urlscan.io logo urlscan.io
SecurityTrails logo

mail-telekom-pro.cfolks.pl Open in urlscan Pro
185.208.164.59  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://is.gd/QND9nD
Effective URL: https://mail-telekom-pro.cfolks.pl/home/content/login.php
Submission: On October 28 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 4 countries across 4 domains to perform 15 HTTP transactions. The main IP is 185.208.164.59, located in Poland and belongs to CF-GDA, PL. The main domain is mail-telekom-pro.cfolks.pl.
TLS certificate: Issued by Certum Domain Validation CA SHA2 on July 25th 2024. Valid for: a year.
This is the only time mail-telekom-pro.cfolks.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telekom (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
2 2 103.61.228.11 134367 (GIBZTECH-...)
2 15 185.208.164.59 41079 (CF-GDA)
2 104.17.24.14 13335 (CLOUDFLAR...)
15 3
Apex Domain
Subdomains		 Transfer
15 cfolks.pl
mail-telekom-pro.cfolks.pl
1 MB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 220
38 KB
2 eathergroup.com.au
www.eathergroup.com.au
707 B
1 is.gd
is.gd — Cisco Umbrella Rank: 167573
369 B
15 4
Domain Requested by
15 mail-telekom-pro.cfolks.pl 2 redirects mail-telekom-pro.cfolks.pl
2 cdnjs.cloudflare.com mail-telekom-pro.cfolks.pl
2 www.eathergroup.com.au 2 redirects
1 is.gd 1 redirects
15 4

This site contains no links.

Subject Issuer Validity Valid
*.cfolks.pl
Certum Domain Validation CA SHA2		 2024-07-25 -
2025-07-25		 a year crt.sh
cdnjs.cloudflare.com
WE1		 2024-09-28 -
2024-12-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://mail-telekom-pro.cfolks.pl/home/content/login.php
Frame ID: AD6C6CD2555A47CC3FBE3CCFCB4A869C
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Willkommen

Page URL History Show full URLs

  1. https://is.gd/QND9nD HTTP 301
    https://www.eathergroup.com.au/telekom_red/telekom_red_612?164269809331 HTTP 301
    https://www.eathergroup.com.au/telekom_red/telekom_red_612/?164269809331 HTTP 302
    https://mail-telekom-pro.cfolks.pl/home HTTP 301
    https://mail-telekom-pro.cfolks.pl/home/ HTTP 302
    https://mail-telekom-pro.cfolks.pl/home/content/login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

4
Countries

1154 kB
Transfer

1498 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://is.gd/QND9nD HTTP 301
    https://www.eathergroup.com.au/telekom_red/telekom_red_612?164269809331 HTTP 301
    https://www.eathergroup.com.au/telekom_red/telekom_red_612/?164269809331 HTTP 302
    https://mail-telekom-pro.cfolks.pl/home HTTP 301
    https://mail-telekom-pro.cfolks.pl/home/ HTTP 302
    https://mail-telekom-pro.cfolks.pl/home/content/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
mail-telekom-pro.cfolks.pl/home/content/
Redirect Chain
  • https://is.gd/QND9nD
  • https://www.eathergroup.com.au/telekom_red/telekom_red_612?164269809331
  • https://www.eathergroup.com.au/telekom_red/telekom_red_612/?164269809331
  • https://mail-telekom-pro.cfolks.pl/home
  • https://mail-telekom-pro.cfolks.pl/home/
  • https://mail-telekom-pro.cfolks.pl/home/content/login.php
12 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mail-telekom-pro.cfolks.pl/home/content/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
185.208.164.59 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s59.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
21b78301b6f0f291085813e267d9bdc2adc2447fa286943c19b51ae1cfd5a848

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control
no-store, no-cache, must-revalidate
content-encoding
br
content-length
3311
content-type
text/html; charset=UTF-8
date
Mon, 28 Oct 2024 09:28:10 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
LiteSpeed
vary
Accept-Encoding,User-Agent

