RST Threat feed. IOC: http://wansfordcosmetic.co.uk/wp-admin/js/tonline/tonline/usrs.php?uri=https://accounts.login.idm.telekom.com/oauth2/auth?scope=openid&claims={%22id_token%22:{%22urn:telekom.com:all%22:{%22essential%22:true}}}&response_type=code&redirect_uri=https://account.idm.telekom.com/account-manager/openid_connect_login&state=36184e7e08e66&logout_uri=https://account.idm.telekom.com/account-manager/logout&nonce=563d9372867c&client_id=10livesam30000004901am200000000000000000

2021-05-12T00:00:00
ID RST:37F6ADCD-EFD4-37B6-A54B-8023938B71D6
Type rst
Reporter RST Threat Feed
Modified 2021-05-12T00:00:00

Description

Found http://wansfordcosmetic[.]co.uk/wp-admin/js/tonline/tonline/usrs.php?uri=https://accounts.login.idm.telekom.com/oauth2/auth?scope=openid&claims={%22id_token%22:{%22urn:telekom.com:all%22:{%22essential%22:true}}}&response_type=code&redirect_uri=https://account.idm.telekom.com/account-manager/openid_connect_login&state=36184e7e08e66&logout_uri=https://account.idm.telekom.com/account-manager/logout&nonce=563d9372867c&client_id=10livesam30000004901am200000000000000000 in RST Threat Feed with score 16. First seen: 2021-05-12T03:00:00, Last seen: 2021-05-12T03:00:00. IOC tags: phishing. IOC could be a False Positive (Resource unavailable). https://rstcloud.net/