identifizierungsprozess.coba-verbund.net Open in urlscan Pro
2606:4700:3037::6815:502b Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://identifizierungsprozess.coba-verbund.net/
Effective URL:
https://identifizierungsprozess.coba-verbund.net/
Submission: On August 12 via manual (August 12th 2023, 6:34:20 pm UTC) from DE — Scanned from DE

Summary HTTP 17 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 2606:4700:3037::6815:502b, located in United States and belongs to CLOUDFLARENET, US. The main domain is identifizierungsprozess.coba-verbund.net.
TLS certificate: Issued by GTS CA 1P5 on August 12th 2023. Valid for: 3 months.

This is the only time identifizierungsprozess.coba-verbund.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telekom (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3033::ac43:ae12	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2606:4700:303... 2606:4700:3037::6815:502b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2003:2:2:140:... 2003:2:2:140:62:157:140:200	3320 (DTAG Inte...) (DTAG Internet service provider operations)
1	80.158.67.40 80.158.67.40	34086 (SCZN-AS) (SCZN-AS)
17	3

1 2606:4700:3033::ac43:ae12 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

identifizierungsprozess.coba-verbund.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:3037::6815:502b (United States)

ASN13335 (CLOUDFLARENET, US)

identifizierungsprozess.coba-verbund.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2003:2:2:140:62:157:140:200 (Germany)

ASN3320 (DTAG Internet service provider operations, DE)

accounts.login.idm.telekom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.158.67.40 (Germany)

ASN34086 (SCZN-AS, DE)

www.telekom.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	coba-verbund.net 1 redirects identifizierungsprozess.coba-verbund.net	123 KB
6	telekom.com accounts.login.idm.telekom.com — Cisco Umbrella Rank: 56721	129 KB
1	telekom.de www.telekom.de — Cisco Umbrella Rank: 113092
17	3

	Domain	Requested by
11	identifizierungsprozess.coba-verbund.net	1 redirects identifizierungsprozess.coba-verbund.net
6	accounts.login.idm.telekom.com	identifizierungsprozess.coba-verbund.net
1	www.telekom.de	identifizierungsprozess.coba-verbund.net
17	3

This site contains links to these domains. Also see Links.

Domain
www.telekom.de

Subject Issuer	Validity	Valid
coba-verbund.net GTS CA 1P5	`2023-08-12` - `2023-11-10`	3 months	crt.sh
accounts.login.idm.telekom.com Telekom Security ServerID EV Class 3 CA	`2023-07-27` - `2024-07-31`	a year	crt.sh
www.telekom.de Telekom Security ServerID OV Class 2 CA	`2023-07-03` - `2024-07-07`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://identifizierungsprozess.coba-verbund.net/
Frame ID: EE934A3825FC7F66119B739963171306
Requests: 16 HTTP requests in this frame

Frame: https://www.telekom.de/ueber-das-unternehmen/emetriq-xdn?zid=7eab1ec9-2260-46c8-9ae7-71c64b3545d9
Frame ID: 58BB5BF4C83087AEEAEE68AE0136544A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telekom Login

Page URL History Show full URLs

http://identifizierungsprozess.coba-verbund.net/ HTTP 301
https://identifizierungsprozess.coba-verbund.net/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

251 kB
Transfer

484 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.telekom.de/datenschutzhinweise/download/026.pdf
Title: Datenschutzhinweisen

Search URL Search Domain Scan URL

URL: https://www.telekom.de/hilfe/telekom-login
Title: Benötigen Sie Hilfe?

Search URL Search Domain Scan URL

URL: https://www.telekom.de/unterwegs/apps-und-dienste/kommunikation/telekom-e-mail
Title: Telekom Login erstellen

Search URL Search Domain Scan URL

URL: https://www.telekom.de/hilfe/vertrag-meine-daten/login-daten-passwoerter/verimi
Title: Hier informieren über VERIMI

Search URL Search Domain Scan URL

URL: https://www.telekom.de/impressum
Title: Impressum

Search URL Search Domain Scan URL

URL: https://www.telekom.de/ueber-das-unternehmen/datenschutz#fragen-und-antworten
Title: Datenschutz

