-braun.de
- URL
- https://telekom.t-online.de.foto-braun.de/telekom.t-online/fonts/teleicon-ui.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telekom (Telecommunication)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| accountLocked boolean| accountLockedPermanent number| accountLockExpiration boolean| loginFailed function| $ function| jQuery object| Login object| webauthnJsonBundle function| isUserVerifyingPlatformAuthenticatorAvailable function| registerPasskey function| authPasskey function| autofillPasskey4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
383878.seu2.cleverreach.com/ | Name: PHPSESSID Value: aLhcJShYgsRebkuuZWfYv4nTenEEFOZUiKiuobOzlbelbPv7 |
|
383878.seu2.cleverreach.com/ | Name: cr_user Value: 7409 |
|
383878.seu2.cleverreach.com/ | Name: cr_client Value: 383878 |
|
383878.seu2.cleverreach.com/ | Name: cr_mailing Value: 15206052 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
383878.seu2.cleverreach.com
telekom.t-online.de.foto-braun.de
telekom.t-online.de.foto-braun.de
176.34.82.253
2a01:4f8:d0a:52cb::2
1281835a132ed3ad52c1b74bd9aa95ce53e135ea4ce715913cf13c32fa02e361
42d274b3c3f7c6565c2f3cc9b009770f143ceca121b91bc25f844f7040f18c94
5c39703ca6b9a762a5ed4308ed1722b8361742c4d8a4869ced5c8d6140403f95
8c76ccab67b804b2b26aee5a26d756d679acfd573ce334ee5bf86d76928e2367
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
c99b109605c23bf960d56590df41533c778cf3641e3fbc92ec89a5d7b729bf39
de50b23dc68fbc3660421fc6c415527ebab16f9a817e181c174887c084265363
f7c9a6a063bebf358281210d89deab95b3664efdaa7221d33003e76bb819481a
fd0352cfc3fcceed560a98d57216df5d03d357bca1e5b481ff1ae627427a47df