app-kunden.com
Open in
urlscan Pro
2606:4700:3033::6815:4b80
Malicious Activity!
Public Scan
Effective URL: https://app-kunden.com/de/o2/a1b2c3/2af01d5cbb21f57ae3eba153c0e98ef3/login/?index=7200&feeder=034125580d6b49bcbb843d3b1...
Submission: On March 07 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on March 5th 2024. Valid for: 3 months.
This is the only time app-kunden.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telefonica (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 33 | 2606:4700:303... 2606:4700:3033::6815:4b80 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
26 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
33 |
app-kunden.com
7 redirects
app-kunden.com |
300 KB |
26 | 1 |
Domain | Requested by | |
---|---|---|
33 | app-kunden.com |
7 redirects
app-kunden.com
|
26 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
app-kunden.com GTS CA 1P5 |
2024-03-05 - 2024-06-03 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://app-kunden.com/de/o2/a1b2c3/2af01d5cbb21f57ae3eba153c0e98ef3/login/?index=7200&feeder=034125580d6b49bcbb843d3b1a1e0cab1126bc12
Frame ID: 4C1B7A05B6ABB15A1A161B22CD2733CF
Requests: 26 HTTP requests in this frame
Screenshot
Page Title
LoginPage URL History Show full URLs
-
http://app-kunden.com/de/o2
HTTP 301
https://app-kunden.com/de/o2 HTTP 301
http://app-kunden.com/de/o2/ HTTP 301
https://app-kunden.com/de/o2/ HTTP 302
https://app-kunden.com/de/o2/white.php?index=7200&feeder=034125580d6b49bcbb843d3b1a1e0cab1126bc12 Page URL
-
https://app-kunden.com/de/o2/a1b2c3/2af01d5cbb21f57ae3eba153c0e98ef3?index=7200&feeder=034125580d6b...
HTTP 301
http://app-kunden.com/de/o2/a1b2c3/2af01d5cbb21f57ae3eba153c0e98ef3/?index=7200&feeder=034125580d6... HTTP 301
https://app-kunden.com/de/o2/a1b2c3/2af01d5cbb21f57ae3eba153c0e98ef3/?index=7200&feeder=034125580d6... HTTP 302
https://app-kunden.com/de/o2/a1b2c3/2af01d5cbb21f57ae3eba153c0e98ef3/login/?index=7200&feeder=03412... Page URL
Detected technologies
Adobe Experience Manager (CMS) ExpandDetected patterns
- <div class="[^"]*parbase
AngularJS (JavaScript Frameworks) Expand
Detected patterns
- \bangular.{0,32}\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://app-kunden.com/de/o2
HTTP 301
https://app-kunden.com/de/o2 HTTP 301
http://app-kunden.com/de/o2/ HTTP 301
https://app-kunden.com/de/o2/ HTTP 302
https://app-kunden.com/de/o2/white.php?index=7200&feeder=034125580d6b49bcbb843d3b1a1e0cab1126bc12 Page URL
-
https://app-kunden.com/de/o2/a1b2c3/2af01d5cbb21f57ae3eba153c0e98ef3?index=7200&feeder=034125580d6b49bcbb843d3b1a1e0cab1126bc12
HTTP 301
http://app-kunden.com/de/o2/a1b2c3/2af01d5cbb21f57ae3eba153c0e98ef3/?index=7200&feeder=034125580d6b49bcbb843d3b1a1e0cab1126bc12 HTTP 301
https://app-kunden.com/de/o2/a1b2c3/2af01d5cbb21f57ae3eba153c0e98ef3/?index=7200&feeder=034125580d6b49bcbb843d3b1a1e0cab1126bc12 HTTP 302
https://app-kunden.com/de/o2/a1b2c3/2af01d5cbb21f57ae3eba153c0e98ef3/login/?index=7200&feeder=034125580d6b49bcbb843d3b1a1e0cab1126bc12 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://app-kunden.com/de/o2 HTTP 301
- https://app-kunden.com/de/o2 HTTP 301
- http://app-kunden.com/de/o2/ HTTP 301
- https://app-kunden.com/de/o2/ HTTP 302
- https://app-kunden.com/de/o2/white.php?index=7200&feeder=034125580d6b49bcbb843d3b1a1e0cab1126bc12
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
white.php
app-kunden.com/de/o2/ Redirect Chain
|
786 B 940 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
app-kunden.com/de/o2/a1b2c3/2af01d5cbb21f57ae3eba153c0e98ef3/login/ Redirect Chain
|
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
app-kunden.com/de/o2/bower_components/jquery/dist/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ua-parser.min.js
app-kunden.com/de/o2/bower_components/ua-parser-js/dist/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.min.css
app-kunden.com/de/o2/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_form.js
app-kunden.com/de/o2/core/form/ |
16 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_token.js
app-kunden.com/de/o2/core/token/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
angular.min.js
app-kunden.com/de/o2/bower_components/angular/ |
