www.brasserie111.it - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 104.18.43.205, located in San Francisco, United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.brasserie111.it.

This is the only time www.brasserie111.it was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telekom (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
2 3	104.18.43.205 104.18.43.205	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
6	62.157.140.200 62.157.140.200	3320 (DTAG Inte...) (DTAG Internet service provider operations)
7	2

3 104.18.43.205 (San Francisco, United States) 2 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.brasserie111.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 62.157.140.200 (Germany)

ASN3320 (DTAG Internet service provider operations, DE)
PTR: accounts.login.idm.telekom.com

accounts.login.idm.telekom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	telekom.com accounts.login.idm.telekom.com	87 KB
3	brasserie111.it 2 redirects www.brasserie111.it	5 KB
7	2

	Domain	Requested by
6	accounts.login.idm.telekom.com	www.brasserie111.it
3	www.brasserie111.it	2 redirects
7	2

This site contains links to these domains. Also see Links.

Domain
meinkonto.telekom-dienste.de

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf/
Frame ID: (7174BB1AF852554E9D8147D74013CF0C)
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/ HTTP 302
http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf HTTP 301
http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf/ Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Page Statistics

7
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

91 kB
Transfer

101 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://meinkonto.telekom-dienste.de/konto/registrierung/?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.claimed_id=https%3A%2F%2Fmeinkonto.telekom-dienste.de%2Fkonto%2Fregistrierung%2F&openid.identity=https%3A%2F%2Fmeinkonto.telekom-dienste.de%2Fkonto%2Fregistrierung%2F&openid.return_to=https%3A%2F%2Faccounts.login.idm.telekom.com%2Fsso%3Ftid%3D5e78c4bd-b41b-409f-a193-9798b6d68434&openid.realm=https%3A%2F%2Faccounts.login.idm.telekom.com%2F&openid.mode=checkid_setup&openid.ns.ext1=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ext1.mode=fetch_request&openid.ext1.type.attr1=urn%3Atelekom.com%3Aanid&openid.ext1.type.attr2=urn%3Atelekom.com%3Aguid&openid.ext1.required=attr1%2Cattr2&regp=freemail&sid=email
Title: Registrieren

Search URL Search Domain Scan URL

URL: https://meinkonto.telekom-dienste.de/wiederherstellung/passwort/index.xhtml
Title: Passwort vergessen?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/ HTTP 302
http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf HTTP 301
http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf/
Redirect Chain

http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/
http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf
http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf/

9 KB
4 KB

19ms
18ms

Document
text/html

104.18.43.205
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf/

Protocol

HTTP/1.1

Server

104.18.43.205 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

460837b602c1a6feedf86c8e25bc756d577f4789447b3311edafa6556c525ef7

Security Headers

Name	Value
X-Content-Type-Options	nosniffâ
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Connection: keep-alive
Accept-Encoding: gzip, deflate
Cookie: __cfduid=db16d28247dd4f07b4099069ae10753011518407659
Host: www.brasserie111.it
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 12 Feb 2018 03:54:19 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniffâ
Last-Modified: Mon, 12 Feb 2018 03:54:18 GMT
Server: cloudflare
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 3ebc9b1d856f96ac-FRA
Vary: Accept-Encoding,User-Agent
X-XSS-Protection: 1; mode=block
Expires: Mon, 12 Feb 2018 04:54:18 GMT

Redirect headers

Date: Mon, 12 Feb 2018 03:54:19 GMT
Server: cloudflare
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=iso-8859-1
Location: http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf/
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 3ebc9b1d756e96ac-FRA
Expires: Mon, 12 Feb 2018 04:54:18 GMT

GET
H/1.1 200
OK web_lazy_font.min.css
accounts.login.idm.telekom.com/static/css/ 10 KB
3 KB 62ms
11ms Stylesheet
text/css 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/css/web_lazy_font.min.css

Requested by

Host: www.brasserie111.it
URL: http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf/

Protocol

HTTP/1.1

Server

62.157.140.200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

fe4d4c713ab42d26a821d8e526958acdf76d2ae9d4a3dbcb1fe757c0bedda554

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 12 Feb 2018 03:54:19 GMT
Content-Encoding: gzip
SH: e0d34848729da03ab3a0d991b86dffee
Last-Modified: Wed, 06 Nov 2013 06:33:52 GMT
Server: Apache
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: text/css
Keep-Alive: timeout=2, max=1000
Content-Length: 2478
Expires: Mon, 19 Feb 2018 03:54:19 GMT

GET
H/1.1 200
OK login-information-bubble.min.js Show response
accounts.login.idm.telekom.com/static/jscript/ 1 KB
995 B 62ms
12ms Script
text/javascript 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/jscript/login-information-bubble.min.js

Requested by

Host: www.brasserie111.it
URL: http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf/

Protocol

HTTP/1.1

Server

62.157.140.200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

e6ec6456b73e851bc7dca0ea35513f36da9be07c92e4aac61485bf7ef674dc84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 12 Feb 2018 03:54:19 GMT
Content-Encoding: gzip
SH: 88d63fe29640802893c96b9b0bf83380
Last-Modified: Wed, 09 Jul 2014 05:56:29 GMT
Server: Apache
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: text/javascript
Keep-Alive: timeout=2, max=1000
Content-Length: 497
Expires: Mon, 19 Feb 2018 03:54:19 GMT

