promotor-sport.com Open in urlscan Pro
31.14.137.219 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
Submission Tags: @ipnigh
Submission: On September 03 via api (September 3rd 2019, 12:06:52 am UTC) from GB

Summary HTTP 14 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 31.14.137.219, located in Arezzo, Italy and belongs to ARUBA-ASN, IT. The main domain is promotor-sport.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 10th 2019. Valid for: 3 months.

This is the only time promotor-sport.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telekom (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
7	31.14.137.219 31.14.137.219	31034 (ARUBA-ASN) (ARUBA-ASN)
1	80.158.67.40 80.158.67.40	34086 (SCZN-AS) (SCZN-AS)
6	2003:2:2:140:... 2003:2:2:140:62:157:140:200	3320 (DTAG Inte...) (DTAG Internet service provider operations)
14	3

7 31.14.137.219 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)
PTR: cpanel2.vhosting-it.com

promotor-sport.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.158.67.40 (Germany)

ASN34086 (SCZN-AS, DE)

www.telekom.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2003:2:2:140:62:157:140:200 (Germany)

ASN3320 (DTAG Internet service provider operations, DE)

accounts.login.idm.telekom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	promotor-sport.com promotor-sport.com	293 KB
6	telekom.com accounts.login.idm.telekom.com	178 KB
1	telekom.de www.telekom.de
14	3

	Domain	Requested by
7	promotor-sport.com	promotor-sport.com
6	accounts.login.idm.telekom.com	promotor-sport.com
1	www.telekom.de	promotor-sport.com
14	3

This site contains links to these domains. Also see Links.

Domain
meinkonto.telekom-dienste.de
www.telekom.de
www.telekom.com
accounts.login.idm.telekom.com

Subject Issuer	Validity	Valid
promotor-sport.com Let's Encrypt Authority X3	`2019-07-10` - `2019-10-08`	3 months	crt.sh
www.telekom.de TeleSec ServerPass Class 2 CA	`2018-10-08` - `2020-10-13`	2 years	crt.sh
accounts.login.idm.telekom.com TeleSec ServerPass Extended Validation Class 3 CA	`2018-11-06` - `2020-11-11`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
Frame ID: ED51A62A7C2863995F60757174E0B6EC
Requests: 13 HTTP requests in this frame

Frame: https://www.telekom.de/resources/tbs-config/phoenix_login_tracking?page=login&mode=web&context=auth&status=first_attempt
Frame ID: 98BEAFD368513CD21B8F65CF154D26AF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

14
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

471 kB
Transfer

466 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://meinkonto.telekom-dienste.de/wiederherstellung/passwort/index.xhtml
Title: Benutzername oder Passwort vergessen?

Search URL Search Domain Scan URL

URL: https://www.telekom.de/hilfe/vertrag-meine-daten/login-daten-passwoerter
Title: Brauchen Sie Hilfe?

Search URL Search Domain Scan URL

URL: https://meinkonto.telekom-dienste.de/telekom/account/registration/assistant/index.xhtml?sid=telekomde
Title: Telekom Login erstellen

Search URL Search Domain Scan URL

URL: https://www.telekom.com/impressum
Title: Impressum

Search URL Search Domain Scan URL

URL: https://accounts.login.idm.telekom.com/static/html/datenschutz.html
Title: Datenschutz

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request auth5fa9.html Show response
promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/ 9 KB
9 KB 93ms
24ms Document
text/html 31.14.137.219
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.14.137.219 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: cpanel2.vhosting-it.com
Software: Apache /
Resource Hash: 618b78b1fced283aab51dcfc607be6c80a80b939f846dd01babfdf760046aca4

Request headers

:method: GET
:authority: promotor-sport.com
:scheme: https
:path: /ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

status: 200
date: Tue, 03 Sep 2019 00:06:36 GMT
server: Apache
last-modified: Wed, 28 Aug 2019 17:06:06 GMT
accept-ranges: bytes
content-length: 8772
content-type: text/html

