saacommodation.za.net Open in urlscan Pro
192.185.12.234 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://saacommodation.za.net/vv/Teleko-composers/login.php?&SERVID=Service_Login_&_Authentication=41a4084b5dcd4143d4249618bcf...
Submission: On October 04 via api (October 4th 2022, 7:53:29 am UTC) from JP — Scanned from JP

Summary HTTP 19 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 19 HTTP transactions. The main IP is 192.185.12.234, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is saacommodation.za.net.
TLS certificate: Issued by R3 on September 21st 2022. Valid for: 3 months.

This is the only time saacommodation.za.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telekom (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
8	192.185.12.234 192.185.12.234	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	2a02:cbf7::62... 2a02:cbf7::62:138:238:39	61157 (PLUSSERVE...) (PLUSSERVER-ASN1)
10	2003:2:2:140:... 2003:2:2:140:62:157:140:200	3320 (DTAG Inte...) (DTAG Internet service provider operations)
19	3

8 192.185.12.234 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-12-234.unifiedlayer.com

saacommodation.za.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:cbf7::62:138:238:39 (Germany)

ASN61157 (PLUSSERVER-ASN1, DE)

login.t-online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2003:2:2:140:62:157:140:200 (Germany)

ASN3320 (DTAG Internet service provider operations, DE)

accounts.login.idm.telekom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	telekom.com accounts.login.idm.telekom.com — Cisco Umbrella Rank: 52704
8	za.net saacommodation.za.net	138 KB
1	t-online.de login.t-online.de — Cisco Umbrella Rank: 74205	6 KB
19	3

	Domain	Requested by
10	accounts.login.idm.telekom.com	saacommodation.za.net
8	saacommodation.za.net	saacommodation.za.net
1	login.t-online.de	saacommodation.za.net
19	3

This site contains links to these domains. Also see Links.

Domain
www.telekom.de

Subject Issuer	Validity	Valid
*.saacommodation.za.net R3	`2022-09-21` - `2022-12-20`	3 months	crt.sh
login.t-online.de TeleSec ServerPass Class 2 CA	`2022-01-10` - `2023-01-14`	a year	crt.sh
accounts.login.idm.telekom.com TeleSec ServerPass Extended Validation Class 3 CA	`2022-08-12` - `2023-08-16`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://saacommodation.za.net/vv/Teleko-composers/login.php?&SERVID=Service_Login_&_Authentication=41a4084b5dcd4143d4249618bcf098870fcad6f389a4c19268a2210aeb5e30e6fbd3f139ae4822816dcedf47c8a639a45e67521efc336da6b6030175
Frame ID: EFF8AAF60E120820D83DFA405CDAA6C0
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telekom Login

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

144 kB
Transfer

332 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.telekom.de/datenschutzhinweise/download/026.pdf
Title: hier

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request login.php Show response
saacommodation.za.net/vv/Teleko-composers/ 8 KB
3 KB 1434ms
681ms Document
text/html 192.185.12.234
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://saacommodation.za.net/vv/Teleko-composers/login.php?&SERVID=Service_Login_&_Authentication=41a4084b5dcd4143d4249618bcf098870fcad6f389a4c19268a2210aeb5e30e6fbd3f139ae4822816dcedf47c8a639a45e67521efc336da6b6030175
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.12.234 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-12-234.unifiedlayer.com
Software: Apache /
Resource Hash: ade110571924954ac78b7b91a1fff0882d4e1c4e39aa8cbe7f332aa76e4a5b86

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 2624
content-type: text/html; charset=UTF-8
date: Tue, 04 Oct 2022 07:53:22 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
vary: Accept-Encoding

GET
H2 200 components.min.css
saacommodation.za.net/vv/Teleko-composers/assets/ 99 KB
26 KB 283ms
283ms Stylesheet
text/css 192.185.12.234
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://saacommodation.za.net/vv/Teleko-composers/assets/components.min.css
Requested by: Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/login.php?&SERVID=Service_Login_&_Authentication=41a4084b5dcd4143d4249618bcf098870fcad6f389a4c19268a2210aeb5e30e6fbd3f139ae4822816dcedf47c8a639a45e67521efc336da6b6030175
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.12.234 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-12-234.unifiedlayer.com
Software: Apache /
Resource Hash: 61524aa76330a1046312d9641fa9230e6c7f9c21bac2d0aaa4150d59c10079bf