GET
H/1.1 200
OK bg-header-web.png
accounts.login.idm.telekom.com/static/css/images/web/ 98 B
541 B 11ms
11ms Image
image/png 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://accounts.login.idm.telekom.com/static/css/images/web/bg-header-web.png

Requested by

Host: www.brasserie111.it
URL: http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf/

Protocol

HTTP/1.1

Server

62.157.140.200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

f01cc09c1caa77810d0a5315f5d3f1129713bed386269fd71543a08e151bf2af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://accounts.login.idm.telekom.com/static/css/web_lazy_font.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 12 Feb 2018 03:54:19 GMT
SH: 88d63fe29640802893c96b9b0bf83380
Last-Modified: Wed, 27 Mar 2013 09:39:20 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=2, max=999
Content-Length: 98
Expires: Mon, 19 Feb 2018 03:54:19 GMT

GET
H/1.1 200
OK logo_short_50x25.png
accounts.login.idm.telekom.com/static/css/images/ 310 B
754 B 11ms
11ms Image
image/png 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://accounts.login.idm.telekom.com/static/css/images/logo_short_50x25.png

Requested by

Host: www.brasserie111.it
URL: http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf/

Protocol

HTTP/1.1

Server

62.157.140.200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

5a1e69517c76c1fda68cff8b3b6fb6b7773a4b75932684b72b0a23325b14c5fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://accounts.login.idm.telekom.com/static/css/web_lazy_font.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 12 Feb 2018 03:54:19 GMT
SH: e0d34848729da03ab3a0d991b86dffee
Last-Modified: Wed, 27 Mar 2013 09:39:20 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=2, max=999
Content-Length: 310
Expires: Mon, 19 Feb 2018 03:54:19 GMT

GET
H/1.1 200
OK TeleGroteskNormal.woff
accounts.login.idm.telekom.com/static/css/fonts/ 80 KB
81 KB 58ms
10ms Font
application/x-font-woff 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/css/fonts/TeleGroteskNormal.woff

Requested by

Host: www.brasserie111.it
URL: http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf/

Protocol

HTTP/1.1

Server

62.157.140.200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

419bf2f4f4f833e2dc27e13167c8be728b59fa2a20400df58ff8a32d974eba55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: https://accounts.login.idm.telekom.com/static/css/web_lazy_font.min.css
Origin: http://www.brasserie111.it

Response headers

Date: Mon, 12 Feb 2018 03:54:19 GMT
SH: 111d007b5fbc0de380d01f5690ba5809
Last-Modified: Wed, 27 Mar 2013 09:39:19 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin: http://www.brasserie111.it
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/x-font-woff
Keep-Alive: timeout=2, max=1000
Content-Length: 82424
Expires: Mon, 19 Feb 2018 03:54:19 GMT

GET
H/1.1 200
OK icons_16x16.png
accounts.login.idm.telekom.com/static/images/sprites/ 431 B
875 B 21ms
10ms Image
image/png 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://accounts.login.idm.telekom.com/static/images/sprites/icons_16x16.png

Requested by

Host: www.brasserie111.it
URL: http://www.brasserie111.it/t-cloud/Tmobile/p2017_storage/tonline/34ec9772fb9719a2e4e1567bf/

Protocol

HTTP/1.1

Server

62.157.140.200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

c51918b2e8a90ec12f396f1fbda614322033a6897a6812c58233f8ad4d4e1c2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://accounts.login.idm.telekom.com/static/css/web_lazy_font.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 12 Feb 2018 03:54:19 GMT
SH: 88d63fe29640802893c96b9b0bf83380
Last-Modified: Wed, 06 Nov 2013 06:34:03 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=2, max=998
Content-Length: 431
Expires: Mon, 19 Feb 2018 03:54:19 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telekom (Telecommunication)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.brasserie111.it/	1970-01-18 22:32:23	Name: __cfduid Value: db16d28247dd4f07b4099069ae10753011518407659

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniffâ
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.login.idm.telekom.com
www.brasserie111.it
104.18.43.205
62.157.140.200
419bf2f4f4f833e2dc27e13167c8be728b59fa2a20400df58ff8a32d974eba55
460837b602c1a6feedf86c8e25bc756d577f4789447b3311edafa6556c525ef7
5a1e69517c76c1fda68cff8b3b6fb6b7773a4b75932684b72b0a23325b14c5fd
c51918b2e8a90ec12f396f1fbda614322033a6897a6812c58233f8ad4d4e1c2a
e6ec6456b73e851bc7dca0ea35513f36da9be07c92e4aac61485bf7ef674dc84
f01cc09c1caa77810d0a5315f5d3f1129713bed386269fd71543a08e151bf2af
fe4d4c713ab42d26a821d8e526958acdf76d2ae9d4a3dbcb1fe757c0bedda554

www.brasserie111.it Open in urlscan Pro 104.18.43.205 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

91 kBTransfer

101 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

www.brasserie111.it Open in urlscan Pro
104.18.43.205 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

91 kB
Transfer

101 kB
Size

1
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!