web.br.de
Open in
urlscan Pro
194.187.162.174
Public Scan
URL:
http://web.br.de/interaktiv/winnti/english/
Submission: On August 29 via api from US
Submission: On August 29 via api from US
Summary
This website contacted 6 IPs
in 3 countries
across 4 domains to perform 15 HTTP transactions.
The main IP is 194.187.162.174, located in
Munich, Germany and
belongs to BRNET, DE.
The main domain is web.br.de.
This is the only time web.br.de was scanned on urlscan.io!
This is the only time web.br.de was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 10 | 194.187.162.174 194.187.162.174 | 35739 (BRNET) (BRNET) | |
| 1 | 23.43.121.84 23.43.121.84 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 91.215.100.39 91.215.100.39 | 43407 (INFONLINE-AS) (INFONLINE-AS) | |
| 1 | 184.31.89.48 184.31.89.48 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 2 | 52.49.204.15 52.49.204.15 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 15 | 6 |
1
23.43.121.84
(Netherlands)
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-43-121-84.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-43-121-84.deploy.static.akamaitechnologies.com
| tag.aticdn.net |
1
184.31.89.48
(Netherlands)
ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-89-48.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-89-48.deploy.static.akamaitechnologies.com
| www.br.de |
2
52.49.204.15
(Dublin, Ireland)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-49-204-15.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-49-204-15.eu-west-1.compute.amazonaws.com
| logs1413.xiti.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 11 |
br.de
web.br.de www.br.de |
215 KB |
| 2 |
xiti.com
1 redirects
logs1413.xiti.com |
649 B |
| 1 |
ioam.de
script.ioam.de de.ioam.de Failed |
11 KB |
| 1 |
aticdn.net
tag.aticdn.net |
16 KB |
| 15 | 4 |
| Domain | Requested by | |
|---|---|---|
| 10 | web.br.de |
web.br.de
|
| 2 | logs1413.xiti.com |
1 redirects
web.br.de
|
| 1 | www.br.de |
web.br.de
|
| 1 | script.ioam.de |
web.br.de
|
| 1 | tag.aticdn.net |
web.br.de
|
| 0 | de.ioam.de Failed |
script.ioam.de
|
| 15 | 6 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.facebook.com |
| twitter.com |
| www.syssec.ruhr-uni-bochum.de |
| www.youtube.com |
| github.com |
| br.de |
| ndr.de |
| www.spiegel.de |
| www.wiwo.de |
| www.justice.gov |
| tagesschau.de |
| www.br.de |
| www.daserste.de |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| tag.aticdn.net GeoTrust RSA CA 2018 |
2019-01-25 - 2020-03-25 |
a year | crt.sh |
| *.ioam.de COMODO RSA Organization Validation Secure Server CA |
2017-12-22 - 2020-12-21 |
3 years | crt.sh |
| 1970-01-01 - 1970-01-01 |
a few seconds | crt.sh | |
| *.br.de GeoTrust RSA CA 2018 |
2019-03-15 - 2020-06-13 |
a year | crt.sh |
| *.xiti.com Thawte RSA CA 2018 |
2019-03-12 - 2020-05-22 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
http://web.br.de/interaktiv/winnti/english/
Frame ID: 7DC06BB5B8C6F59E96B8461B74FCA662
Requests: 14 HTTP requests in this frame
Frame:
https://www.br.de/mediathek/podcast/embed?episode=1684073
Frame ID: 47F3872578B521EADA813460F9723D80
Requests: 1 HTTP requests in this frame
19 Outgoing links
These are links going to different origins than the main page.