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://identifizierungsprozess.coba-verbund.net/ HTTP 301
https://identifizierungsprozess.coba-verbund.net/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
identifizierungsprozess.coba-verbund.net/
Redirect Chain

http://identifizierungsprozess.coba-verbund.net/
https://identifizierungsprozess.coba-verbund.net/

10 KB
3 KB

368ms
335ms

Document
text/html

2606:4700:3037::6815:502b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://identifizierungsprozess.coba-verbund.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:502b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11448c1ce2821c7237c53e6b6e5c8dab033c2bc91d121630267d72e4bf03e60e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7f5acfb6db2e917d-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 12 Aug 2023 18:34:15 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KH28N%2B9U1KPfLG3oWM3W5M6X9vU%2F1CcislupwoKdVhnfgG5%2Bz58kI%2FSqEKAnHtwRckmYI78KuL9nlUbmBTGkdwS6Dm%2F%2Fjf%2BIMoEueNpK28IlbXbjAW1ijJfhrW8oK2LJ0QFr8buIm0qlWQW1510MOSI%2FL7Rnfz5PYiSGJGAV9pqHV4WG1ANU"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

CF-RAY: 7f5acfb67c2892b9-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Sat, 12 Aug 2023 18:34:15 GMT
Expires: Sat, 12 Aug 2023 19:34:15 GMT
Location: https://identifizierungsprozess.coba-verbund.net/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DkLuMaq7EoDelWnN3XsvsXNNliNIVoTIg4Gzt296DN0ME8M8dp2wM%2FVFAG2kjAS2t%2Fmq%2F228OkuhvOGTaCYXBajcg4awaTes99DfGuo%2B%2Fe5InSpX%2FswaiX9XoTQ0GDf9uWemBC1meU0RaQpTjY9ZC6g8%2Bmehw1Q8me%2FwrUHgk6JS%2BOReDOdI"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 components.min.css
identifizierungsprozess.coba-verbund.net/static/factorx/css/ 98 KB
18 KB 475ms
470ms Stylesheet
text/css 2606:4700:3037::6815:502b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://identifizierungsprozess.coba-verbund.net/static/factorx/css/components.min.css
Requested by: Host: identifizierungsprozess.coba-verbund.net
URL: https://identifizierungsprozess.coba-verbund.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:502b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f58ecb754487f42fbec18a84421310ab268024c38ec4f4e125aefbcc26fa2fe1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://identifizierungsprozess.coba-verbund.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 18:34:16 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 16 May 2023 18:43:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"188ab-5fbd3f1e5a880-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PNo6CuT8FY4SXXG41uPSGWXeHAnoY9T9wPNpHwhtpu1umKxloLwL%2B6XugGTDo2l%2F8c4QNOGdJatUVCwQQ7TkmyAIumQWtJlH3hJPq3S9%2BlJfDT0A3Lmw09x9tRcid8oDoIpG3lFs6Wy4t%2FnJwxp%2BVALFeL%2BxWnqcnthUOAu7TbVXitDBioWT"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7f5acfb90e07917d-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 login-25.06.0.css
identifizierungsprozess.coba-verbund.net/static/factorx/css/ 19 KB
4 KB 337ms
333ms Stylesheet
text/css 2606:4700:3037::6815:502b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://identifizierungsprozess.coba-verbund.net/static/factorx/css/login-25.06.0.css
Requested by: Host: identifizierungsprozess.coba-verbund.net
URL: https://identifizierungsprozess.coba-verbund.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:502b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 83bd22cccb10027fa1d1d570e70b6f215ecddd6a3e5548dd1dba327d53f06cee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://identifizierungsprozess.coba-verbund.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 18:34:16 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 16 May 2023 18:51:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"4a39-5fbd40fedd564-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NX2bLx5EPgrXNgmckgmFukjYYgRyLAU8T1%2FIIpYLwIDLlYn5jhWePIeEhJ0lj%2FhEb1ODRGhAf9jxVo2zQicg0OaYGofBm6cS13txhLrHiP0BUL36K8DWwMLECtRX8qRxqabEyJOvedWxex70pyf8KFjbrO9SapkQPpQZr8%2BZTRWGeYfQ0CxL"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7f5acfb90e08917d-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery-3.2.1.min.js Show response
