urlscan.io logo urlscan.io
SecurityTrails logo

c2.self-service.vip.shujaat.me Open in urlscan Pro
65.109.64.110  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://c2.self-service.vip.shujaat.me/
Effective URL: https://c2.self-service.vip.shujaat.me/login/?redirect_uri=https://www.t-mobile.com/signin&scope=TMO_ID_profile%20associated_lines%20bi...
Submission: On April 15 via api from US — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 65.109.64.110, located in Helsinki, Finland and belongs to HETZNER-AS, DE. The main domain is c2.self-service.vip.shujaat.me.
TLS certificate: Issued by R3 on April 14th 2024. Valid for: 3 months.
This is the only time c2.self-service.vip.shujaat.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telekom (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 2 65.109.64.110 24940 (HETZNER-AS)
8 18.66.147.35 16509 (AMAZON-02)
1 108.138.7.41 16509 (AMAZON-02)
11 4
Apex Domain
Subdomains		 Transfer
8 oktacdn.com
ok5static.oktacdn.com — Cisco Umbrella Rank: 25843
634 KB
2 shujaat.me
c2.self-service.vip.shujaat.me
8 KB
1 okta.com
t-mobile.okta.com Failed
login.okta.com — Cisco Umbrella Rank: 3616
11 3
Domain Requested by
8 ok5static.oktacdn.com c2.self-service.vip.shujaat.me
ok5static.oktacdn.com
2 c2.self-service.vip.shujaat.me 1 redirects
1 login.okta.com c2.self-service.vip.shujaat.me
0 t-mobile.okta.com Failed c2.self-service.vip.shujaat.me
11 4

This site contains links to these domains. Also see Links.

Domain
metropcs.service-now.com
t-mobile.okta.com
www.okta.com
Subject Issuer Validity Valid
c2.self-service.vip.shujaat.me
R3		 2024-04-14 -
2024-07-13		 3 months crt.sh
*.oktacdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-15 -
2025-01-02		 a year crt.sh
accounts.okta.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-19 -
2024-07-24		 a year crt.sh

This page contains 2 frames:

Primary Page: https://c2.self-service.vip.shujaat.me/login/?redirect_uri=https://www.t-mobile.com/signin&scope=TMO_ID_profile%20associated_lines%20billing_information%20associated_billing_accounts%20extended_lines%20token%20openid%20vault&client_id=MYTMO&access_type=ONLINE&response_type=code&approval_prompt=auto&prompt=select_account&state=eyJpbnRlbnQiOiJMb2dpbiIsImJvb2ttYXJrVXJsIjoiaHR0cHM6Ly9teS50LW1vYmlsZS5jb20ifQ
Frame ID: 801FB4E837FB63A3ACFC108D397CAACA
Requests: 10 HTTP requests in this frame

Frame: https://login.okta.com/discovery/iframe.html
Frame ID: CFB06ED857E8903DF58839757FF7E014
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://c2.self-service.vip.shujaat.me/ HTTP 307
    https://c2.self-service.vip.shujaat.me/ HTTP 302
    https://c2.self-service.vip.shujaat.me/login/?redirect_uri=https://www.t-mobile.com/signin&scope=TMO_ID_profile%20a... Page URL

