dlmateucpttbrm.vercel.app Open in urlscan Pro
76.76.21.164  Malicious Activity! Public Scan

URL: https://dlmateucpttbrm.vercel.app/
Submission: On November 15 via api from US — Scanned from CA

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 12 HTTP transactions. The main IP is 76.76.21.164, located in Walnut, United States and belongs to AMAZON-02, US. The main domain is dlmateucpttbrm.vercel.app.
TLS certificate: Issued by R11 on October 17th 2024. Valid for: 3 months.
This is the only time dlmateucpttbrm.vercel.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telekom (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
10 76.76.21.164 16509 (AMAZON-02)
1 2003:2:2:140:... 3320 (DTAG Deut...)
1 2600:9000:21d... 16509 (AMAZON-02)
12 3
Apex Domain
Subdomains
Transfer
10 vercel.app
dlmateucpttbrm.vercel.app
164 KB
1 t-online.de
www.t-online.de — Cisco Umbrella Rank: 46881
7 KB
1 telekom.com
accounts.login.idm.telekom.com — Cisco Umbrella Rank: 111697
5 KB
12 3
Domain Requested by
10 dlmateucpttbrm.vercel.app dlmateucpttbrm.vercel.app
1 www.t-online.de dlmateucpttbrm.vercel.app
1 accounts.login.idm.telekom.com dlmateucpttbrm.vercel.app
12 3

This site contains no links.

Subject Issuer Validity Valid
*.vercel.app
R11
2024-10-17 -
2025-01-15
3 months crt.sh
accounts.login.idm.telekom.com
Telekom Security ServerID EV Class 3 CA
2024-07-12 -
2025-07-16
a year crt.sh
www.t-online.de
Amazon ECDSA 256 M03
2024-06-09 -
2025-07-08
a year crt.sh

This page contains 1 frames:

Primary Page: https://dlmateucpttbrm.vercel.app/
Frame ID: 53734DFCFE526B30B684779513AB3B2B
Requests: 12 HTTP requests in this frame

Screenshot

Page Title

Telekom Login

Page Statistics

12
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

175 kB
Transfer

418 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
dlmateucpttbrm.vercel.app/
9 KB
3 KB
Document
General
Full URL
https://dlmateucpttbrm.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.164 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
ad271f028dd6d573797b5c5a4c54ab24d4b8dcd63deb1a12889c4c71c98520c2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
age
125230
cache-control
public, max-age=0, must-revalidate
content-disposition
inline
content-encoding
br
content-type
text/html; charset=utf-8
date
Fri, 15 Nov 2024 20:53:56 GMT
etag
W/"43dba777942339e3e6c3a43e8cb81802"
last-modified
Thu, 14 Nov 2024 10:06:45 GMT
server
Vercel
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-vercel-cache
HIT
x-vercel-id
cle1::gb8nw-1731704036030-a8403bc7a943
a34f9d1faa5f3315-s.p.woff2
dlmateucpttbrm.vercel.app/_next/static/media/
47 KB
48 KB
Font
General
Full URL
https://dlmateucpttbrm.vercel.app/_next/static/media/a34f9d1faa5f3315-s.p.woff2
Requested by
Host: dlmateucpttbrm.vercel.app
URL: https://dlmateucpttbrm.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.164 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
c88db2401bef7e1203e0933cc5525a0f81863bfd076756db12acea5596f089ec
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://dlmateucpttbrm.vercel.app
Referer
https://dlmateucpttbrm.vercel.app/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
public, max-age=0, must-revalidate
x-vercel-cache
HIT
etag
"d4fe31e6a2aebc06b8d6e558c9141119"
age
964
accept-ranges
bytes
access-control-allow-origin
*
content-length
48556
date
Fri, 15 Nov 2024 20:53:56 GMT
content-disposition
inline; filename="a34f9d1faa5f3315-s.p.woff2"
content-type
font/woff2
server
Vercel
last-modified
Fri, 15 Nov 2024 20:37:51 GMT
x-vercel-id
cle1::mfvkf-1731704036246-11a3a7ebd260
dc61285ca3ece4cb.css
dlmateucpttbrm.vercel.app/_next/static/css/
11 KB
3 KB
Stylesheet
General
Full URL
https://dlmateucpttbrm.vercel.app/_next/static/css/dc61285ca3ece4cb.css
Requested by
Host: dlmateucpttbrm.vercel.app
URL: https://dlmateucpttbrm.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.164 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
1dd8986cd26bffc780fe9b21eeaebcc7f37a6e0993295d3edb7759822217a94c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dlmateucpttbrm.vercel.app/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
public, max-age=0, must-revalidate
content-encoding
br
x-vercel-cache
HIT
etag
W/"dc32051d53ddb3d5dce73448a8c6d2d3"
age
125230
access-control-allow-origin
*
date
Fri, 15 Nov 2024 20:53:56 GMT
content-disposition
inline; filename="dc61285ca3ece4cb.css"
content-type
text/css; charset=utf-8
server
Vercel
last-modified
Thu, 14 Nov 2024 10:06:46 GMT
x-vercel-id
cle1::mfvkf-1731704036278-5344a4ae7806
telekom-logo-claim.svg
accounts.login.idm.telekom.com/static/factorx/images/
5 KB
5 KB
Image
General
Full URL
https://accounts.login.idm.telekom.com/static/factorx/images/telekom-logo-claim.svg
Requested by
Host: dlmateucpttbrm.vercel.app
URL: https://dlmateucpttbrm.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Deutsche Telekom AG, DE),
Reverse DNS
Software
Apache /
Resource Hash
5c39703ca6b9a762a5ed4308ed1722b8361742c4d8a4869ced5c8d6140403f95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dlmateucpttbrm.vercel.app/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public
expires
Fri, 15 Nov 2024 21:53:59 GMT
accept-ranges
bytes
sh
62334c584583da8666d3dfbba4a10381
content-length
5001
p3p
CP="NOI CURa TAIa OUR NOR UNI"
date
Fri, 15 Nov 2024 20:53:59 GMT
last-modified
Wed, 18 Jan 2023 06:23:51 GMT
content-type
image/svg+xml
server
Apache
t-online-logo-29112019.png
www.t-online.de/auth/
6 KB
7 KB
Image
General
Full URL
https://www.t-online.de/auth/t-online-logo-29112019.png
Requested by
Host: dlmateucpttbrm.vercel.app
URL: https://dlmateucpttbrm.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21da:ee00:f:f903:2f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
envoy /
Resource Hash
11eed36ec8f3c28fd90958d9881d080cf237ab18d6792dd22785e729f06795ba
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.t-online.de;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dlmateucpttbrm.vercel.app/

