![](/screenshots/9ee62e34-3e96-4a4b-a609-1d0ef81857ba.png)
domonda.eu.auth0.com
Open in
urlscan Pro
2606:4700::6813:9913
Public Scan
Effective URL: https://domonda.eu.auth0.com/u/login/identifier?state=hKFo2SByTFpCSTluVGpFX0d2UVJlQXU2bVlnU0dxOGFoWVo4Y6Fur3VuaXZlcnNhbC1sb2d...
Submission Tags: phishingrod
Submission: On February 09 via api from DE — Scanned from DE
Summary
TLS certificate: Issued by E1 on January 26th 2024. Valid for: 3 months.
This is the only time domonda.eu.auth0.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 9 | 3.126.222.78 3.126.222.78 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 141.101.90.97 141.101.90.97 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:303... 2606:4700:3034::ac43:a57f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 2606:4700::68... 2606:4700::6813:9913 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2600:9000:214... 2600:9000:214f:2c00:10:474e:104a:2961 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 18.197.212.183 18.197.212.183 | 16509 (AMAZON-02) (AMAZON-02) | |
11 | 7 |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-222-78.eu-central-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-212-183.eu-central-1.compute.amazonaws.com
domonda.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
domonda.app
4 redirects
cms.new.nitromaintenance.ap.document-source-email.domonda.app new.nitromaintenance.ap.document-source-email.domonda.app nitromaintenance.ap.document-source-email.domonda.app ap.document-source-email.domonda.app document-source-email.domonda.app |
3 MB |
3 |
auth0.com
1 redirects
domonda.eu.auth0.com cdn.auth0.com — Cisco Umbrella Rank: 6285 |
87 KB |
1 |
domonda.com
domonda.com |
3 KB |
1 |
lr-in-prod.com
cdn.lr-in-prod.com — Cisco Umbrella Rank: 18000 |
164 KB |
1 |
xs2a.com
api.xs2a.com — Cisco Umbrella Rank: 327708 |
19 KB |
11 | 5 |
Domain | Requested by | |
---|---|---|
5 | document-source-email.domonda.app |
document-source-email.domonda.app
|
2 | domonda.eu.auth0.com |
1 redirects
document-source-email.domonda.app
|
1 | domonda.com |
domonda.eu.auth0.com
|
1 | cdn.auth0.com |
domonda.eu.auth0.com
|
1 | cdn.lr-in-prod.com |
document-source-email.domonda.app
|
1 | api.xs2a.com |
document-source-email.domonda.app
|
1 | ap.document-source-email.domonda.app | 1 redirects |
1 | nitromaintenance.ap.document-source-email.domonda.app | 1 redirects |
1 | new.nitromaintenance.ap.document-source-email.domonda.app | 1 redirects |
1 | cms.new.nitromaintenance.ap.document-source-email.domonda.app | 1 redirects |
11 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
document-source-email.domonda.app R3 |
2024-02-01 - 2024-05-01 |
3 months | crt.sh |
xs2a.com Cloudflare Inc ECC CA-3 |
2023-09-15 - 2024-09-13 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-03-13 - 2024-03-12 |
a year | crt.sh |
eu.auth0.com E1 |
2024-01-26 - 2024-04-25 |
3 months | crt.sh |
*.auth0.com Amazon RSA 2048 M03 |
2024-01-25 - 2025-02-22 |
a year | crt.sh |
domonda.com R3 |
2024-01-08 - 2024-04-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://domonda.eu.auth0.com/u/login/identifier?state=hKFo2SByTFpCSTluVGpFX0d2UVJlQXU2bVlnU0dxOGFoWVo4Y6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIG5NR2NFNndkM2hMb1l5NFBPTlBTbV9GZXUzYXk4bW11o2NpZNkgNlBFUFh4RVc5bkRLenJpSjdCUkFWbTBRN243OG51OXg
Frame ID: B61DEF44C1F05B6E4DD5B0D1C4E5A2F0
Requests: 11 HTTP requests in this frame
Screenshot
![](/screenshots/9ee62e34-3e96-4a4b-a609-1d0ef81857ba.png)
Page Title
Einloggen | domonda appPage URL History Show full URLs
-
https://cms.new.nitromaintenance.ap.document-source-email.domonda.app/
HTTP 307
https://new.nitromaintenance.ap.document-source-email.domonda.app/ HTTP 307
https://nitromaintenance.ap.document-source-email.domonda.app/ HTTP 307
https://ap.document-source-email.domonda.app/ HTTP 307
https://document-source-email.domonda.app/ Page URL
-
https://domonda.eu.auth0.com/authorize?client_id=6PEPXxEW9nDKzriJ7BRAVm0Q7n78nu9x&response_type=token&red...