Page Statistics

11
Requests

91 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

641 kB
Transfer

2159 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://c2.self-service.vip.shujaat.me/ HTTP 307
    https://c2.self-service.vip.shujaat.me/ HTTP 302
    https://c2.self-service.vip.shujaat.me/login/?redirect_uri=https://www.t-mobile.com/signin&scope=TMO_ID_profile%20associated_lines%20billing_information%20associated_billing_accounts%20extended_lines%20token%20openid%20vault&client_id=MYTMO&access_type=ONLINE&response_type=code&approval_prompt=auto&prompt=select_account&state=eyJpbnRlbnQiOiJMb2dpbiIsImJvb2ttYXJrVXJsIjoiaHR0cHM6Ly9teS50LW1vYmlsZS5jb20ifQ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
c2.self-service.vip.shujaat.me/login/
Redirect Chain
  • http://c2.self-service.vip.shujaat.me/
  • https://c2.self-service.vip.shujaat.me/
  • https://c2.self-service.vip.shujaat.me/login/?redirect_uri=https://www.t-mobile.com/signin&scope=TMO_ID_profile%20associated_lines%20billing_information%20associated_billing_accounts%20extended_lin...
28 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://c2.self-service.vip.shujaat.me/login/?redirect_uri=https://www.t-mobile.com/signin&scope=TMO_ID_profile%20associated_lines%20billing_information%20associated_billing_accounts%20extended_lines%20token%20openid%20vault&client_id=MYTMO&access_type=ONLINE&response_type=code&approval_prompt=auto&prompt=select_account&state=eyJpbnRlbnQiOiJMb2dpbiIsImJvb2ttYXJrVXJsIjoiaHR0cHM6Ly9teS50LW1vYmlsZS5jb20ifQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.109.64.110 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
h27.core.hostnext.net
Software
/ PHP/7.3.33
Resource Hash
9257e7c0488cb5321ae273cdef9ce5fdc3d7461f7725c282c1a0726ec2daf991

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 15 Apr 2024 07:09:33 GMT
vary
Accept-Encoding
x-powered-by
PHP/7.3.33