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://saacommodation.za.net/vv/Teleko-composers/login.php?&SERVID=Service_Login_&_Authentication=41a4084b5dcd4143d4249618bcf098870fcad6f389a4c19268a2210aeb5e30e6fbd3f139ae4822816dcedf47c8a639a45e67521efc336da6b6030175
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 07:53:23 GMT
content-encoding: gzip
last-modified: Mon, 14 Oct 2019 06:04:58 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 login-20.26.0.css
saacommodation.za.net/vv/Teleko-composers/assets/ 14 KB
4 KB 148ms
147ms Stylesheet
text/css 192.185.12.234
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://saacommodation.za.net/vv/Teleko-composers/assets/login-20.26.0.css
Requested by: Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/login.php?&SERVID=Service_Login_&_Authentication=41a4084b5dcd4143d4249618bcf098870fcad6f389a4c19268a2210aeb5e30e6fbd3f139ae4822816dcedf47c8a639a45e67521efc336da6b6030175
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.12.234 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-12-234.unifiedlayer.com
Software: Apache /
Resource Hash: 638b895638b74a68f11696db4b1210e91fdd0219307d8e2263bbd519f90565a6

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://saacommodation.za.net/vv/Teleko-composers/login.php?&SERVID=Service_Login_&_Authentication=41a4084b5dcd4143d4249618bcf098870fcad6f389a4c19268a2210aeb5e30e6fbd3f139ae4822816dcedf47c8a639a45e67521efc336da6b6030175
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 07:53:23 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 01:58:34 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 4030

GET
H2 200 jquery-3.2.1.min.js Show response
saacommodation.za.net/vv/Teleko-composers/assets/ 85 KB
37 KB 150ms
149ms Script
application/javascript 192.185.12.234
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://saacommodation.za.net/vv/Teleko-composers/assets/jquery-3.2.1.min.js
Requested by: Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/login.php?&SERVID=Service_Login_&_Authentication=41a4084b5dcd4143d4249618bcf098870fcad6f389a4c19268a2210aeb5e30e6fbd3f139ae4822816dcedf47c8a639a45e67521efc336da6b6030175
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.12.234 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-12-234.unifiedlayer.com
Software: Apache /
Resource Hash: d3a518dea876de39f9e5dc1ffcdeb6c661aee25d8a62474386b664ef3bf1b40f

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://saacommodation.za.net/vv/Teleko-composers/login.php?&SERVID=Service_Login_&_Authentication=41a4084b5dcd4143d4249618bcf098870fcad6f389a4c19268a2210aeb5e30e6fbd3f139ae4822816dcedf47c8a639a45e67521efc336da6b6030175
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 07:53:23 GMT
content-encoding: gzip
last-modified: Mon, 14 Oct 2019 06:14:16 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 components.min.js Show response
saacommodation.za.net/vv/Teleko-composers/assets/ 76 KB
30 KB 420ms
419ms Script
application/javascript 192.185.12.234
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://saacommodation.za.net/vv/Teleko-composers/assets/components.min.js
Requested by: Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/login.php?&SERVID=Service_Login_&_Authentication=41a4084b5dcd4143d4249618bcf098870fcad6f389a4c19268a2210aeb5e30e6fbd3f139ae4822816dcedf47c8a639a45e67521efc336da6b6030175
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.12.234 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-12-234.unifiedlayer.com
Software: Apache /
Resource Hash: 42d274b3c3f7c6565c2f3cc9b009770f143ceca121b91bc25f844f7040f18c94