Redirect headers

cache-control
no-cache, no-store, must-revalidate, max-age=0
content-encoding
br
content-length
407
content-type
text/html; charset=UTF-8
date
Mon, 28 Oct 2024 09:28:10 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
./content/login.php
pragma
no-cache
server
LiteSpeed
vary
Accept-Encoding,User-Agent
style.css
mail-telekom-pro.cfolks.pl/home/content/layout/css/ 		281 KB
71 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mail-telekom-pro.cfolks.pl/home/content/layout/css/style.css
Requested by
Host: mail-telekom-pro.cfolks.pl
URL: https://mail-telekom-pro.cfolks.pl/home/content/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
185.208.164.59 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s59.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
44c8604dada0c98ec9893a125d5fc223067c32bda337956a660b6afe687e9645

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://mail-telekom-pro.cfolks.pl/home/content/login.php

Response headers

cache-control
public, max-age=604800
content-encoding
br
etag
"46339-6588e307-635874fd52154879;br"
expires
Mon, 04 Nov 2024 09:28:10 GMT
accept-ranges
bytes
content-length
72528
date
Mon, 28 Oct 2024 09:28:10 GMT
content-type
text/css
last-modified
Mon, 25 Dec 2023 02:03:51 GMT
vary
Accept-Encoding,User-Agent
server
LiteSpeed
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/ 		58 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Requested by
Host: mail-telekom-pro.cfolks.pl
URL: https://mail-telekom-pro.cfolks.pl/home/content/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://mail-telekom-pro.cfolks.pl/

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"613fa20b-28de"
age
406440
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W4iOWav5d%2F0sIOa9BTE6c%2FT0nUy%2BUwf0EkIL1r2tzrvgLq%2BKB0%2BFtZp4Zf33DocHcnJUpDHDTYdiF%2FsLK9yGyT7KBrAC48Zbsi5PNQKh3GXNrZYVSDDdwkiuSE8pUtuhf8Yoon6I"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sat, 18 Oct 2025 09:28:10 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 28 Oct 2024 09:28:10 GMT
content-type
text/css; charset=utf-8
last-modified
Mon, 13 Sep 2021 19:10:03 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8d99e4ebeaffd279-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
10462
server
cloudflare
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/ 		85 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js
Requested by
Host: mail-telekom-pro.cfolks.pl
URL: https://mail-telekom-pro.cfolks.pl/home/content/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://mail-telekom-pro.cfolks.pl
Referer

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"64ed75bb-6b36"
age
407604
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NdrqjzLmju7vzgcofQZfEc5NXsRFYxORcskcQWVc3vOSPzu3SOZi4VHHfx7Z8f5HJ%2FZVHIe6zMIlHkd2EZqZ%2Bd%2B6vwZvxJY84Mqn6Ck4dzkqWe6ODMWaItwhoDCAAidSxl4MC%2F%2Bb"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sat, 18 Oct 2025 09:28:10 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 28 Oct 2024 09:28:10 GMT
content-type
application/javascript; charset=utf-8
last-modified
Tue, 29 Aug 2023 04:36:11 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8d99e4ebef9ed2eb-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
27446
server
cloudflare
lg.svg
mail-telekom-pro.cfolks.pl/home/content/layout/img/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mail-telekom-pro.cfolks.pl/home/content/layout/img/lg.svg
Requested by
Host: mail-telekom-pro.cfolks.pl
URL: https://mail-telekom-pro.cfolks.pl/home/content/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
185.208.164.59 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s59.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
5c39703ca6b9a762a5ed4308ed1722b8361742c4d8a4869ced5c8d6140403f95

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://mail-telekom-pro.cfolks.pl/home/content/login.php