Redirect headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control
no-cache, no-store, must-revalidate, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Mon, 15 Apr 2024 07:09:33 GMT
location
login/?redirect_uri=https://www.t-mobile.com/signin&scope=TMO_ID_profile%20associated_lines%20billing_information%20associated_billing_accounts%20extended_lines%20token%20openid%20vault&client_id=MYTMO&access_type=ONLINE&response_type=code&approval_prompt=auto&prompt=select_account&state=eyJpbnRlbnQiOiJMb2dpbiIsImJvb2ttYXJrVXJsIjoiaHR0cHM6Ly9teS50LW1vYmlsZS5jb20ifQ
x-powered-by
PHP/7.3.33
okta-sign-in.min.js
ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.4.0/js/ 		2 MB
465 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.4.0/js/okta-sign-in.min.js
Requested by
Host: c2.self-service.vip.shujaat.me
URL: https://c2.self-service.vip.shujaat.me/login/?redirect_uri=https://www.t-mobile.com/signin&scope=TMO_ID_profile%20associated_lines%20billing_information%20associated_billing_accounts%20extended_lines%20token%20openid%20vault&client_id=MYTMO&access_type=ONLINE&response_type=code&approval_prompt=auto&prompt=select_account&state=eyJpbnRlbnQiOiJMb2dpbiIsImJvb2ttYXJrVXJsIjoiaHR0cHM6Ly9teS50LW1vYmlsZS5jb20ifQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-35.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
57fb576de489f52ba42b992afa6884d59b3d22bbc397d73c1ec3f7ad18d469ae
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://c2.self-service.vip.shujaat.me/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 14 Apr 2024 01:59:10 GMT
x-amz-meta-sha1sum
c2d2722b5563f1700ed5004a162ddd0f36f13ea0
content-encoding
gzip
strict-transport-security
max-age=315360000; includeSubDomains
via
1.1 19dbc4cbbe0be3dca8e57283a83b57c6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P4
age
105023
x-cache
Hit from cloudfront
last-modified
Tue, 14 Mar 2023 17:38:04 GMT
server
nginx
etag
W/"eed848d9436db2c0255bc5c675d860ce"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
_GhqnLI9JWv0TTJXMdmez6r2IAmrhLIMl9abJ2Ftf_ubsPXAtOst_Q==
expires
Mon, 14 Apr 2025 01:59:10 GMT
okta-sign-in.min.css
ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.4.0/css/ 		215 KB
37 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.4.0/css/okta-sign-in.min.css
Requested by
Host: c2.self-service.vip.shujaat.me
URL: https://c2.self-service.vip.shujaat.me/login/?redirect_uri=https://www.t-mobile.com/signin&scope=TMO_ID_profile%20associated_lines%20billing_information%20associated_billing_accounts%20extended_lines%20token%20openid%20vault&client_id=MYTMO&access_type=ONLINE&response_type=code&approval_prompt=auto&prompt=select_account&state=eyJpbnRlbnQiOiJMb2dpbiIsImJvb2ttYXJrVXJsIjoiaHR0cHM6Ly9teS50LW1vYmlsZS5jb20ifQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-35.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
7406e3ac0309dd8012d6ecedc9ae88d6c89240f53e9ef932024aac9e410db068
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://c2.self-service.vip.shujaat.me/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 14 Apr 2024 01:59:10 GMT
x-amz-meta-sha1sum
b77dd0dec8001105dd6abdec62bcbdda7001e2e8
content-encoding
gzip
strict-transport-security
max-age=315360000; includeSubDomains
via
1.1 19dbc4cbbe0be3dca8e57283a83b57c6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P4
age
105023
x-cache
Hit from cloudfront
last-modified
Tue, 14 Mar 2023 17:37:00 GMT
server
nginx
etag
W/"12753402d34a780c99d4d55fca3215ae"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
fphX39Myy9rUIXkIvogrYjIIDeyv5z5VSL7cvbNo9ckvKXRMDTOTxQ==
expires
Mon, 14 Apr 2025 01:59:10 GMT
loginpage-theme.c1227d73b70be13e51aae80fe238b0ae.css
ok5static.oktacdn.com/assets/loginpage/css/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ok5static.oktacdn.com/assets/loginpage/css/loginpage-theme.c1227d73b70be13e51aae80fe238b0ae.css
Requested by
Host: c2.self-service.vip.shujaat.me
URL: https://c2.self-service.vip.shujaat.me/login/?redirect_uri=https://www.t-mobile.com/signin&scope=TMO_ID_profile%20associated_lines%20billing_information%20associated_billing_accounts%20extended_lines%20token%20openid%20vault&client_id=MYTMO&access_type=ONLINE&response_type=code&approval_prompt=auto&prompt=select_account&state=eyJpbnRlbnQiOiJMb2dpbiIsImJvb2ttYXJrVXJsIjoiaHR0cHM6Ly9teS50LW1vYmlsZS5jb20ifQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-35.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
e1e44d4c36b5065da95f5c9fba78d36deb4a28e09751ae05aa1675121041af51
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://c2.self-service.vip.shujaat.me/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 14 Apr 2024 01:59:10 GMT