GET
H2 200 components.min.css
promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/vdplus/css/ 88 KB
88 KB 24ms
24ms Stylesheet
text/css 31.14.137.219
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/vdplus/css/components.min.css
Requested by: Host: promotor-sport.com
URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.14.137.219 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: cpanel2.vhosting-it.com
Software: Apache /
Resource Hash: b294dde6b72c7a43814d16dc00086ed00c7d6c85a917c8bf12c204e9393968b3

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Tue, 03 Sep 2019 00:06:36 GMT
last-modified: Wed, 28 Aug 2019 15:01:58 GMT
server: Apache
accept-ranges: bytes
content-length: 89766
content-type: text/css

GET
H2 200 login.css
promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/factorx/vdplus/css/ 12 KB
12 KB 70ms
69ms Stylesheet
text/css 31.14.137.219
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/factorx/vdplus/css/login.css
Requested by: Host: promotor-sport.com
URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.14.137.219 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: cpanel2.vhosting-it.com
Software: Apache /
Resource Hash: 965b3e1e87300e76ef4a21e1e4622f08249616913b2eed98c1a5c4b84e14a914

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Tue, 03 Sep 2019 00:06:36 GMT
last-modified: Wed, 28 Aug 2019 15:01:58 GMT
server: Apache
accept-ranges: bytes
content-length: 12349
content-type: text/css

GET
H2 200 jquery-3.2.1.min.js Show response
promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/vdplus/js/ 85 KB
85 KB 69ms
69ms Script
application/javascript 31.14.137.219
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/vdplus/js/jquery-3.2.1.min.js
Requested by: Host: promotor-sport.com
URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.14.137.219 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: cpanel2.vhosting-it.com
Software: Apache /
Resource Hash: 75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Tue, 03 Sep 2019 00:06:36 GMT
last-modified: Wed, 28 Aug 2019 15:01:58 GMT
server: Apache
accept-ranges: bytes
content-length: 86663
content-type: application/javascript

GET
H2 200 components.min.js Show response
promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/vdplus/js/ 66 KB
67 KB 70ms
69ms Script
application/javascript 31.14.137.219
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/vdplus/js/components.min.js
Requested by: Host: promotor-sport.com
URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.14.137.219 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: cpanel2.vhosting-it.com
Software: Apache /
Resource Hash: c63d7993ea7dbf9618b51351e7209baa3c0c99944df7a98602f2a1cafaef29c5

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Tue, 03 Sep 2019 00:06:36 GMT
last-modified: Wed, 28 Aug 2019 15:01:58 GMT
server: Apache
accept-ranges: bytes
content-length: 67844
content-type: application/javascript

GET
H2 200 login.js Show response
promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/factorx/vdplus/js/ 9 KB
9 KB 69ms
68ms Script
application/javascript 31.14.137.219
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/factorx/vdplus/js/login.js
Requested by: Host: promotor-sport.com
URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.14.137.219 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: cpanel2.vhosting-it.com
Software: Apache /
Resource Hash: 7e3a7788472182c326dfa1382ab0e99c7c5fb50e8e4151d187c2cb13e24bb821

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Tue, 03 Sep 2019 00:06:36 GMT
last-modified: Wed, 28 Aug 2019 15:01:58 GMT
server: Apache
accept-ranges: bytes
content-length: 9565
content-type: application/javascript

GET
H2 200 services.png
promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/factorx/vdplus/images/ 22 KB
22 KB 69ms
69ms Image
image/png 31.14.137.219
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/factorx/vdplus/images/services.png
Requested by: Host: promotor-sport.com
URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.14.137.219 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: cpanel2.vhosting-it.com
Software: Apache /
Resource Hash: 14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Tue, 03 Sep 2019 00:06:36 GMT
last-modified: Wed, 28 Aug 2019 15:01:58 GMT
server: Apache
accept-ranges: bytes
content-length: 22647
content-type: image/png