identifizierungsprozess.coba-verbund.net/static/factorx/js/ 85 KB
31 KB 486ms
482ms Script
application/javascript 2606:4700:3037::6815:502b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://identifizierungsprozess.coba-verbund.net/static/factorx/js/jquery-3.2.1.min.js
Requested by: Host: identifizierungsprozess.coba-verbund.net
URL: https://identifizierungsprozess.coba-verbund.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:502b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://identifizierungsprozess.coba-verbund.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 18:34:16 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 16 May 2023 18:43:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"15283-5fbd3f237a101-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Guod%2FrijgdXWPvD0cDMyudDEVPfO8lDGrHmrw1uL%2FwBg6MLm2rdtTgbsr1PHYnpAzyhhQKe2npnHlc%2BlQlknKKfOLyz%2FSm9T9ihI3TWnGegVMCiPpCmSu0Y2FvK7WS4Dmq2HRYOLNcMrwovxlGeM19IwgUuzAz5m99JDw9%2B75tFfcrt5hRrn"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7f5acfb90e0a917d-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery-matchheight-0.7.2.min.js Show response
identifizierungsprozess.coba-verbund.net/static/factorx/js/ 3 KB
2 KB 342ms
338ms Script
application/javascript 2606:4700:3037::6815:502b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://identifizierungsprozess.coba-verbund.net/static/factorx/js/jquery-matchheight-0.7.2.min.js
Requested by: Host: identifizierungsprozess.coba-verbund.net
URL: https://identifizierungsprozess.coba-verbund.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:502b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ebd3995a2d04fc1550f8d025400411954fdb51dcaa24def899d8fc33b2504a7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://identifizierungsprozess.coba-verbund.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 18:34:16 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 16 May 2023 18:43:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"d30-5fbd3f237a101-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h3i68v4Ad3ZY%2Fv27mMtx2p1KvbVskTlFtS8YS16aQO9Pf4wCBRJA2vTZDPkOoS0aw5ihNsCrWDhhyHs07brIR5qg%2FfTNcDa8FnynQzq592tw4%2FtXtVZtCn9OKdYMAgozVoGcsHWqtOQ4Mk8RXTAPqKglmkqHUI%2FblqxzNM9%2BLrQxqAybiPEE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7f5acfb90e0b917d-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 components.min.js Show response
identifizierungsprozess.coba-verbund.net/static/factorx/js/ 76 KB
23 KB 483ms
480ms Script
application/javascript 2606:4700:3037::6815:502b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://identifizierungsprozess.coba-verbund.net/static/factorx/js/components.min.js
Requested by: Host: identifizierungsprozess.coba-verbund.net
URL: https://identifizierungsprozess.coba-verbund.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:502b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42d274b3c3f7c6565c2f3cc9b009770f143ceca121b91bc25f844f7040f18c94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://identifizierungsprozess.coba-verbund.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 18:34:16 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 16 May 2023 18:43:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"12f8a-5fbd3f202778b-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ygi4ZkM9ZITmlT5jwkEYk6dt23Y32%2BMa4WEECmoY%2FdeF%2F7iSNi7eMpBmekd8YCB5%2FtZ08UCf%2F5C1XzNked84pNpw73feYhzXjZYh53Fd1gDM00izMkT18f6RTxe9lWOaE0EUnovr5G1HoD2AS%2BUJwA7hpppYhAVkpULgTOD9Eka31YFVez%2FV"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7f5acfb90e0d917d-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 login.js Show response
identifizierungsprozess.coba-verbund.net/static/factorx/js/ 17 KB
4 KB 329ms
327ms Script
application/javascript 2606:4700:3037::6815:502b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://identifizierungsprozess.coba-verbund.net/static/factorx/js/login.js
Requested by: Host: identifizierungsprozess.coba-verbund.net
URL: https://identifizierungsprozess.coba-verbund.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:502b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ebdecd626a8b90569845752ff2127d026d88f4b314440627bf1987acdec5595