x-amz-meta-sha1sum
db76514c4942184db3baedf6ac119ff9538368fc
content-encoding
gzip
strict-transport-security
max-age=315360000; includeSubDomains
via
1.1 19dbc4cbbe0be3dca8e57283a83b57c6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P4
age
105023
x-cache
Hit from cloudfront
last-modified
Tue, 07 Feb 2023 19:04:34 GMT
server
nginx
etag
W/"c1227d73b70be13e51aae80fe238b0ae"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
53BeK5NZjRD780Bieve7GBkWd34uAl7Bkk4JQfXl9dAFL58qUirG0w==
expires
Mon, 14 Apr 2025 01:59:10 GMT
style-sheet
t-mobile.okta.com/api/internal/brand/theme/ 		0
0
initLoginPage.pack.e3c1ead3b55da6c854c20649a1e437c8.js
ok5static.oktacdn.com/assets/js/mvc/loginpage/ 		205 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ok5static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.e3c1ead3b55da6c854c20649a1e437c8.js
Requested by
Host: c2.self-service.vip.shujaat.me
URL: https://c2.self-service.vip.shujaat.me/login/?redirect_uri=https://www.t-mobile.com/signin&scope=TMO_ID_profile%20associated_lines%20billing_information%20associated_billing_accounts%20extended_lines%20token%20openid%20vault&client_id=MYTMO&access_type=ONLINE&response_type=code&approval_prompt=auto&prompt=select_account&state=eyJpbnRlbnQiOiJMb2dpbiIsImJvb2ttYXJrVXJsIjoiaHR0cHM6Ly9teS50LW1vYmlsZS5jb20ifQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-35.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
f5d6a6e7d3648b0830cf9de5ef59d2167e2536885e4174b6ff8af73f6dd80978
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://c2.self-service.vip.shujaat.me/
Origin
https://c2.self-service.vip.shujaat.me
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 14 Apr 2024 01:59:10 GMT
x-amz-meta-sha1sum
8d9f54b48d8e525e03f87987c5b3b3de22f15b92
content-encoding
gzip
strict-transport-security
max-age=315360000; includeSubDomains
via
1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P4
age
105023
x-cache
Hit from cloudfront
last-modified
Tue, 07 Feb 2023 19:05:47 GMT
server
nginx
etag
W/"e3c1ead3b55da6c854c20649a1e437c8"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
PQ0q4WWGfxmUW_j2nT_9KRikrrE_tN8vqq3bpUubEHdEQr-Mel-h_Q==
expires
Mon, 14 Apr 2025 01:59:10 GMT
fs08dibx65I2cAW47297
ok5static.oktacdn.com/fs/bco/1/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ok5static.oktacdn.com/fs/bco/1/fs08dibx65I2cAW47297
Requested by
Host: c2.self-service.vip.shujaat.me
URL: https://c2.self-service.vip.shujaat.me/login/?redirect_uri=https://www.t-mobile.com/signin&scope=TMO_ID_profile%20associated_lines%20billing_information%20associated_billing_accounts%20extended_lines%20token%20openid%20vault&client_id=MYTMO&access_type=ONLINE&response_type=code&approval_prompt=auto&prompt=select_account&state=eyJpbnRlbnQiOiJMb2dpbiIsImJvb2ttYXJrVXJsIjoiaHR0cHM6Ly9teS50LW1vYmlsZS5jb20ifQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-35.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
323832cd46da88a59e1dd959855a45d13ddad09e34380f2276e6cb6299d29975
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://c2.self-service.vip.shujaat.me/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=315360000; includeSubDomains
date
Tue, 02 Apr 2024 04:04:40 GMT
via
1.1 19dbc4cbbe0be3dca8e57283a83b57c6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P4
age
1134293
x-cache
Hit from cloudfront
content-length
5712
last-modified
Fri, 21 May 2021 01:29:55 GMT
server
nginx
etag
"bbdf23f20b5051b10a72d81eccfa36de"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges
bytes
x-amz-cf-id
6ogfr9JR9Sl060HE6zvxXWjqt8Dwsp3fX2EZ88rai_W_W1FOy2gjMA==
expires
Wed, 02 Apr 2025 04:04:40 GMT
iframe.html
login.okta.com/discovery/ Frame CFB0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://login.okta.com/discovery/iframe.html
Requested by
Host: c2.self-service.vip.shujaat.me
URL: https://c2.self-service.vip.shujaat.me/login/?redirect_uri=https://www.t-mobile.com/signin&scope=TMO_ID_profile%20associated_lines%20billing_information%20associated_billing_accounts%20extended_lines%20token%20openid%20vault&client_id=MYTMO&access_type=ONLINE&response_type=code&approval_prompt=auto&prompt=select_account&state=eyJpbnRlbnQiOiJMb2dpbiIsImJvb2ttYXJrVXJsIjoiaHR0cHM6Ly9teS50LW1vYmlsZS5jb20ifQ
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-41.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Referer
https://c2.self-service.vip.shujaat.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Age
11546
Connection
keep-alive
Content-Length
451
Content-Type
text/html
Date
Mon, 15 Apr 2024 03:57:09 GMT
ETag
"cb4083f71191b66321c4e0310d0383ab"
