honeyfm.lk
Open in
urlscan Pro
104.21.35.247
Malicious Activity!
Public Scan
Effective URL: https://honeyfm.lk/tonline/tonline/usrs.php?uri=https://accounts.login.idm.telekom.com/oauth2/auth?scope=openid&cla...
Submission: On October 26 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 5th 2021. Valid for: a year.
This is the only time honeyfm.lk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telekom (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 9 | 104.21.35.247 104.21.35.247 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 80.82.200.32 80.82.200.32 | 48173 (UNBELIEVA...) (UNBELIEVABLE-AS) | |
10 | 62.157.140.200 62.157.140.200 | 3320 (DTAG Inte...) (DTAG Internet service provider operations) | |
19 | 3 |
ASN48173 (UNBELIEVABLE-AS, DE)
PTR: app-adcert01.unbelievable-machine.net
xdn-ttp.de |
ASN3320 (DTAG Internet service provider operations, DE)
PTR: accounts.login.idm.telekom.com
accounts.login.idm.telekom.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
telekom.com
accounts.login.idm.telekom.com |
|
9 |
honeyfm.lk
1 redirects
honeyfm.lk |
87 KB |
1 |
xdn-ttp.de
xdn-ttp.de |
343 B |
19 | 3 |
Domain | Requested by | |
---|---|---|
10 | accounts.login.idm.telekom.com |
honeyfm.lk
|
9 | honeyfm.lk |
1 redirects
honeyfm.lk
|
1 | xdn-ttp.de |
honeyfm.lk
|
19 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
meinkonto.telekom-dienste.de |
www.telekom.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-07-05 - 2022-07-04 |
a year | crt.sh |
*.xdn-ttp.de Sectigo RSA Organization Validation Secure Server CA |
2020-12-10 - 2022-01-10 |
a year | crt.sh |
accounts.login.idm.telekom.com TeleSec ServerPass Extended Validation Class 3 CA |
2021-09-10 - 2022-09-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://honeyfm.lk/tonline/tonline/usrs.php?uri=https://accounts.login.idm.telekom.com/oauth2/auth?scope=openid&claims=%7B%22id_token%22%3A%7B%22urn%3Atelekom.com%3Aall%22%3A%7B%22essential%22%3Atrue%7D%7D%7D&response_type=code&redirect_uri=https%3A%2F%2Faccount.idm.telekom.com%2Faccount-manager%2Fopenid_connect_login&state=36184e7e08e66&logout_uri=https%3A%2F%2Faccount.idm.telekom.com%2Faccount-manager%2Flogout&nonce=563d9372867c&client_id=10LIVESAM30000004901AM200000000000000000
Frame ID: 10F0CC329C80B6DF33F3576036905E3E
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
Telekom LoginPage URL History Show full URLs
-
https://honeyfm.lk/tonline/tonline/index.php
HTTP 302
https://honeyfm.lk/tonline/tonline/usrs.php?uri=https://accounts.login.idm.telekom.com/oauth2/a... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Benutzername vergessen?
Search URL Search Domain Scan URL
Title: Brauchen Sie Hilfe?
Search URL Search Domain Scan URL
Title: Hier informieren über VERIMI
Search URL Search Domain Scan URL
Title: Impressum
Search URL Search Domain Scan URL
Title: Datenschutz
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://honeyfm.lk/tonline/tonline/index.php
HTTP 302
https://honeyfm.lk/tonline/tonline/usrs.php?uri=https://accounts.login.idm.telekom.com/oauth2/auth?scope=openid&claims=%7B%22id_token%22%3A%7B%22urn%3Atelekom.com%3Aall%22%3A%7B%22essential%22%3Atrue%7D%7D%7D&response_type=code&redirect_uri=https%3A%2F%2Faccount.idm.telekom.com%2Faccount-manager%2Fopenid_connect_login&state=36184e7e08e66&logout_uri=https%3A%2F%2Faccount.idm.telekom.com%2Faccount-manager%2Flogout&nonce=563d9372867c&client_id=10LIVESAM30000004901AM200000000000000000 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
usrs.php
honeyfm.lk/tonline/tonline/ Redirect Chain
|
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
components.min.css
honeyfm.lk/tonline/tonline/ |
99 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
login.css
honeyfm.lk/tonline/tonline/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery-3.2.1.min.js
honeyfm.lk/tonline/tonline/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
components.min.js
honeyfm.lk/tonline/tonline/ |
76 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
login.js
honeyfm.lk/tonline/tonline/ |
12 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
header.PNG
honeyfm.lk/tonline/tonline/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
import-event-0746
xdn-ttp.de/lns/ |
0 343 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
auth
accounts.login.idm.telekom.com/oauth2/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
services.png
accounts.login.idm.telekom.com/static/factorx/vdplus/images/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
data_protection.svg
honeyfm.lk/tonline/images/ |
746 B 746 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telegroteskscreen-bold.woff
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telegroteskscreen-thin.woff
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telegroteskscreen-regular.woff
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
teleicon-ui.woff
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telegroteskscreen-bold.ttf
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telegroteskscreen-thin.ttf
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
teleicon-ui.ttf
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telegroteskscreen-regular.ttf
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telekom (Telecommunication)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster boolean| accountLocked boolean| accountLockedPermanent number| accountLockExpiration boolean| loginFailed function| $ function| jQuery object| Login1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
honeyfm.lk/ | Name: PHPSESSID Value: m1vs0fdlcbegukdj4epeidn0q4 |
10 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.login.idm.telekom.com
honeyfm.lk
xdn-ttp.de
104.21.35.247
62.157.140.200
80.82.200.32
1ae9002dcc417608127e39535e77f2f5ced2b6792b624a67d9abaef623aee7dc
1f1f88f2bd2d0cc1b6439f613a044409877fd355370a7f7a0253f9eb7834a14a
3695a51f3c3a4b60d5c1b1585853b94c7f41053b93f9215c6915a6e7172587ae
63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666
7069cdcaf9f53d2a668a4722b4290223f5fc1c4edffb6986ec891cc1a490a132
9d923ced945d8737e7ebedd432bc6e66dea3265dc438598f92acecb6f1eb0bbf
d3a518dea876de39f9e5dc1ffcdeb6c661aee25d8a62474386b664ef3bf1b40f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fd59005978ddb9a9cf96b92149172d1e7fb3606c9c76c1f68bd8d93f60283f28