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://saacommodation.za.net/vv/Teleko-composers/login.php?&SERVID=Service_Login_&_Authentication=41a4084b5dcd4143d4249618bcf098870fcad6f389a4c19268a2210aeb5e30e6fbd3f139ae4822816dcedf47c8a639a45e67521efc336da6b6030175
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 07:53:23 GMT
content-encoding: gzip
last-modified: Mon, 14 Oct 2019 06:14:48 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 login.js Show response
saacommodation.za.net/vv/Teleko-composers/assets/ 11 KB
4 KB 147ms
147ms Script
application/javascript 192.185.12.234
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://saacommodation.za.net/vv/Teleko-composers/assets/login.js
Requested by: Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/login.php?&SERVID=Service_Login_&_Authentication=41a4084b5dcd4143d4249618bcf098870fcad6f389a4c19268a2210aeb5e30e6fbd3f139ae4822816dcedf47c8a639a45e67521efc336da6b6030175
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.12.234 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-12-234.unifiedlayer.com
Software: Apache /
Resource Hash: 8fb4dacc85198fcdab2b59b4b744d2c125a79e0ffd39f34cfe2593bfbd2ddea0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://saacommodation.za.net/vv/Teleko-composers/login.php?&SERVID=Service_Login_&_Authentication=41a4084b5dcd4143d4249618bcf098870fcad6f389a4c19268a2210aeb5e30e6fbd3f139ae4822816dcedf47c8a639a45e67521efc336da6b6030175
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 07:53:23 GMT
content-encoding: gzip
last-modified: Mon, 14 Oct 2019 06:14:56 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 3491

GET
H/1.1 200
OK t-online-logo-29112019.png
login.t-online.de/stats/ 6 KB
6 KB 1659ms
259ms Image
image/png 2a02:cbf7::62:138:238:39
PLUSSERVER-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login.t-online.de/stats/t-online-logo-29112019.png
Requested by: Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/login.php?&SERVID=Service_Login_&_Authentication=41a4084b5dcd4143d4249618bcf098870fcad6f389a4c19268a2210aeb5e30e6fbd3f139ae4822816dcedf47c8a639a45e67521efc336da6b6030175
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:cbf7::62:138:238:39 , Germany, ASN61157 (PLUSSERVER-ASN1, DE),
Reverse DNS
Software: / Express
Resource Hash: 11eed36ec8f3c28fd90958d9881d080cf237ab18d6792dd22785e729f06795ba

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://saacommodation.za.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Tue, 04 Oct 2022 07:31:18 GMT
Last-Modified: Mon, 12 Sep 2022 07:44:54 GMT
X-Amz-Cf-Pop: DUS51-P1
Age: 1325
X-Powered-By: Express
ETag: W/"16db-18330a884f0"
X-Cache: Miss from cloudfront
Content-Type: image/png
Cache-Control: public, max-age=1800
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Id: UIEqH6tN7-YZZnmTB24r2pZsqZkpyD4BoKkLEVA0p-e9gMHEDFyTpg==
Content-Length: 5851

GET
H2 200 services.png
saacommodation.za.net/vv/Teleko-composers/assets/ 22 KB
22 KB 143ms
143ms Image
image/png 192.185.12.234
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://saacommodation.za.net/vv/Teleko-composers/assets/services.png
Requested by: Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/login.php?&SERVID=Service_Login_&_Authentication=41a4084b5dcd4143d4249618bcf098870fcad6f389a4c19268a2210aeb5e30e6fbd3f139ae4822816dcedf47c8a639a45e67521efc336da6b6030175
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.12.234 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-12-234.unifiedlayer.com
Software: Apache /
Resource Hash: 14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://saacommodation.za.net/vv/Teleko-composers/login.php?&SERVID=Service_Login_&_Authentication=41a4084b5dcd4143d4249618bcf098870fcad6f389a4c19268a2210aeb5e30e6fbd3f139ae4822816dcedf47c8a639a45e67521efc336da6b6030175
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 07:53:23 GMT
last-modified: Mon, 14 Oct 2019 05:54:26 GMT
server: Apache
accept-ranges: bytes
content-length: 22647
content-type: image/png

GET
H2 404 teleicon-outline.woff
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ 0
0 1021ms
248ms Font
text/html 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/teleicon-outline.woff

Requested by

Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/assets/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://saacommodation.za.net/
Origin: https://saacommodation.za.net
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 04 Oct 2022 07:53:24 GMT
sh: a5b6a809f8ccc6e37f4f15b5c801eaf3
last-modified: Wed, 29 Aug 2018 04:46:05 GMT
server: Apache
etag: "f1c-5748ba2e4f477"
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://saacommodation.za.net
content-type: text/html; charset=utf-8
accept-ranges: bytes
content-length: 3868