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://identifizierungsprozess.coba-verbund.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 18:34:16 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 16 May 2023 18:43:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"446d-5fbd3f239d382-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0RyNqBdkcjNXb24vNhlyztGen7EQWWYyMyrZNoGYKiHnm0uF5cKGz39NRYGB7pxv0ybntfR%2B6uLmIakDy9mMdKBYeQUJZNTnt1eNAM7uoDihIFEcMN92yZosWbXro%2B%2Bhx71fyIThauZNdQIj59A2IKR802FBpXjeef%2BhKphMOUlxgX7rbmAf"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7f5acfb90e0e917d-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 behavioweb_form_2021-06-24.min.js Show response
identifizierungsprozess.coba-verbund.net/static/factorx/js/ 22 KB
8 KB 324ms
322ms Script
application/javascript 2606:4700:3037::6815:502b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://identifizierungsprozess.coba-verbund.net/static/factorx/js/behavioweb_form_2021-06-24.min.js
Requested by: Host: identifizierungsprozess.coba-verbund.net
URL: https://identifizierungsprozess.coba-verbund.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:502b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6bc4cb95356938694c444e05063a18fb77ef9a804edc1a1a8c9a9f6460f95533

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://identifizierungsprozess.coba-verbund.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 18:34:16 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 16 May 2023 18:43:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"56a0-5fbd3f1f131a4-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0dz5Tj2KaczCF8dSdhpNULJ161cjcnNvgoGJt%2BHXJw9JPLf1jlXY0K%2BA5JKL1Z8eeIIh3unTL9oyGVPdL9kzajJdFRrsuUo2dmRJ5lQDk856jHJmLcmJaGn%2BJ5QMOjWK0YG8hC4m8wzley9Ew2iHaMF4vah1xFsPDz%2FkObfxFQebGmvquQHB"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7f5acfb90e0f917d-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 telekom-logo-claim.svg
accounts.login.idm.telekom.com/static/factorx/images/ 5 KB
5 KB 164ms
17ms Image
image/svg+xml 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://accounts.login.idm.telekom.com/static/factorx/images/telekom-logo-claim.svg

Requested by

Host: identifizierungsprozess.coba-verbund.net
URL: https://identifizierungsprozess.coba-verbund.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

5c39703ca6b9a762a5ed4308ed1722b8361742c4d8a4869ced5c8d6140403f95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://identifizierungsprozess.coba-verbund.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 12 Aug 2023 18:34:16 GMT
sh: 93af4dd1b134b2f36da439adedb1c728
last-modified: Wed, 18 Jan 2023 06:23:52 GMT
server: Apache
p3p: CP="NOI CURa TAIa OUR NOR UNI"
content-type: image/svg+xml
cache-control: public
accept-ranges: bytes
content-length: 5001
expires: Sat, 12 Aug 2023 19:34:16 GMT

GET
H3 200 t-online-logo-29112019.png
identifizierungsprozess.coba-verbund.net/www.t-online.de/auth/ 6 KB
6 KB 322ms
322ms Image
image/png 2606:4700:3037::6815:502b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://identifizierungsprozess.coba-verbund.net/www.t-online.de/auth/t-online-logo-29112019.png
Requested by: Host: identifizierungsprozess.coba-verbund.net
URL: https://identifizierungsprozess.coba-verbund.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:502b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11eed36ec8f3c28fd90958d9881d080cf237ab18d6792dd22785e729f06795ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://identifizierungsprozess.coba-verbund.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 18:34:16 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 16 May 2023 18:43:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "16db-5fbd3f0d34dae"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z0Ncu8Ra%2Fk0n%2BqqvSaaVDB7rf9RD8W0uQqg3ExgA52uBF6QWraQv68CMqbp8NcM5XeOa%2BxRoI%2FYTMOfXMit9O7fDwLE3l0ETYkVRGABLEkaMFUdCyLg4FgNhzm2F%2FUDbqXl5Ixgh%2FXVelnxsUGupjoNokXHH8jZrkVbrLEl343w92bUqe732"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7f5acfbc28e7995d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 5851

GET
H3 200 services.png
identifizierungsprozess.coba-verbund.net/static/factorx/images/ 22 KB
23 KB 332ms
332ms Image
image/png 2606:4700:3037::6815:502b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://identifizierungsprozess.coba-verbund.net/static/factorx/images/services.png
Requested by: Host: identifizierungsprozess.coba-verbund.net
URL: https://identifizierungsprozess.coba-verbund.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:502b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://identifizierungsprozess.coba-verbund.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 18:34:16 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 16 May 2023 18:43:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "5877-5fbd3f1ebe242"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P1Cvy%2B58Sq9VQRffFfuvFLQyW5u%2FjlKfC7HeFENuGA%2F2i%2FW18yYpKG9WIxdEn4r8N%2F6DTUPuALowId0PJBbxksxxDJqX%2Be%2Bvy1%2BMOkQFYmhKQin6VSbi8d3b4hBpcoujqCa7%2FnT7OymDWF2mSlmGpPwSzMUXv7Q%2Bx5OwVLfEyGfxQqXQCd1J"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7f5acfbc591c995d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 22647