Last-Modified
Mon, 25 Mar 2024 16:51:14 GMT
Server
AmazonS3
Strict-Transport-Security
max-age=31536000; includeSubDomains
Via
1.1 ab68583a58d574d6a9e5fca1fb1e6316.cloudfront.net (CloudFront)
X-Amz-Cf-Id
tGHK3FkHpA_TDgVW7rpJEEka159LxIM-WWfyo_8KDezj_hT6yS2rEA==
X-Amz-Cf-Pop
FRA56-P6
X-Cache
Hit from cloudfront
checkbox-sign-in-widget.png
ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.4.0/img/ui/forms/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.4.0/img/ui/forms/checkbox-sign-in-widget.png
Requested by
Host: ok5static.oktacdn.com
URL: https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.4.0/css/okta-sign-in.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-35.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.4.0/css/okta-sign-in.min.css
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 14 Apr 2024 04:43:44 GMT
x-amz-meta-sha1sum
e0bb021ffdf93c68fef44de2a3b08f378b6fb50a
via
1.1 19dbc4cbbe0be3dca8e57283a83b57c6.cloudfront.net (CloudFront)
strict-transport-security
max-age=315360000; includeSubDomains
x-amz-cf-pop
FRA60-P4
age
95150
x-cache
Hit from cloudfront
content-length
3141
last-modified
Tue, 14 Mar 2023 17:37:02 GMT
server
nginx
etag
"7846b2f8c6d0a7ca69fdd3d3c294e92d"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges
bytes
x-amz-cf-id
VrOhNrCj-YhpN8uL_jOYrGgd4H9fBF82FK90wxHLM8kIiQ2FbFMIKA==
expires
Mon, 14 Apr 2025 04:43:44 GMT
montserrat-okta-light-webfont.woff
ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.4.0/font/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.4.0/font/montserrat-okta-light-webfont.woff
Requested by
Host: ok5static.oktacdn.com
URL: https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.4.0/css/okta-sign-in.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-35.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
feb177fb563f478cb8ecade71caea5df5ad318ca161c71875114e504ce304ace
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.4.0/css/okta-sign-in.min.css
Origin
https://c2.self-service.vip.shujaat.me
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 14 Apr 2024 01:59:12 GMT
x-amz-meta-sha1sum
3449db1ccdfe0aeaf89101cc28ecafaecae9fc89
via
1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
strict-transport-security
max-age=315360000; includeSubDomains
x-amz-cf-pop
FRA60-P4
age
105021
x-cache
Hit from cloudfront
content-length
22112
last-modified
Tue, 14 Mar 2023 17:37:01 GMT
server
nginx
etag
"6225f3ca44b83090833064727a09cc95"
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges
bytes
x-amz-cf-id
HNjHPFRHJN-2oS5obwrlpIYERpjoZTOV95f8SVk7vcFXteJYLeh90g==
expires
Mon, 14 Apr 2025 01:59:12 GMT
montserrat-okta-regular-webfont.woff
ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.4.0/font/ 		21 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.4.0/font/montserrat-okta-regular-webfont.woff
Requested by
Host: ok5static.oktacdn.com
URL: https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.4.0/css/okta-sign-in.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-35.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
1d5325892ecf2dc3abd0caf2a1ef4eabf2477e2937c9a372760fd2acae8fddf3
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.4.0/css/okta-sign-in.min.css
Origin
https://c2.self-service.vip.shujaat.me
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 14 Apr 2024 01:59:12 GMT
x-amz-meta-sha1sum
b838e30072520735c49eda52cb2d3a0f4b30f0f2
via
1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
strict-transport-security
max-age=315360000; includeSubDomains
x-amz-cf-pop
FRA60-P4
age
105022
x-cache
Hit from cloudfront
content-length
21980
last-modified
Tue, 14 Mar 2023 17:37:01 GMT
server
nginx
etag
"8f2822b73b5f9c106c6f2e0db820bcbb"
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges
bytes
x-amz-cf-id
fp2w38N7dlBF7KPjT2_nSdMT18FR9y0AmMwspw4ln2OG57khr-qrNw==
expires
Mon, 14 Apr 2025 01:59:12 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
t-mobile.okta.com
URL
https://t-mobile.okta.com/api/internal/brand/theme/style-sheet?touch-point=SIGN_IN_PAGE&v=abc4780733b2999dc5536ea4bf18a7237d32beafe91e2f7611b8af3ecb8ae0d0dfb208992a3b1ecefd0c0f9333f4b59d

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telekom (Telecommunication)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| cspNonce object| regeneratorRuntime function| jQueryCourage object| u2f function| OktaSignIn object| okta object| OktaLogin object| jQBrowser function| runLoginPage object| checkbox object| checkboxContainer object| checkboxLabel object| inputField object| inputContainer object| nextButton object| formContent object| oformerrorcontainer

0 Cookies