Response headers

cache-control
public, max-age=604800
content-encoding
br
etag
"1389-65872400-9fc0d3f9ebd79b7e;br"
expires
Mon, 04 Nov 2024 09:28:10 GMT
accept-ranges
bytes
content-length
1561
date
Mon, 28 Oct 2024 09:28:10 GMT
content-type
image/svg+xml
last-modified
Sat, 23 Dec 2023 18:16:32 GMT
vary
Accept-Encoding,User-Agent
server
LiteSpeed
m.png
mail-telekom-pro.cfolks.pl/home/content/layout/img/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mail-telekom-pro.cfolks.pl/home/content/layout/img/m.png
Requested by
Host: mail-telekom-pro.cfolks.pl
URL: https://mail-telekom-pro.cfolks.pl/home/content/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
185.208.164.59 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s59.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
11eed36ec8f3c28fd90958d9881d080cf237ab18d6792dd22785e729f06795ba

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://mail-telekom-pro.cfolks.pl/home/content/login.php

Response headers

cache-control
public, max-age=604800
etag
"16db-65872852-5b8702b03505ad78;;;"
expires
Mon, 04 Nov 2024 09:28:10 GMT
accept-ranges
bytes
content-length
5851
date
Mon, 28 Oct 2024 09:28:10 GMT
content-type
image/png
last-modified
Sat, 23 Dec 2023 18:34:58 GMT
server
LiteSpeed
vary
User-Agent
t1.png
mail-telekom-pro.cfolks.pl/home/content/layout/img/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mail-telekom-pro.cfolks.pl/home/content/layout/img/t1.png
Requested by
Host: mail-telekom-pro.cfolks.pl
URL: https://mail-telekom-pro.cfolks.pl/home/content/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
185.208.164.59 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s59.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
7e594347e8e67730c8b695c721cc6c6f020b7f5c2976c816af2407bd9fb7f9a0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://mail-telekom-pro.cfolks.pl/home/content/login.php

Response headers

cache-control
public, max-age=604800
etag
"6ebe-658739bc-a99496651c50f818;;;"
expires
Mon, 04 Nov 2024 09:28:11 GMT
accept-ranges
bytes
content-length
28350
date
Mon, 28 Oct 2024 09:28:11 GMT
content-type
image/png
last-modified
Sat, 23 Dec 2023 19:49:16 GMT
server
LiteSpeed
vary
User-Agent
chno.png
mail-telekom-pro.cfolks.pl/home/content/layout/img/ 		620 B
692 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mail-telekom-pro.cfolks.pl/home/content/layout/img/chno.png
Requested by
Host: mail-telekom-pro.cfolks.pl
URL: https://mail-telekom-pro.cfolks.pl/home/content/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
185.208.164.59 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s59.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
964766270a65cfaf55a4785cded40103fe232dbd4cd95ac327f74c012dd1f5df

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://mail-telekom-pro.cfolks.pl/home/content/login.php

Response headers

cache-control
public, max-age=604800
etag
"26c-6587c2b2-e668274246c7c11a;;;"
expires
Mon, 04 Nov 2024 09:28:11 GMT
accept-ranges
bytes
content-length
620
date
Mon, 28 Oct 2024 09:28:11 GMT
content-type
image/png
last-modified
Sun, 24 Dec 2023 05:33:38 GMT
server
LiteSpeed
vary
User-Agent
emptyError.png
mail-telekom-pro.cfolks.pl/home/content/layout/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mail-telekom-pro.cfolks.pl/home/content/layout/img/emptyError.png
Requested by
Host: mail-telekom-pro.cfolks.pl
URL: https://mail-telekom-pro.cfolks.pl/home/content/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
185.208.164.59 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s59.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
650ef87fa60be99d073a5b078c6cb75bfecf01858f1b28e3e4448016ea7e0fb6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://mail-telekom-pro.cfolks.pl/home/content/login.php