GET
H/1.1 200
OK phoenix_login_tracking
www.telekom.de/resources/tbs-config/ Frame 98BE 0
0 85ms
19ms Document
text/html 80.158.67.40
SCZN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.telekom.de/resources/tbs-config/phoenix_login_tracking?page=login&mode=web&context=auth&status=first_attempt
Requested by: Host: promotor-sport.com
URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 80.158.67.40 , Germany, ASN34086 (SCZN-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Host: www.telekom.de
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Referer: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html

Response headers

Date: Mon, 02 Sep 2019 23:14:04 GMT
Server: Apache
Content-Disposition: inline; filename="phoenix_login_tracking.html"
ETag: "8bc87a15f4a7ebacfcf91ab31f7682be"
Cache-Control: max-age=3600
xkey: 301466
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
X-Varnish: 147978492 148668736
Age: 3152
X-Cache: HIT
Accept-Ranges: bytes
Content-Length: 1233
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

GET
H/1.1 200
OK telegroteskscreen-regular.woff
accounts.login.idm.telekom.com/static/vdplus/fonts/ 54 KB
54 KB 122ms
12ms Font
application/x-font-woff 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/vdplus/fonts/telegroteskscreen-regular.woff

Requested by

Host: promotor-sport.com
URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

21d4dc49ec496581969051f9f542afee01f9029e7db6112bff99e7be2942de53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode: cors
Referer: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/vdplus/css/components.min.css
Origin: https://promotor-sport.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 03 Sep 2019 00:06:37 GMT
SH: 9291c7b1a9bd46c8c999944c8eb3a0fa
Last-Modified: Fri, 09 Feb 2018 13:39:55 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin: https://promotor-sport.com
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/x-font-woff
Keep-Alive: timeout=2, max=1000
Content-Length: 55044
Expires: Tue, 10 Sep 2019 00:06:37 GMT

GET
H/1.1 200
OK data_protection.svg
accounts.login.idm.telekom.com/static/factorx/vdplus/images/ 713 B
1 KB 119ms
11ms Image
image/svg+xml 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://accounts.login.idm.telekom.com/static/factorx/vdplus/images/data_protection.svg

Requested by

Host: promotor-sport.com
URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

870c62606d520eb179f4bfe0edc1258a454811c692487cdb3ed9838582c5a22f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/factorx/vdplus/css/login.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 03 Sep 2019 00:06:37 GMT
SH: 48a2a2f8015144cc8362d02caadc02cf
Last-Modified: Thu, 07 Mar 2019 05:35:08 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/svg+xml
Keep-Alive: timeout=2, max=1000
Content-Length: 713
Expires: Tue, 03 Sep 2019 01:06:37 GMT

GET
H/1.1 200
OK telekomicon-outline.woff
accounts.login.idm.telekom.com/static/vdplus/fonts/ 9 KB
9 KB 121ms
13ms Font
application/x-font-woff 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/vdplus/fonts/telekomicon-outline.woff

Requested by

Host: promotor-sport.com
URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

e185aceb03040c947c211bc9e972ce427f11c5801338fd8f943e3b53e229eb3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode: cors
Referer: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/vdplus/css/components.min.css
Origin: https://promotor-sport.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 03 Sep 2019 00:06:37 GMT
SH: 4194a5e2d0d7b40759d719349ca67bb4
Last-Modified: Mon, 12 Feb 2018 13:07:34 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin: https://promotor-sport.com
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/x-font-woff
Keep-Alive: timeout=2, max=1000
Content-Length: 8756
Expires: Tue, 10 Sep 2019 00:06:37 GMT

GET
H/1.1 200
OK telegroteskscreen-bold.woff
accounts.login.idm.telekom.com/static/vdplus/fonts/ 53 KB
53 KB 120ms
12ms Font
application/x-font-woff 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/vdplus/fonts/telegroteskscreen-bold.woff