GET
H2 404 telegroteskscreen-ultra.woff
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ 0
0 1020ms
247ms Font
text/html 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/telegroteskscreen-ultra.woff

Requested by

Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/assets/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://saacommodation.za.net/
Origin: https://saacommodation.za.net
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 04 Oct 2022 07:53:24 GMT
sh: a5b6a809f8ccc6e37f4f15b5c801eaf3
last-modified: Wed, 29 Aug 2018 04:46:05 GMT
server: Apache
etag: "f1c-5748ba2e4f477"
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://saacommodation.za.net
content-type: text/html; charset=utf-8
accept-ranges: bytes
content-length: 3868

GET
H2 404 telegroteskscreen-regular.woff
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ 0
0 1021ms
248ms Font
text/html 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/telegroteskscreen-regular.woff

Requested by

Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/assets/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://saacommodation.za.net/
Origin: https://saacommodation.za.net
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 04 Oct 2022 07:53:24 GMT
sh: a5b6a809f8ccc6e37f4f15b5c801eaf3
last-modified: Wed, 29 Aug 2018 04:46:05 GMT
server: Apache
etag: "f1c-5748ba2e4f477"
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://saacommodation.za.net
content-type: text/html; charset=utf-8
accept-ranges: bytes
content-length: 3868

GET
H2 404 telegroteskscreen-thin.woff
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ 0
0 1022ms
249ms Font
text/html 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/telegroteskscreen-thin.woff

Requested by

Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/assets/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://saacommodation.za.net/
Origin: https://saacommodation.za.net
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 04 Oct 2022 07:53:24 GMT
sh: a5b6a809f8ccc6e37f4f15b5c801eaf3
last-modified: Wed, 29 Aug 2018 04:46:05 GMT
server: Apache
etag: "f1c-5748ba2e4f477"
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://saacommodation.za.net
content-type: text/html; charset=utf-8
accept-ranges: bytes
content-length: 3868

GET
H2 404 teleicon-ui.woff
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ 0
0 1022ms
249ms Font
text/html 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/teleicon-ui.woff

Requested by

Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/assets/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://saacommodation.za.net/
Origin: https://saacommodation.za.net
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 04 Oct 2022 07:53:24 GMT
sh: a5b6a809f8ccc6e37f4f15b5c801eaf3
last-modified: Wed, 29 Aug 2018 04:46:05 GMT
server: Apache
etag: "f1c-5748ba2e4f477"
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://saacommodation.za.net
content-type: text/html; charset=utf-8
accept-ranges: bytes
content-length: 3868

GET
H2 404 data_protection.svg
saacommodation.za.net/static/factorx/vdplus/images/ 12 KB
12 KB 146ms
146ms Image
text/html 192.185.12.234
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://saacommodation.za.net/static/factorx/vdplus/images/data_protection.svg
Requested by: Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/assets/login-20.26.0.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.12.234 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-12-234.unifiedlayer.com
Software: Apache /
Resource Hash: bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://saacommodation.za.net/vv/Teleko-composers/assets/login-20.26.0.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 07:53:23 GMT
content-encoding: gzip
last-modified: Tue, 23 Apr 2019 06:44:30 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
accept-ranges: bytes
content-length: 4677

GET
H2 404 teleicon-outline.ttf
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ 0
0 248ms
247ms Font
text/html 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/teleicon-outline.ttf

Requested by

Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/assets/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://saacommodation.za.net/
Origin: https://saacommodation.za.net
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 04 Oct 2022 07:53:24 GMT
sh: a5b6a809f8ccc6e37f4f15b5c801eaf3
last-modified: Wed, 29 Aug 2018 04:46:05 GMT
server: Apache
etag: "f1c-5748ba2e4f477"
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://saacommodation.za.net
content-type: text/html; charset=utf-8
accept-ranges: bytes
content-length: 3868

GET
H2 404 telegroteskscreen-regular.ttf
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ 0
0 248ms
248ms Font
text/html 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/telegroteskscreen-regular.ttf