GET
H2 200 emetriq-xdn
www.telekom.de/ueber-das-unternehmen/ Frame 58BB 0
0 98ms
42ms Document
text/html 80.158.67.40
SCZN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.telekom.de/ueber-das-unternehmen/emetriq-xdn?zid=7eab1ec9-2260-46c8-9ae7-71c64b3545d9

Requested by

Host: identifizierungsprozess.coba-verbund.net
URL: https://identifizierungsprozess.coba-verbund.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

80.158.67.40 , Germany, ASN34086 (SCZN-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://identifizierungsprozess.coba-verbund.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-disposition: inline; filename="emetriq-xdn.htm"
content-language: de-DE
content-length: 951
content-type: text/html;charset=UTF-8
date: Sat, 12 Aug 2023 18:34:16 GMT
expires: 0
pragma: no-cache
server: Apache
strict-transport-security: max-age=16070400; includeSubDomains
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
x-cache: MISS
x-content-type-options: nosniff
x-frame-options: DENY
x-varnish: 162142106
x-xss-protection: 1; mode=block
xkey: 698752

GET
H2 200 data_protection.svg
accounts.login.idm.telekom.com/static/factorx/images/ 673 B
894 B 123ms
16ms Image
image/svg+xml 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://accounts.login.idm.telekom.com/static/factorx/images/data_protection.svg

Requested by

Host: identifizierungsprozess.coba-verbund.net
URL: https://identifizierungsprozess.coba-verbund.net/static/factorx/css/login-25.06.0.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

53637a2d4745687c07969427a743c6b9207b3ba6e261fa19a61cccaab46eb316

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://identifizierungsprozess.coba-verbund.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 12 Aug 2023 18:34:16 GMT
sh: 93af4dd1b134b2f36da439adedb1c728
last-modified: Wed, 25 Nov 2020 05:40:33 GMT
server: Apache
p3p: CP="NOI CURa TAIa OUR NOR UNI"
content-type: image/svg+xml
cache-control: public
accept-ranges: bytes
content-length: 673
expires: Sat, 12 Aug 2023 19:34:16 GMT

GET
H2 200 telegroteskscreen-thin.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 57 KB
57 KB 121ms
14ms Font
application/x-font-woff 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-thin.woff

Requested by

Host: identifizierungsprozess.coba-verbund.net
URL: https://identifizierungsprozess.coba-verbund.net/static/factorx/css/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

3c3cff57406992d5b880806e120965b2a77f6a9ac1bbe7a781bfc9f752b4ab5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://identifizierungsprozess.coba-verbund.net/
Origin: https://identifizierungsprozess.coba-verbund.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 12 Aug 2023 18:34:16 GMT
sh: 88d63fe29640802893c96b9b0bf83380
last-modified: Wed, 25 Nov 2020 06:16:22 GMT
server: Apache
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://identifizierungsprozess.coba-verbund.net
content-type: application/x-font-woff
cache-control: public
accept-ranges: bytes
content-length: 58248
expires: Sat, 19 Aug 2023 18:34:16 GMT

GET
H2 200 telegroteskscreen-regular.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 53 KB
54 KB 119ms
12ms Font
application/x-font-woff 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-regular.woff

Requested by

Host: identifizierungsprozess.coba-verbund.net
URL: https://identifizierungsprozess.coba-verbund.net/static/factorx/css/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

b80effdb6b1baee7ad8a926a027a9f085d0b91a1b52e3a8cf34e9a6b087aad97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://identifizierungsprozess.coba-verbund.net/
Origin: https://identifizierungsprozess.coba-verbund.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 12 Aug 2023 18:34:16 GMT
sh: 88d63fe29640802893c96b9b0bf83380
last-modified: Wed, 25 Nov 2020 06:16:22 GMT
server: Apache
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://identifizierungsprozess.coba-verbund.net
content-type: application/x-font-woff
cache-control: public
accept-ranges: bytes
content-length: 54684
expires: Sat, 19 Aug 2023 18:34:16 GMT