165 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_form.css
app-kunden.com/de/o2/core/form/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
css.css
app-kunden.com/de/o2/login/form/ |
624 B 781 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app.js
app-kunden.com/de/o2/login/ |
525 B 735 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index.css
app-kunden.com/de/o2/login/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
o2.png
app-kunden.com/de/o2/login/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ios.png
app-kunden.com/de/o2/login/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
android.png
app-kunden.com/de/o2/login/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
tele.webp
app-kunden.com/de/o2/login/ |
2 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
tdg
app-kunden.com/de/o2/login/ |
45 B 477 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
form.js
app-kunden.com/de/o2/login/form/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ng.js
app-kunden.com/de/o2/login/ng/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
token.js
app-kunden.com/de/o2/login/token/ |
1 KB 996 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
OnAir-Bold.8cbe59f9.woff2
app-kunden.com/de/o2/login/ |
47 KB 47 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
OnAir-Light.e3b307c6.woff2
app-kunden.com/de/o2/login/ |
46 KB 46 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
o2icons.woff2
app-kunden.com/de/o2/login/ |
67 KB 68 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Spinner-1s-200px.svg
app-kunden.com/de/o2/login/ |
3 KB 964 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
home.php
app-kunden.com/de/o2/ |
57 B 464 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
home.php
app-kunden.com/de/o2/ |
57 B 460 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telefonica (Telecommunication)39 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| UAParser function| save_logs__ function| save_logs_done__ function| ask_login_proxy function| ask_sms_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| lock_redirect function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| EN function| send1 object| bider_obj object| last_respond undefined| last_operation object| respond object| angular object| btn string| bid object| php_js object| app object| loader_ string| el object| CORE__ object| REST_FN__ number| bidder_timer2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
app-kunden.com/de/o2 | Name: real Value: OK |
|
app-kunden.com/ | Name: bid Value: 2af01d5cbb21f57ae3eba153c0e98ef3 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app-kunden.com
2606:4700:3033::6815:4b80
0378ff5bd87f01129fc7bba7e855a841de77771df75c8e50db872b7bec484ada
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
221bcbf852ea042dd008217e9a68cf7adc8b00a514d3e96a027ede94a9e620c8
262e8067736e172129bde8c5b97ba3e88651923170f5536e9a259366aed1109a
2a77e2fe18971cc5bd32cf5a3a951f849ee93ea0ceb3681149805a1f07bb88a4
302c3d19e99e7346f33eeaae77a8e2e41407f88b8411bb153e240f94787a83c4
345c01d840ea56174dd431ba9536504834b6d10eabd564a6d256048785d14609
35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27
3b05156b6514710918393522e4560613fe9d1162bb6082f65ffe9d74f74ee744
4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b
442ee5939c0b03561c121d19ab5d61c189b0928666feb26857325c4f711e63eb
553477374932c4e37d9baef1b311a260d7ad76d43d0f100a2f9ec4a57b40823e
62cfb054088e29a0e576b434030c236c6101af0599e6f55cfe89b35a6186fba4
680cbadecfcbb8e193c7a6fcb4a222fd5b4e154d163368449ba020faf17c9ea3
6d1fcbb829fad19d85ece061e1f6f4ab0b556daf7998be1cf089c36392f4dd81
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f
93b238a08f88da511693559daf9fee3942bc2ff92c0d3666e2f92ade28c7fcc2
9514be1de81594cc232402c83c6f2a73276ae8c3a6224a7ac8a3561c5ed9f7c6
9fe6ac42688128b3cafd91a720675d4e521027f186f7b46bdc7480af5bf8ae98
a2282c17fae39d990ffc9c7b707d6618efef6ac554b3e9611dadb841a4c16074
aeb5757e8032844eec87f01c0909709592d3fc5cb8b2eeca28c6c0d3782aef31
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
cd1c70472d622c1f861b6542ea90d768686d27051f34dcc7ed4d90308b97f043
de3174d5150bfdb08dcceeac6c100047cc44948ee209a8773be29b62230a974d