HTTP 302
https://domonda.eu.auth0.com/u/login/identifier?state=hKFo2SByTFpCSTluVGpFX0d2UVJlQXU2bVlnU0dxOGFoWVo4Y6F... Page URL
Detected technologies
Detected patterns
- /wp-(?:content|includes)/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://cms.new.nitromaintenance.ap.document-source-email.domonda.app/
HTTP 307
https://new.nitromaintenance.ap.document-source-email.domonda.app/ HTTP 307
https://nitromaintenance.ap.document-source-email.domonda.app/ HTTP 307
https://ap.document-source-email.domonda.app/ HTTP 307
https://document-source-email.domonda.app/ Page URL
-
https://domonda.eu.auth0.com/authorize?client_id=6PEPXxEW9nDKzriJ7BRAVm0Q7n78nu9x&response_type=token&redirect_uri=https%3A%2F%2Fdocument-source-email.domonda.app%2Fauthorize&scope=openid&state=8Fq7aZmUh0SxDs1Zik.8~CYgoUixytTH&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xOS4xIn0%3D
HTTP 302
https://domonda.eu.auth0.com/u/login/identifier?state=hKFo2SByTFpCSTluVGpFX0d2UVJlQXU2bVlnU0dxOGFoWVo4Y6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIG5NR2NFNndkM2hMb1l5NFBPTlBTbV9GZXUzYXk4bW11o2NpZNkgNlBFUFh4RVc5bkRLenJpSjdCUkFWbTBRN243OG51OXg Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://cms.new.nitromaintenance.ap.document-source-email.domonda.app/ HTTP 307
- https://new.nitromaintenance.ap.document-source-email.domonda.app/ HTTP 307
- https://nitromaintenance.ap.document-source-email.domonda.app/ HTTP 307
- https://ap.document-source-email.domonda.app/ HTTP 307
- https://document-source-email.domonda.app/
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
document-source-email.domonda.app/ Redirect Chain
|
982 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xs2a.js
api.xs2a.com/ |
53 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.c93aeafe.js
document-source-email.domonda.app/assets/ |
699 KB 700 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css.ts.vanilla.7ab38985.js
document-source-email.domonda.app/assets/ |
2 MB 2 MB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css.ts.05dd2b30.css
document-source-email.domonda.app/assets/ |
84 KB 85 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.d005e360.css
document-source-email.domonda.app/assets/ |
112 KB 112 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logger-1.min.js
cdn.lr-in-prod.com/ |
830 KB 164 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
identifier
domonda.eu.auth0.com/u/login/ Redirect Chain
|
22 KB 22 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
b4f9afae-bd96-45b0-801d-4f27d23346e2
https://document-source-email.domonda.app/ |
462 KB 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.cdn.min.css
cdn.auth0.com/ulp/react-components/1.85.24/css/ |
267 KB 63 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_shadowless_round-256x256-1.png