Requested by

Host: promotor-sport.com
URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

e1b1f6b64573c86c3b9f5f023ab7e791a074dbccb87d61e886cb6fa659ba9485

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode: cors
Referer: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/vdplus/css/components.min.css
Origin: https://promotor-sport.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 03 Sep 2019 00:06:37 GMT
SH: 043416f195991df4f1c926fbe0b9a838
Last-Modified: Tue, 06 Feb 2018 13:39:17 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin: https://promotor-sport.com
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/x-font-woff
Keep-Alive: timeout=2, max=1000
Content-Length: 53864
Expires: Tue, 10 Sep 2019 00:06:37 GMT

GET
H/1.1 200
OK telegroteskscreen-thin.woff
accounts.login.idm.telekom.com/static/vdplus/fonts/ 57 KB
58 KB 119ms
12ms Font
application/x-font-woff 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/vdplus/fonts/telegroteskscreen-thin.woff

Requested by

Host: promotor-sport.com
URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

43493c8fdfe7935a395920ef619a4dc56c440479ce190ad2ac1df8e23acc5595

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode: cors
Referer: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/vdplus/css/components.min.css
Origin: https://promotor-sport.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 03 Sep 2019 00:06:37 GMT
SH: e9435748c17293f4a27bd767c73f3198
Last-Modified: Mon, 12 Feb 2018 10:52:54 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin: https://promotor-sport.com
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/x-font-woff
Keep-Alive: timeout=2, max=1000
Content-Length: 58656
Expires: Tue, 10 Sep 2019 00:06:37 GMT

GET
H/1.1 200
OK telekomicon-ui.woff
accounts.login.idm.telekom.com/static/vdplus/fonts/ 3 KB
3 KB 96ms
11ms Font
application/x-font-woff 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/vdplus/fonts/telekomicon-ui.woff

Requested by

Host: promotor-sport.com
URL: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/vdplus/js/jquery-3.2.1.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

345466d497966801ab4b5390c09e49d03f2ede8539bd35a56e25ed15bb2dc80e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode: cors
Referer: https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/vdplus/css/components.min.css
Origin: https://promotor-sport.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 03 Sep 2019 00:06:37 GMT
SH: 51fb2b016fdae5ec79978616b9e41e94
Last-Modified: Wed, 14 Feb 2018 13:07:39 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin: https://promotor-sport.com
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/x-font-woff
Keep-Alive: timeout=2, max=1000
Content-Length: 2676
Expires: Tue, 10 Sep 2019 00:06:37 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telekom (Telecommunication)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.login.idm.telekom.com
promotor-sport.com
www.telekom.de
2003:2:2:140:62:157:140:200
31.14.137.219
80.158.67.40
14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22
21d4dc49ec496581969051f9f542afee01f9029e7db6112bff99e7be2942de53
345466d497966801ab4b5390c09e49d03f2ede8539bd35a56e25ed15bb2dc80e
43493c8fdfe7935a395920ef619a4dc56c440479ce190ad2ac1df8e23acc5595
618b78b1fced283aab51dcfc607be6c80a80b939f846dd01babfdf760046aca4
75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35
7e3a7788472182c326dfa1382ab0e99c7c5fb50e8e4151d187c2cb13e24bb821
870c62606d520eb179f4bfe0edc1258a454811c692487cdb3ed9838582c5a22f
965b3e1e87300e76ef4a21e1e4622f08249616913b2eed98c1a5c4b84e14a914
b294dde6b72c7a43814d16dc00086ed00c7d6c85a917c8bf12c204e9393968b3
c63d7993ea7dbf9618b51351e7209baa3c0c99944df7a98602f2a1cafaef29c5
e185aceb03040c947c211bc9e972ce427f11c5801338fd8f943e3b53e229eb3e
e1b1f6b64573c86c3b9f5f023ab7e791a074dbccb87d61e886cb6fa659ba9485

promotor-sport.com Open in urlscan Pro 31.14.137.219 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

471 kBTransfer

466 kBSize

0 Cookies

5 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

promotor-sport.com Open in urlscan Pro
31.14.137.219 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

471 kB
Transfer

466 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!