URL: https://www.facebook.com/sharer/sharer.php?u=http%3A//br24.de/winnti/english
Title:
Title:
Search URL Search Domain Scan URL
URL: https://twitter.com/intent/tweet?url=https://br24.de/winnti/english&text=Winnti+is+a+notorious+group+of+%E2%80%9Chackers+for+hire%E2%80%9D%2C+which+successfully+infiltrated+major+companies+around+the+world.+An+in-depth+investigation+shows+how+they+operate+and+what+mistakes+they+made.&hashtags=infosec,cybersecurity&via=br24&related=ndr,br_data,br_recherche
Title:
Title:
Search URL Search Domain Scan URL
URL: https://www.syssec.ruhr-uni-bochum.de/chair/staff/mcontag/
Title: Moritz Contag
Title: Moritz Contag
Search URL Search Domain Scan URL
URL: https://www.youtube.com/watch?v=1bSjVFawpqs
Title: In a commercial on Youtube
Title: In a commercial on Youtube
Search URL Search Domain Scan URL
URL: https://github.com/br-data/2019-winnti-analyse
Title: here
Title: here
Search URL Search Domain Scan URL
URL: https://br.de/
Search URL Search Domain Scan URL
URL: https://ndr.de/
Search URL Search Domain Scan URL
URL: https://www.spiegel.de/plus/teamviewer-wie-hacker-das-deutsche-vorzeige-start-up-ausspionierten-a-00000000-0002-0001-0000-000163955857
Title: “Spiegel” magazine was the first to report about it
Title: “Spiegel” magazine was the first to report about it
Search URL Search Domain Scan URL
URL: https://www.wiwo.de/my/technologie/digitale-welt/attacke-auf-thyssenkrupp-schon-2016-griff-winnti-an-exklusiver-report-aus-dem-auge-des-sturms/14949912.html
Title: six-month defensive battle
Title: six-month defensive battle
Search URL Search Domain Scan URL
URL: https://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal
Title: the US government brought charges against ten Chinese nationals
Title: the US government brought charges against ten Chinese nationals
Search URL Search Domain Scan URL
URL: http://tagesschau.de/investigativ/ndr/winnti-101.html
Title: <img src="../assets/images/tagesschau.jpg" alt="Logo Tagesschau.de"> Tagesschau.de: Industriespionage: Mehrere Dax-Firmen von Hackerangriff betroffen
Title: <img src="../assets/images/tagesschau.jpg" alt="Logo Tagesschau.de"> Tagesschau.de: Industriespionage: Mehrere Dax-Firmen von Hackerangriff betroffen
Search URL Search Domain Scan URL
URL: https://www.br.de/radio/b5-aktuell/sendungen/der-funkstreifzug/index.html
Title: <img src="../assets/images/funkstreifzug.jpg" alt="Logo Funkstreifzug"> Der Funkstreifzug: Hackerangriffe auf deutsche Dax-Unternehmen
Title: <img src="../assets/images/funkstreifzug.jpg" alt="Logo Funkstreifzug"> Der Funkstreifzug: Hackerangriffe auf deutsche Dax-Unternehmen
Search URL Search Domain Scan URL
URL: https://www.daserste.de/information/wirtschaft-boerse/plusminus/sendung/daten-gefahr-unternehmen-100.html
Title: <img src="../assets/images/plusminus.jpg" alt="Logo Plusminus.de"> Plusminus: Deutsche Unternehmen stärker im Visier von Industriespionen (Mai 2019).
Title: <img src="../assets/images/plusminus.jpg" alt="Logo Plusminus.de"> Plusminus: Deutsche Unternehmen stärker im Visier von Industriespionen (Mai 2019).
Search URL Search Domain Scan URL
URL: https://br.de/recherche
Title: BR Recherche
Title: BR Recherche
Search URL Search Domain Scan URL
URL: https://www.br.de/extra/br-data/index.html
Title: BR Data
Title: BR Data
Search URL Search Domain Scan URL
URL: https://www.br.de/nachrichten/
Search URL Search Domain Scan URL
URL: https://www.br.de/unternehmen/service/impressum/index.html
Title: Impressum
Title: Impressum
Search URL Search Domain Scan URL
URL: https://www.br.de/unternehmen/service/impressum/impressum-datenschutzerklaerung-unternehmen100.html
Title: Datenschutz
Title: Datenschutz
Search URL Search Domain Scan URL
URL: https://www.br.de/
Title: Bayerischer Rundfunk 2019
Title: Bayerischer Rundfunk 2019