domonda.com/wp-content/uploads/2020/05/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.xs2a.com/ | Name: __cf_bm Value: sGQhGmcIXCqzkyUV3.0PaBbNDVlwSKzrNyFg6k2pQh4-1707483528-1-AdpjTFZ0d30oZT13E2ZFw7zcC1yRJ1JKURbPW/M6iUe0Oq8xlphhfCNtkvnKTU9I9+VHytOPF31biHCFRvtiVws= |
|
.xs2a.com/ | Name: _cfuvid Value: EO3cRU4q309aLg8qyxMJV7AU8I1niZbEmhJ66MkRzsQ-1707483528232-0-604800000 |
|
document-source-email.domonda.app/ | Name: _com.auth0.auth.8Fq7aZmUh0SxDs1Zik.8~CYgoUixytTH_compat Value: {%22nonce%22:null%2C%22state%22:%228Fq7aZmUh0SxDs1Zik.8~CYgoUixytTH%22} |
|
document-source-email.domonda.app/ | Name: com.auth0.auth.8Fq7aZmUh0SxDs1Zik.8~CYgoUixytTH Value: {%22nonce%22:null%2C%22state%22:%228Fq7aZmUh0SxDs1Zik.8~CYgoUixytTH%22} |
|
domonda.eu.auth0.com/ | Name: did Value: s%3Av0%3Af74f49e0-c74a-11ee-bbd4-6ddace5088aa.I4X6Bnwe22Jcu%2FF%2B658SL8cCw5v0LXrHPs28U2WXq04 |
|
domonda.eu.auth0.com/ | Name: auth0 Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQPDmqpKyT4M5wh3zJsTHM8rpSqdS1TQZK2-KUnHpjG_ckhnGCRqY_TfUKRt9bd7V5dulWjrX3QxwhkfmM5cLTmGmY29va2llg6dleHBpcmVz1_-f-pcAZcoWCK5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.Fno355mX3BPK0fG5X76n0p59ubytmWarKnerwq1umGo |
|
domonda.eu.auth0.com/ | Name: did_compat Value: s%3Av0%3Af74f49e0-c74a-11ee-bbd4-6ddace5088aa.I4X6Bnwe22Jcu%2FF%2B658SL8cCw5v0LXrHPs28U2WXq04 |
|
domonda.eu.auth0.com/ | Name: auth0_compat Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQPDmqpKyT4M5wh3zJsTHM8rpSqdS1TQZK2-KUnHpjG_ckhnGCRqY_TfUKRt9bd7V5dulWjrX3QxwhkfmM5cLTmGmY29va2llg6dleHBpcmVz1_-f-pcAZcoWCK5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.Fno355mX3BPK0fG5X76n0p59ubytmWarKnerwq1umGo |
|
.eu.auth0.com/ | Name: __cf_bm Value: LcypF_88nkEUFWPQAswtqMwJqd5tpZULW3.0fIlhc.s-1707483528-1-AQDJt48ogeSbTwXgGoAd7rDn7+5oyrODedQGMJAbVIkr8Z39X/BVWbOeqYZoB9sbrg== |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ap.document-source-email.domonda.app
api.xs2a.com
cdn.auth0.com
cdn.lr-in-prod.com
cms.new.nitromaintenance.ap.document-source-email.domonda.app
document-source-email.domonda.app
domonda.com
domonda.eu.auth0.com
new.nitromaintenance.ap.document-source-email.domonda.app
nitromaintenance.ap.document-source-email.domonda.app
141.101.90.97
18.197.212.183
2600:9000:214f:2c00:10:474e:104a:2961
2606:4700:3034::ac43:a57f
2606:4700::6813:9913
3.126.222.78
05dd2b302580a402313a89c4cb8b09334d14a046bed92be755091bb4bb13509f
2d629feb91f7537b761621762d24d8f6475a8851fa2322ac4b1c88957944391f
6f4de16554069f1e58d6420724ad7499a1891d03f723f7b8ea0368a0b30b3b77
70c54db1af619d56aa82785dd8611161e31cbda91dab24e52793ea4f287d46b1
9e3a5a7f7518b4b398bbcc9f15f7af2735c60382957074c6e98a41c2b586d29d
b9f2d024d9b48b864aed5d2e0782c9334eb9b5f601174991a7ff3646277cd7a2
becabc63f5df2b2a54d20fc0e47c4a0803e370270c741dc6c63372d5f5987443
bf72dfdf983fb540a772e38d18c6687b641ee293f57df7cb724eaf52c822fd6c
d005e36044a27d4edf980c901d43c61b8e7f092b7298d4b44ad49e7b70b12aba