Requested by

Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/assets/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://saacommodation.za.net/
Origin: https://saacommodation.za.net
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 04 Oct 2022 07:53:24 GMT
sh: a5b6a809f8ccc6e37f4f15b5c801eaf3
last-modified: Wed, 29 Aug 2018 04:46:05 GMT
server: Apache
etag: "f1c-5748ba2e4f477"
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://saacommodation.za.net
content-type: text/html; charset=utf-8
accept-ranges: bytes
content-length: 3868

GET
H2 404 telegroteskscreen-ultra.ttf
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ 0
0 247ms
246ms Font
text/html 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/telegroteskscreen-ultra.ttf

Requested by

Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/assets/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://saacommodation.za.net/
Origin: https://saacommodation.za.net
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 04 Oct 2022 07:53:24 GMT
sh: a5b6a809f8ccc6e37f4f15b5c801eaf3
last-modified: Wed, 29 Aug 2018 04:46:05 GMT
server: Apache
etag: "f1c-5748ba2e4f477"
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://saacommodation.za.net
content-type: text/html; charset=utf-8
accept-ranges: bytes
content-length: 3868

GET
H2 404 telegroteskscreen-thin.ttf
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ 0
0 247ms
247ms Font
text/html 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/telegroteskscreen-thin.ttf

Requested by

Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/assets/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://saacommodation.za.net/
Origin: https://saacommodation.za.net
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 04 Oct 2022 07:53:24 GMT
sh: a5b6a809f8ccc6e37f4f15b5c801eaf3
last-modified: Wed, 29 Aug 2018 04:46:05 GMT
server: Apache
etag: "f1c-5748ba2e4f477"
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://saacommodation.za.net
content-type: text/html; charset=utf-8
accept-ranges: bytes
content-length: 3868

GET
H2 404 teleicon-ui.ttf
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ 0
0 251ms
251ms Font
text/html 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/teleicon-ui.ttf

Requested by

Host: saacommodation.za.net
URL: https://saacommodation.za.net/vv/Teleko-composers/assets/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://saacommodation.za.net/
Origin: https://saacommodation.za.net
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 04 Oct 2022 07:53:24 GMT
sh: a5b6a809f8ccc6e37f4f15b5c801eaf3
last-modified: Wed, 29 Aug 2018 04:46:05 GMT
server: Apache
etag: "f1c-5748ba2e4f477"
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://saacommodation.za.net
content-type: text/html; charset=utf-8
accept-ranges: bytes
content-length: 3868

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telekom (Telecommunication)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			saacommodation.za.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: 4444c4335fb95ac61a86f47fa9373164

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://saacommodation.za.net/static/factorx/vdplus/images/data_protection.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/teleicon-outline.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/telegroteskscreen-regular.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/telegroteskscreen-ultra.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/telegroteskscreen-thin.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/teleicon-ui.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/teleicon-outline.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/telegroteskscreen-regular.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/telegroteskscreen-ultra.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/telegroteskscreen-thin.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/teleicon-ui.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.login.idm.telekom.com
login.t-online.de
saacommodation.za.net
192.185.12.234
2003:2:2:140:62:157:140:200
2a02:cbf7::62:138:238:39
11eed36ec8f3c28fd90958d9881d080cf237ab18d6792dd22785e729f06795ba
14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22
42d274b3c3f7c6565c2f3cc9b009770f143ceca121b91bc25f844f7040f18c94
61524aa76330a1046312d9641fa9230e6c7f9c21bac2d0aaa4150d59c10079bf
638b895638b74a68f11696db4b1210e91fdd0219307d8e2263bbd519f90565a6
8fb4dacc85198fcdab2b59b4b744d2c125a79e0ffd39f34cfe2593bfbd2ddea0
ade110571924954ac78b7b91a1fff0882d4e1c4e39aa8cbe7f332aa76e4a5b86
bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482
d3a518dea876de39f9e5dc1ffcdeb6c661aee25d8a62474386b664ef3bf1b40f

saacommodation.za.net Open in urlscan Pro 192.185.12.234 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

144 kBTransfer

332 kBSize

1 Cookies

1 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

1 Cookies

11 Console Messages

Indicators

saacommodation.za.net Open in urlscan Pro
192.185.12.234 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

144 kB
Transfer

332 kB
Size

1
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!