GET
H2 200 teleicon-outline.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 9 KB
9 KB 120ms
13ms Font
application/x-font-woff 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/fonts/teleicon-outline.woff

Requested by

Host: identifizierungsprozess.coba-verbund.net
URL: https://identifizierungsprozess.coba-verbund.net/static/factorx/css/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

01fa42140c7fd1e43496b320027681e75123e8121c4ff52e7a390a4ec37d9379

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://identifizierungsprozess.coba-verbund.net/
Origin: https://identifizierungsprozess.coba-verbund.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 12 Aug 2023 18:34:16 GMT
sh: 88d63fe29640802893c96b9b0bf83380
last-modified: Wed, 25 Nov 2020 06:16:22 GMT
server: Apache
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://identifizierungsprozess.coba-verbund.net
content-type: application/x-font-woff
cache-control: public
accept-ranges: bytes
content-length: 8824
expires: Sat, 19 Aug 2023 18:34:16 GMT

GET
H2 200 teleicon-ui.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 3 KB
3 KB 105ms
15ms Font
application/x-font-woff 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/fonts/teleicon-ui.woff

Requested by

Host: identifizierungsprozess.coba-verbund.net
URL: https://identifizierungsprozess.coba-verbund.net/static/factorx/css/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

3cf35b128c4c5dcd9bb0a12bcc009f2e46e382edec4737360a623d0052a6fe34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://identifizierungsprozess.coba-verbund.net/
Origin: https://identifizierungsprozess.coba-verbund.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 12 Aug 2023 18:34:16 GMT
sh: 88d63fe29640802893c96b9b0bf83380
last-modified: Wed, 25 Nov 2020 06:16:22 GMT
server: Apache
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://identifizierungsprozess.coba-verbund.net
content-type: application/x-font-woff
cache-control: public
accept-ranges: bytes
content-length: 2736
expires: Sat, 19 Aug 2023 18:34:16 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telekom (Telecommunication)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			identifizierungsprozess.coba-verbund.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: arseibbig6r4kv190ffefkdgg0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.telekom.de/' in a frame because it set 'X-Frame-Options' to 'deny'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.login.idm.telekom.com
identifizierungsprozess.coba-verbund.net
www.telekom.de
2003:2:2:140:62:157:140:200
2606:4700:3033::ac43:ae12
2606:4700:3037::6815:502b
80.158.67.40
01fa42140c7fd1e43496b320027681e75123e8121c4ff52e7a390a4ec37d9379
11448c1ce2821c7237c53e6b6e5c8dab033c2bc91d121630267d72e4bf03e60e
11eed36ec8f3c28fd90958d9881d080cf237ab18d6792dd22785e729f06795ba
14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22
3c3cff57406992d5b880806e120965b2a77f6a9ac1bbe7a781bfc9f752b4ab5c
3cf35b128c4c5dcd9bb0a12bcc009f2e46e382edec4737360a623d0052a6fe34
42d274b3c3f7c6565c2f3cc9b009770f143ceca121b91bc25f844f7040f18c94
53637a2d4745687c07969427a743c6b9207b3ba6e261fa19a61cccaab46eb316
5c39703ca6b9a762a5ed4308ed1722b8361742c4d8a4869ced5c8d6140403f95
6bc4cb95356938694c444e05063a18fb77ef9a804edc1a1a8c9a9f6460f95533
6ebd3995a2d04fc1550f8d025400411954fdb51dcaa24def899d8fc33b2504a7
83bd22cccb10027fa1d1d570e70b6f215ecddd6a3e5548dd1dba327d53f06cee
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8ebdecd626a8b90569845752ff2127d026d88f4b314440627bf1987acdec5595
b80effdb6b1baee7ad8a926a027a9f085d0b91a1b52e3a8cf34e9a6b087aad97
f58ecb754487f42fbec18a84421310ab268024c38ec4f4e125aefbcc26fa2fe1

identifizierungsprozess.coba-verbund.net Open in urlscan Pro 2606:4700:3037::6815:502b Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

75 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

251 kBTransfer

484 kBSize

1 Cookies

6 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

identifizierungsprozess.coba-verbund.net Open in urlscan Pro
2606:4700:3037::6815:502b Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

251 kB
Transfer

484 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!