promotor-sport.com
Open in
urlscan Pro
31.14.137.219
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On September 03 via api from GB
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on July 10th 2019. Valid for: 3 months.
This is the only time promotor-sport.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telekom (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 31.14.137.219 31.14.137.219 | 31034 (ARUBA-ASN) (ARUBA-ASN) | |
1 | 80.158.67.40 80.158.67.40 | 34086 (SCZN-AS) (SCZN-AS) | |
6 | 2003:2:2:140:... 2003:2:2:140:62:157:140:200 | 3320 (DTAG Inte...) (DTAG Internet service provider operations) | |
14 | 3 |
ASN31034 (ARUBA-ASN, IT)
PTR: cpanel2.vhosting-it.com
promotor-sport.com |
ASN3320 (DTAG Internet service provider operations, DE)
accounts.login.idm.telekom.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
promotor-sport.com
promotor-sport.com |
293 KB |
6 |
telekom.com
accounts.login.idm.telekom.com |
178 KB |
1 |
telekom.de
www.telekom.de |
|
14 | 3 |
Domain | Requested by | |
---|---|---|
7 | promotor-sport.com |
promotor-sport.com
|
6 | accounts.login.idm.telekom.com |
promotor-sport.com
|
1 | www.telekom.de |
promotor-sport.com
|
14 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
meinkonto.telekom-dienste.de |
www.telekom.de |
www.telekom.com |
accounts.login.idm.telekom.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
promotor-sport.com Let's Encrypt Authority X3 |
2019-07-10 - 2019-10-08 |
3 months | crt.sh |
www.telekom.de TeleSec ServerPass Class 2 CA |
2018-10-08 - 2020-10-13 |
2 years | crt.sh |
accounts.login.idm.telekom.com TeleSec ServerPass Extended Validation Class 3 CA |
2018-11-06 - 2020-11-11 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
https://promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/auth5fa9.html
Frame ID: ED51A62A7C2863995F60757174E0B6EC
Requests: 13 HTTP requests in this frame
Frame:
https://www.telekom.de/resources/tbs-config/phoenix_login_tracking?page=login&mode=web&context=auth&status=first_attempt
Frame ID: 98BEAFD368513CD21B8F65CF154D26AF
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Benutzername oder Passwort vergessen?
Search URL Search Domain Scan URL
Title: Brauchen Sie Hilfe?
Search URL Search Domain Scan URL
Title: Telekom Login erstellen
Search URL Search Domain Scan URL
Title: Impressum
Search URL Search Domain Scan URL
Title: Datenschutz
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
auth5fa9.html
promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/oauth2/ |
9 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
components.min.css
promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/vdplus/css/ |
88 KB 88 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.css
promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/factorx/vdplus/css/ |
12 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js
promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/vdplus/js/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
components.min.js
promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/vdplus/js/ |
66 KB 67 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.js
promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/factorx/vdplus/js/ |
9 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
services.png
promotor-sport.com/ssl/telekom.de/accounts.login.idm.telekom.com/static/factorx/vdplus/images/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
phoenix_login_tracking
www.telekom.de/resources/tbs-config/ Frame 98BE |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telegroteskscreen-regular.woff
accounts.login.idm.telekom.com/static/vdplus/fonts/ |
54 KB 54 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
data_protection.svg
accounts.login.idm.telekom.com/static/factorx/vdplus/images/ |
713 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telekomicon-outline.woff
accounts.login.idm.telekom.com/static/vdplus/fonts/ |
9 KB 9 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telegroteskscreen-bold.woff
accounts.login.idm.telekom.com/static/vdplus/fonts/ |
53 KB 53 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telegroteskscreen-thin.woff
accounts.login.idm.telekom.com/static/vdplus/fonts/ |
57 KB 58 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telekomicon-ui.woff
accounts.login.idm.telekom.com/static/vdplus/fonts/ |
3 KB 3 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telekom (Telecommunication)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| accountLocked boolean| accountLockedPermanent number| accountLockExpiration function| $ function| jQuery object| Login0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.login.idm.telekom.com
promotor-sport.com
www.telekom.de
2003:2:2:140:62:157:140:200
31.14.137.219
80.158.67.40
14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22
21d4dc49ec496581969051f9f542afee01f9029e7db6112bff99e7be2942de53
345466d497966801ab4b5390c09e49d03f2ede8539bd35a56e25ed15bb2dc80e
43493c8fdfe7935a395920ef619a4dc56c440479ce190ad2ac1df8e23acc5595
618b78b1fced283aab51dcfc607be6c80a80b939f846dd01babfdf760046aca4
75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35
7e3a7788472182c326dfa1382ab0e99c7c5fb50e8e4151d187c2cb13e24bb821
870c62606d520eb179f4bfe0edc1258a454811c692487cdb3ed9838582c5a22f
965b3e1e87300e76ef4a21e1e4622f08249616913b2eed98c1a5c4b84e14a914
b294dde6b72c7a43814d16dc00086ed00c7d6c85a917c8bf12c204e9393968b3
c63d7993ea7dbf9618b51351e7209baa3c0c99944df7a98602f2a1cafaef29c5
e185aceb03040c947c211bc9e972ce427f11c5801338fd8f943e3b53e229eb3e
e1b1f6b64573c86c3b9f5f023ab7e791a074dbccb87d61e886cb6fa659ba9485