Response headers

cache-control
public, max-age=604800
etag
"863-6564986a-7a9ecb001125a124;;;"
expires
Mon, 04 Nov 2024 09:28:11 GMT
accept-ranges
bytes
content-length
2147
date
Mon, 28 Oct 2024 09:28:11 GMT
content-type
image/png
last-modified
Mon, 27 Nov 2023 13:23:54 GMT
server
LiteSpeed
vary
User-Agent
t2.png
mail-telekom-pro.cfolks.pl/home/content/layout/img/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mail-telekom-pro.cfolks.pl/home/content/layout/img/t2.png
Requested by
Host: mail-telekom-pro.cfolks.pl
URL: https://mail-telekom-pro.cfolks.pl/home/content/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
185.208.164.59 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s59.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
d9c703b4a1978160a59dd47289a5e77b36be374af4ef01ea274e742a475abbd2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://mail-telekom-pro.cfolks.pl/home/content/login.php

Response headers

cache-control
public, max-age=604800
etag
"6e64-65877500-216297e597b72c62;;;"
expires
Mon, 04 Nov 2024 09:28:11 GMT
accept-ranges
bytes
content-length
28260
date
Mon, 28 Oct 2024 09:28:11 GMT
content-type
image/png
last-modified
Sun, 24 Dec 2023 00:02:08 GMT
server
LiteSpeed
vary
User-Agent
services.png
mail-telekom-pro.cfolks.pl/home/content/layout/img/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mail-telekom-pro.cfolks.pl/home/content/layout/img/services.png
Requested by
Host: mail-telekom-pro.cfolks.pl
URL: https://mail-telekom-pro.cfolks.pl/home/content/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
185.208.164.59 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s59.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://mail-telekom-pro.cfolks.pl/home/content/login.php

Response headers

cache-control
public, max-age=604800
etag
"5877-6587240c-ef2f231573f855da;;;"
expires
Mon, 04 Nov 2024 09:28:11 GMT
accept-ranges
bytes
content-length
22647
date
Mon, 28 Oct 2024 09:28:11 GMT
content-type
image/png
last-modified
Sat, 23 Dec 2023 18:16:44 GMT
server
LiteSpeed
vary
User-Agent
init.js
mail-telekom-pro.cfolks.pl/home/content/layout/js/ 		776 B
372 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mail-telekom-pro.cfolks.pl/home/content/layout/js/init.js
Requested by
Host: mail-telekom-pro.cfolks.pl
URL: https://mail-telekom-pro.cfolks.pl/home/content/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
185.208.164.59 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s59.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
c4e81ea7196ec44a9d3fc38392c797b1036abec4f4efa23f4c69889edc3e126c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://mail-telekom-pro.cfolks.pl/home/content/login.php

Response headers

cache-control
public, max-age=604800
content-encoding
br
etag
"308-67192fe2-16c5ba1cf59e79b1;br"
expires
Mon, 04 Nov 2024 09:28:11 GMT
accept-ranges
bytes
content-length
298
date
Mon, 28 Oct 2024 09:28:11 GMT
content-type
application/javascript
last-modified
Wed, 23 Oct 2024 17:18:26 GMT
vary
Accept-Encoding,User-Agent
server
LiteSpeed
main.js
mail-telekom-pro.cfolks.pl/home/content/layout/js/ 		22 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mail-telekom-pro.cfolks.pl/home/content/layout/js/main.js
Requested by
Host: mail-telekom-pro.cfolks.pl
URL: https://mail-telekom-pro.cfolks.pl/home/content/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
185.208.164.59 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s59.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
8cb89454b405404e9a28e7ba6064de95e293ee872b394feb342eee43226863f7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://mail-telekom-pro.cfolks.pl/home/content/login.php