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- https://logs1413.xiti.com/hit.xiti?s=596277&ts=1567078681097&vtag=5.14.0&ptag=js&r=1600x1200x24x24&re=1600x1200&hl=13x38x1&lng=en-US&idp=1338018658038&jv=0&p=winnti-english&s2=19&vrn=1&x1=[Sonstiges]&x2=[ohne%20Wellenbezug]&x5=[keine%20Sendereihe]&x6=[Artikel]&x7=[winnti-english]&x8=[Attacking%20the%20Heart%20of%20the%20German%20Industry]&x10=20190611&x11=[https://web.br.de/interaktiv/winnti/english]&x12=[winnti-english]&x13=null&x14=[Web]&ref= HTTP 302
- https://logs1413.xiti.com/hit.xiti?s=596277&ts=1567078681097&vtag=5.14.0&ptag=js&r=1600x1200x24x24&re=1600x1200&hl=13x38x1&lng=en-US&idp=1338018658038&jv=0&p=winnti-english&s2=19&vrn=1&x1=[Sonstiges]&x2=[ohne%20Wellenbezug]&x5=[keine%20Sendereihe]&x6=[Artikel]&x7=[winnti-english]&x8=[Attacking%20the%20Heart%20of%20the%20German%20Industry]&x10=20190611&x11=[https://web.br.de/interaktiv/winnti/english]&x12=[winnti-english]&x13=null&x14=[Web]&ref=&Rdt=On
15 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
 Cookie set
/
web.br.de/interaktiv/winnti/english/ |
90 KB 90 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
smarttag.js
tag.aticdn.net/596277/ |
51 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
iam.js
script.ioam.de/ |
34 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bundle.css
web.br.de/interaktiv/winnti/css/ |
17 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
br-logo.svg
web.br.de/interaktiv/winnti/assets/images/ |
812 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ndr-logo.svg
web.br.de/interaktiv/winnti/assets/images/ |
751 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
br24-logo.svg
web.br.de/interaktiv/winnti/assets/images/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
app.js
web.br.de/interaktiv/winnti/js/ |
57 KB 57 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
embed
www.br.de/mediathek/podcast/ Frame 47F3 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
icons.woff2
web.br.de/interaktiv/winnti/assets/fonts/ |
6 KB 6 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
open-sans-v16-latin-700.woff2
web.br.de/interaktiv/winnti/assets/fonts/ |
15 KB 15 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
open-sans-v16-latin-300.woff2
web.br.de/interaktiv/winnti/assets/fonts/ |
15 KB 15 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
exo-v9-latin-700.woff2
web.br.de/interaktiv/winnti/assets/fonts/ |
10 KB 11 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
hit.xiti
logs1413.xiti.com/ Redirect Chain
|
35 B 100 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
tx.io
de.ioam.de/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- de.ioam.de
- URL
- https://de.ioam.de/tx.io?st=bronline&cp=br_online%2Fnachrichten%2F&pt=CP&ps=lin&er=N22&rf=&r2=&ur=web.br.de&xy=1600x1200x24&lo=NL%2Fn.a.&cb=0010&i2=0010f96f6f2f474c05d67b919&ep=1590140975&vr=415&id=sxnjyl&i3=nocookie&n1=1&dntt=0<=1567078681100&ev=&cs=bdxoe8&mo=1
Verdicts & Comments Add Verdict or Comment
6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ATInternet function| ATCustomEvent string| szmvars object| iom string| referrer object| tag0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
de.ioam.de
logs1413.xiti.com
script.ioam.de
tag.aticdn.net
web.br.de
www.br.de
de.ioam.de
184.31.89.48
194.187.162.174
23.43.121.84
52.49.204.15
91.215.100.39
11b27c8f30ea92ac31081241f36106448d082996a9d06fae27e9b334672933fe
1674379ea7287ba0b89ef95dae4d94ddfc7d4a19bbf307b3c34cd9f77fbdbb24
324a7442145dcfb3b5c2027916be84159f185f075b2486ca96b9e3e03d5148f2
53c300b5bc6236ae296bf482603e60d42d728756f00e7a0b02adff8141195fe6
5455e446157d5dafe72db38af0fdfe9f3563a40d04ef4d4dee880ac683429b0e
6727046810181ce128da55c77ec780af7402197036e68300ae2ee45de51d9917
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b
81497ef20e95d5b2343304852fef2c9684a3b91cd4a049b26a676fec0a201750
8b84365ba2da54c10a180cb577f710749b2d49110e491e6d13f0181648bf1979
bc95bd1bc756a1701ba74d8d3c30c49d1eae346751f9da2f611ea1cf620ed59f
e969c19c4e1535c3f378123777022ce7d258e8e9c6851637a213c85f23fed98b
f677ee2d82dfb11f08175f673cf3f065b0d5e491b4485e01259a492715c746e2