Response headers

x-request-id
dd5ce542-4c81-9a4f-8686-a23937a9cda2
etag
"0596f294efc4d2edc959324fdbf2b1539"
age
513
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
ir57Ix1yQW_szJsuyAwysjlmCzAvZxCiZ7NN8JAC8x9RFXtVI4YYkA==
date
Fri, 15 Nov 2024 20:45:23 GMT
content-type
image/png
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self' https://*.t-online.de;
cache-control
max-age=86400, public
x-envoy-upstream-service-time
3
server-timing
cdn-cache-hit,cdn-pop;desc="EWR53-C1",cdn-rid;desc="ir57Ix1yQW_szJsuyAwysjlmCzAvZxCiZ7NN8JAC8x9RFXtVI4YYkA==",cdn-hit-layer;desc="REC",cdn-downstream-fbl;dur=10
x-amzn-trace-id
Root=1-6737b2e3-4ac03ec40f85147c756f7c3c
referrer-policy
strict-origin-when-cross-origin
via
1.1 e5accc89e6f6f7fa6c73134d02aeb428.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
5851
x-xss-protection
1; mode=block
x-amz-cf-pop
EWR53-C1
server
envoy
webpack-fc1dedd270461839.js
dlmateucpttbrm.vercel.app/_next/static/chunks/
4 KB
2 KB
Script
General
Full URL
https://dlmateucpttbrm.vercel.app/_next/static/chunks/webpack-fc1dedd270461839.js
Requested by
Host: dlmateucpttbrm.vercel.app
URL: https://dlmateucpttbrm.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.164 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
fcdc88200778c8665644c3f4221994b8243defd7fd2aa2866ed3b334616c5511
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dlmateucpttbrm.vercel.app/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
public, max-age=0, must-revalidate
content-encoding
br
x-vercel-cache
HIT
etag
W/"7efe23d4ae40e6d531dd9ebc5b1e5dbb"
age
125229
access-control-allow-origin
*
date
Fri, 15 Nov 2024 20:53:56 GMT
content-disposition
inline; filename="webpack-fc1dedd270461839.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Thu, 14 Nov 2024 10:06:46 GMT
x-vercel-id
cle1::cwnpz-1731704036278-20430cd11ed5
2443530c-cb7d297fea6f8363.js
dlmateucpttbrm.vercel.app/_next/static/chunks/
157 KB
51 KB
Script
General
Full URL
https://dlmateucpttbrm.vercel.app/_next/static/chunks/2443530c-cb7d297fea6f8363.js
Requested by
Host: dlmateucpttbrm.vercel.app
URL: https://dlmateucpttbrm.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.164 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
bde37bd430d215e28fb644fc25c3545e22ae51646b52a961a4aaf32e79089b42
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dlmateucpttbrm.vercel.app/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
public, max-age=0, must-revalidate
content-encoding
br
x-vercel-cache
HIT
etag
W/"b2541f0a5ea893aef9c8b6be2e2af1b9"
age
964
access-control-allow-origin
*
date
Fri, 15 Nov 2024 20:53:56 GMT
content-disposition
inline; filename="2443530c-cb7d297fea6f8363.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Fri, 15 Nov 2024 20:37:51 GMT
x-vercel-id
cle1::gb8nw-1731704036283-9b918336601f
139-7e70f1d0c57bd3f9.js
dlmateucpttbrm.vercel.app/_next/static/chunks/
95 KB
25 KB
Script
General
Full URL
https://dlmateucpttbrm.vercel.app/_next/static/chunks/139-7e70f1d0c57bd3f9.js
Requested by
Host: dlmateucpttbrm.vercel.app
URL: https://dlmateucpttbrm.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.164 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
91a4b8a35a9fc435e23e037633ef04f9839faf1ebc1acb274fa027c4e0e229fb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dlmateucpttbrm.vercel.app/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
public, max-age=0, must-revalidate
content-encoding
br
x-vercel-cache
HIT
etag
W/"cfad656fc5d01783d51c6246ddbda5e4"
age
964
access-control-allow-origin
*
date
Fri, 15 Nov 2024 20:53:56 GMT
content-disposition
inline; filename="139-7e70f1d0c57bd3f9.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Fri, 15 Nov 2024 20:37:51 GMT
x-vercel-id
cle1::w25m5-1731704036278-1ffc0a9de31f
main-app-4245747c8497dbf9.js
dlmateucpttbrm.vercel.app/_next/static/chunks/
417 B
579 B
Script
General
Full URL
https://dlmateucpttbrm.vercel.app/_next/static/chunks/main-app-4245747c8497dbf9.js