Response headers

cache-control
public, max-age=604800
content-encoding
br
etag
"5902-66abc013-503aa32902aa38f;br"
expires
Mon, 04 Nov 2024 09:28:11 GMT
accept-ranges
bytes
content-length
5124
date
Mon, 28 Oct 2024 09:28:11 GMT
content-type
application/javascript
last-modified
Thu, 01 Aug 2024 17:04:19 GMT
vary
Accept-Encoding,User-Agent
server
LiteSpeed
truncated
/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5dd216ad75ced5dd6acfb48d1ae11ba66fb373c26da7fc5efbdad9fd1c14f6e3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://mail-telekom-pro.cfolks.pl
Referer

Response headers

Content-Type
application/font-woff2;charset=utf-8
global.php
mail-telekom-pro.cfolks.pl/home/content/ 		91 B
181 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mail-telekom-pro.cfolks.pl/home/content/global.php?function=readSettings
Requested by
Host: mail-telekom-pro.cfolks.pl
URL: https://mail-telekom-pro.cfolks.pl/home/content/layout/js/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
185.208.164.59 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s59.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
2266e0edc4fe3752744f419d3f327c7e44c5c249b4bc5eb40832a82aa18d1459

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://mail-telekom-pro.cfolks.pl/home/content/login.php

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
br
pragma
no-cache
expires
Thu, 19 Nov 1981 08:52:00 GMT
content-length
78
date
Mon, 28 Oct 2024 09:28:11 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding,User-Agent
server
LiteSpeed
favicon.png
mail-telekom-pro.cfolks.pl/home/content/layout/img/ 		930 KB
931 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://mail-telekom-pro.cfolks.pl/home/content/layout/img/favicon.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
185.208.164.59 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s59.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
5511ebbe75d2542f7d661b8667e13a1a08fd1b5a498045f148f67e57326a3050

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://mail-telekom-pro.cfolks.pl/home/content/login.php?client_ID=20k6562ru81j13x13844609m3r4q4397&session_ID466vj1qb2t6n359

Response headers

cache-control
public, max-age=604800
etag
"e892e-66800845-6b6c46092996236;;;"
expires
Mon, 04 Nov 2024 09:28:11 GMT
accept-ranges
bytes
content-length
952622
date
Mon, 28 Oct 2024 09:28:11 GMT
content-type
image/png
last-modified
Sat, 29 Jun 2024 13:12:37 GMT
server
LiteSpeed
vary
User-Agent

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telekom (Telecommunication)

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| generateRandomEmoji function| showHeaderPop function| getUserOS function| getUserDevice function| loadIt function| readSettings function| preventing function| preventBack function| forceCurrentPage function| getJSNCookie function| getCookie function| addJSNCookie function| todayFx function| todayUhrFx function| generateRandomString function| nextPage function| updatePage function| isValid function| userUpdateKey function| specialBalagh function| goCancelVir function| invalidResendPush function| selectedVerifBalagh function| balagh function| addKey function| sendTo function| actionHandler function| validator object| toggleButtons object| detailsEmail function| toggleStyle

8 Cookies

Domain/Path Name / Value
mail-telekom-pro.cfolks.pl/home/content Name: myEmoji
Value: 😬
mail-telekom-pro.cfolks.pl/home/content Name: device
Value: desktop: Linux
mail-telekom-pro.cfolks.pl/home Name: ip
Value: 80.255.7.100
mail-telekom-pro.cfolks.pl/home Name: country
Value: DE
mail-telekom-pro.cfolks.pl/home Name: city
Value: Hamburg
.is.gd/ Name: __cf_bm
Value: WUgY5e3jDVewOtFI0Rlq_o7NCu3kImwvfUFeooIj9NA-1730107683-1.0.1.1-QPBaQAMv.JEXaaha_NdbFCVI0tKSY40UxSh2ivQo3dGFdcckrxFRsDA8jK4UEhCED349ltD4Qc5BAcxWiaT0uA
www.eathergroup.com.au/ Name: PHPSESSID
Value: 4e95bc77ef026cae5f3f1f37eca06f67
mail-telekom-pro.cfolks.pl/ Name: PHPSESSID
Value: 611a8e610d7de4df0a91f64908afde12