Requested by
Host: dlmateucpttbrm.vercel.app
URL: https://dlmateucpttbrm.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.164 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
e044e069a1a292d105ce7bc31619b26d930f6a1d111871468eb4be520f190238
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dlmateucpttbrm.vercel.app/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
public, max-age=0, must-revalidate
x-vercel-cache
HIT
etag
"7b09e746115079132dab765691bf4227"
age
125229
accept-ranges
bytes
access-control-allow-origin
*
content-length
417
date
Fri, 15 Nov 2024 20:53:56 GMT
content-disposition
inline; filename="main-app-4245747c8497dbf9.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Thu, 14 Nov 2024 10:06:47 GMT
x-vercel-id
cle1::gb8nw-1731704036370-db74e144df98
348-70cd963cc9bd95d6.js
dlmateucpttbrm.vercel.app/_next/static/chunks/
51 KB
19 KB
Script
General
Full URL
https://dlmateucpttbrm.vercel.app/_next/static/chunks/348-70cd963cc9bd95d6.js
Requested by
Host: dlmateucpttbrm.vercel.app
URL: https://dlmateucpttbrm.vercel.app/_next/static/chunks/webpack-fc1dedd270461839.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.164 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
de7e66e60353cae95be10a48f3e844e359cd4a5e7be2188a0daf89d4202336a6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dlmateucpttbrm.vercel.app/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
public, max-age=0, must-revalidate
content-encoding
br
x-vercel-cache
HIT
etag
W/"2a717e7da6514e864e361f071f52a718"
age
125229
access-control-allow-origin
*
date
Fri, 15 Nov 2024 20:53:56 GMT
content-disposition
inline; filename="348-70cd963cc9bd95d6.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Thu, 14 Nov 2024 10:06:47 GMT
x-vercel-id
cle1::w25m5-1731704036753-e40e8fd8e0da
page-c756ab60b3ffe654.js
dlmateucpttbrm.vercel.app/_next/static/chunks/app/
7 KB
3 KB
Script
General
Full URL
https://dlmateucpttbrm.vercel.app/_next/static/chunks/app/page-c756ab60b3ffe654.js
Requested by
Host: dlmateucpttbrm.vercel.app
URL: https://dlmateucpttbrm.vercel.app/_next/static/chunks/webpack-fc1dedd270461839.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.164 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
5c6019c794dce8ebb5ceae86f4dae22fb1d5b69f4ea05375016505d05129d73b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dlmateucpttbrm.vercel.app/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
public, max-age=0, must-revalidate
content-encoding
br
x-vercel-cache
HIT
etag
W/"c7a8d1e43654a53efe017b8886034587"
age
965
access-control-allow-origin
*
date
Fri, 15 Nov 2024 20:53:56 GMT
content-disposition
inline; filename="page-c756ab60b3ffe654.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Fri, 15 Nov 2024 20:37:51 GMT
x-vercel-id
cle1::q2t7n-1731704036777-6ccdc5d49407
favicon.ico
dlmateucpttbrm.vercel.app/
25 KB
9 KB
Other
General
Full URL
https://dlmateucpttbrm.vercel.app/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.164 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
2b8ad2d33455a8f736fc3a8ebf8f0bdea8848ad4c0db48a2833bd0f9cd775932
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dlmateucpttbrm.vercel.app/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
public, max-age=0, must-revalidate
content-encoding
br
x-vercel-cache
HIT
etag
W/"c30c7d42707a47a3f4591831641e50dc"
age
382
access-control-allow-origin
*
date
Fri, 15 Nov 2024 20:54:00 GMT
content-disposition
inline; filename="favicon.ico"
content-type
image/vnd.microsoft.icon
server
Vercel
last-modified
Fri, 15 Nov 2024 20:47:37 GMT
x-vercel-id
cle1::7f9cn-1731704040032-480d69f43a15

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telekom (Telecommunication)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| __next_f object| webpackChunk_N_E object| _N_E object| next function| __next_require__ function| __next_chunk_load__ object| nd

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload