akwaabait.com Open in urlscan Pro
69.65.3.197 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://akwaabait.com/js/Telekom-Login.htm
Submission: On December 15 via api (December 15th 2019, 1:25:59 am UTC) from GB

Summary HTTP 11 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 69.65.3.197, located in Arlington Heights, United States and belongs to ASN-GIGENET - GigeNET, US. The main domain is akwaabait.com.

This is the only time akwaabait.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telekom (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
7	69.65.3.197 69.65.3.197	32181 (ASN-GIGENET) (ASN-GIGENET - GigeNET)
1 1	2003:2:2:140:... 2003:2:2:140:62:157:140:200	3320 (DTAG Inte...) (DTAG Internet service provider operations)
1 1	2a02:cbf7::62... 2a02:cbf7::62:138:238:40	61157 (PLUSSERVE...) (PLUSSERVER-ASN1)
1 2	62.138.238.100 62.138.238.100	61157 (PLUSSERVE...) (PLUSSERVER-ASN1)
11	3

7 69.65.3.197 (Arlington Heights, United States)

ASN32181 (ASN-GIGENET - GigeNET, US)
PTR: server407.webhostingpad.com

akwaabait.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2003:2:2:140:62:157:140:200 (Germany) 1 redirects

ASN3320 (DTAG Internet service provider operations, DE)

accounts.login.idm.telekom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:cbf7::62:138:238:40 (Germany) 1 redirects

ASN61157 (PLUSSERVER-ASN1, DE)

tipi.api.t-online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 62.138.238.100 (Germany) 1 redirects

ASN61157 (PLUSSERVER-ASN1, DE)
PTR: www.t-online.de

www.t-online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	akwaabait.com akwaabait.com	75 KB
3	t-online.de 2 redirects tipi.api.t-online.de www.t-online.de	558 B
1	telekom.com 1 redirects accounts.login.idm.telekom.com	674 B
11	3

	Domain	Requested by
7	akwaabait.com	akwaabait.com
2	www.t-online.de	1 redirects akwaabait.com
1	tipi.api.t-online.de	1 redirects
1	accounts.login.idm.telekom.com	1 redirects
11	4

This site contains links to these domains. Also see Links.

Domain
meinkonto.telekom-dienste.de
accounts.login.idm.telekom.com

Subject Issuer	Validity	Valid
www.t-online.de DigiCert SHA2 Secure Server CA	`2019-03-23` - `2021-03-23`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://akwaabait.com/js/Telekom-Login.htm
Frame ID: 96F7843E0B10A078378443291CBEC277
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /require.*\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

11
Requests

9 %
HTTPS

50 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

75 kB
Transfer

434 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://meinkonto.telekom-dienste.de/wiederherstellung/passwort/index.xhtml
Title: Passwort vergessen?

Search URL Search Domain Scan URL

URL: https://accounts.login.idm.telekom.com/idmip?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.return_to=https%3A%2F%2Ftipi.api.t-online.de%2Fsrp-auth%2FoneIdm%2Fverify%3FreturnToUrl%3Dhttp%3A%2F%2Fwww.t-online.de%2F-%2Fid_62530878%2Ftid_tsr-landingpage-popup%2Findex&openid.realm=https%3A%2F%2Ftipi.api.t-online.de&openid.assoc_handle=S9463eeef-60a2-400c-b991-772b8a741de8&openid.mode=checkid_setup&openid.ns.ext1=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ext1.mode=fetch_request&openid.ext1.type.attr1=urn%3Atelekom.com%3Aall&openid.ext1.required=attr1&openid.ns.ext2=http%3A%2F%2Fidm.telekom.com%2Fopenid%2Foauth2%2F1.0&openid.ext2.client_id=10LIVESAM30000004901PORTAL00000000000000&openid.ext2.scopes=W3sic2NvcGUiOiJzcGljYSJ9XQ%3D%3D&openid.ns.ext3=http%3A%2F%2Fidm.telekom.com%2Fopenid%2Fext%2F2.0&openid.ext3.logout_endpoint=https%3A%2F%2Ftipi.api.t-online.de%2Fsrp-auth%2FoneIdm%2Flogout&openid.ns.ext4=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fui%2F1.0&openid.ext4.mode=popup
Title: Jetzt registrieren

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://accounts.login.idm.telekom.com/idmip?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.return_to=https%3A%2F%2Ftipi.api.t-online.de%2Fsrp-auth%2FoneIdm%2Fverify%3FreturnToUrl%3Dhttp%3A%2F%2Fwww.t-online.de%2F-%2Fid_62530878%2Ftid_tsr-landingpage-popup%2Findex&openid.realm=https%3A%2F%2Ftipi.api.t-online.de&openid.assoc_handle=S9463eeef-60a2-400c-b991-772b8a741de8&openid.mode=checkid_setup&openid.ns.ext1=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ext1.mode=fetch_request&openid.ext1.type.attr1=urn%3Atelekom.com%3Aall&openid.ext1.required=attr1&openid.ns.ext2=http%3A%2F%2Fidm.telekom.com%2Fopenid%2Foauth2%2F1.0&openid.ext2.client_id=10LIVESAM30000004901PORTAL00000000000000&openid.ext2.scopes=W3sic2NvcGUiOiJzcGljYSJ9XQ%3D%3D&openid.ns.ext3=http%3A%2F%2Fidm.telekom.com%2Fopenid%2Fext%2F2.0&openid.ext3.logout_endpoint=https%3A%2F%2Ftipi.api.t-online.de%2Fsrp-auth%2FoneIdm%2Flogout&openid.ns.ext4=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fui%2F1.0&openid.ext4.mode=popup HTTP 302
https://tipi.api.t-online.de/srp-auth/oneIdm/verify?returnToUrl=http://www.t-online.de/-/id_62530878/tid_tsr-landingpage-popup/index&openid.mode=error&openid.error=OpenID+realm+not+allowed.&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.error_code=unknown-realm HTTP 302
http://www.t-online.de/-/id_62530878/tid_tsr-landingpage-popup/index HTTP 301
https://www.t-online.de/-/id_62530878/tid_tsr-landingpage-popup/index

Request Chain 7

http://akwaabait.com/js/images/sprites/icons_16x16.png HTTP 302
http://akwaabait.com/js/images/sprites/front.php HTTP 302
http://akwaabait.com/js/images/sprites/front.php HTTP 302
http://akwaabait.com/js/images/sprites/front.php HTTP 302
http://akwaabait.com/js/images/sprites/front.php HTTP 302
http://akwaabait.com/js/images/sprites/front.php HTTP 302
http://akwaabait.com/js/images/sprites/front.php HTTP 302
http://akwaabait.com/js/images/sprites/front.php HTTP 302
http://akwaabait.com/js/images/sprites/front.php HTTP 302
http://akwaabait.com/js/images/sprites/front.php HTTP 302
http://akwaabait.com/js/images/sprites/front.php HTTP 302
http://akwaabait.com/js/images/sprites/front.php HTTP 302
http://akwaabait.com/js/images/sprites/front.php HTTP 302
http://akwaabait.com/js/images/sprites/front.php HTTP 302
http://akwaabait.com/js/images/sprites/front.php HTTP 302
http://akwaabait.com/js/images/sprites/front.php HTTP 302
http://akwaabait.com/js/images/sprites/front.php

Request Chain 8

http://akwaabait.com/js/fonts/TeleGroteskNormal.woff HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php HTTP 302
http://akwaabait.com/js/fonts/front.php

Request Chain 9

http://akwaabait.com/js/images/logo_short_50x25.png HTTP 302
http://akwaabait.com/js/images/front.php HTTP 302
http://akwaabait.com/js/images/front.php HTTP 302
http://akwaabait.com/js/images/front.php HTTP 302
http://akwaabait.com/js/images/front.php HTTP 302
http://akwaabait.com/js/images/front.php HTTP 302
http://akwaabait.com/js/images/front.php HTTP 302
http://akwaabait.com/js/images/front.php HTTP 302
http://akwaabait.com/js/images/front.php HTTP 302
http://akwaabait.com/js/images/front.php HTTP 302
http://akwaabait.com/js/images/front.php HTTP 302
http://akwaabait.com/js/images/front.php HTTP 302
http://akwaabait.com/js/images/front.php HTTP 302
http://akwaabait.com/js/images/front.php HTTP 302
http://akwaabait.com/js/images/front.php HTTP 302
http://akwaabait.com/js/images/front.php

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Telekom-Login.htm Show response akwaabait.com/js/	14 KB 4 KB	377ms 242ms	Document text/html	69.65.3.197 GigeNET
General Check archive.org Show headers Download Go to Full URL http://akwaabait.com/js/Telekom-Login.htm Protocol HTTP/1.1 Server 69.65.3.197 Arlington Heights, United States, ASN32181 (ASN-GIGENET - GigeNET, US), Reverse DNS server407.webhostingpad.com Software Apache / Resource Hash `d7da32a9755cc6511c3377230a4015796c984a05034ca81e3a03ca9d13c49b1d` Request headers Host akwaabait.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 15 Dec 2019 01:25:22 GMT Server Apache Last-Modified Fri, 16 Nov 2018 22:40:36 GMT Accept-Ranges bytes Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 4286 Connection close Content-Type text/html
GET H/1.1	200 OK	dtag.css akwaabait.com/js/Telekom-Login_files/	306 KB 28 KB	270ms 253ms	Stylesheet text/css	69.65.3.197 GigeNET
General Check archive.org Show headers Download Go to Full URL http://akwaabait.com/js/Telekom-Login_files/dtag.css Requested by Host: akwaabait.com URL: http://akwaabait.com/js/Telekom-Login.htm Protocol HTTP/1.1 Server 69.65.3.197 Arlington Heights, United States, ASN32181 (ASN-GIGENET - GigeNET, US), Reverse DNS server407.webhostingpad.com Software Apache / Resource Hash `09d509e53f80e5fbd039cffaa28e5c6d506ae95fea2a032f967ccf050c0c910a` Request headers Referer http://akwaabait.com/js/Telekom-Login.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 15 Dec 2019 01:25:23 GMT Content-Encoding gzip Last-Modified Fri, 16 Nov 2018 22:34:36 GMT Server Apache Vary Accept-Encoding,User-Agent Content-Type text/css Connection close Accept-Ranges bytes Content-Length 28753
GET H/1.1	200 OK	web.min.css akwaabait.com/js/Telekom-Login_files/	6 KB 2 KB	258ms 241ms	Stylesheet text/css	69.65.3.197 GigeNET
General Check archive.org Show headers Download Go to Full URL http://akwaabait.com/js/Telekom-Login_files/web.min.css Requested by Host: akwaabait.com URL: http://akwaabait.com/js/Telekom-Login.htm Protocol HTTP/1.1 Server 69.65.3.197 Arlington Heights, United States, ASN32181 (ASN-GIGENET - GigeNET, US), Reverse DNS server407.webhostingpad.com Software Apache / Resource Hash `1e9b8dff87cfa82666141f733968f3f04130f8308b423fda13a160c76eee0d95` Request headers Referer http://akwaabait.com/js/Telekom-Login.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 15 Dec 2019 01:25:23 GMT Content-Encoding gzip Last-Modified Fri, 16 Nov 2018 22:34:34 GMT Server Apache Vary Accept-Encoding,User-Agent Content-Type text/css Connection close Accept-Ranges bytes Content-Length 1773
GET H/1.1	200 OK	require-jquery.min.js.download Show response akwaabait.com/js/Telekom-Login_files/	105 KB 38 KB	528ms 260ms	Script application/javascript	69.65.3.197 GigeNET
General Check archive.org Show headers Download Go to Full URL http://akwaabait.com/js/Telekom-Login_files/require-jquery.min.js.download Requested by Host: akwaabait.com URL: http://akwaabait.com/js/Telekom-Login.htm Protocol HTTP/1.1 Server 69.65.3.197 Arlington Heights, United States, ASN32181 (ASN-GIGENET - GigeNET, US), Reverse DNS server407.webhostingpad.com Software Apache / Resource Hash `2f7e6b7468366efc884e59791d8f155894a2345f6cb7b4428805a27b1ed072ea` Request headers Referer http://akwaabait.com/js/Telekom-Login.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 15 Dec 2019 01:25:23 GMT Content-Encoding gzip Last-Modified Fri, 16 Nov 2018 22:35:14 GMT Server Apache Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection close Accept-Ranges bytes Content-Length 38715
GET H/1.1	200 OK	login-information-bubble.min.js.download Show response akwaabait.com/js/Telekom-Login_files/	1 KB 773 B	593ms 240ms	Script application/javascript	69.65.3.197 GigeNET
General Check archive.org Show headers Download Go to Full URL http://akwaabait.com/js/Telekom-Login_files/login-information-bubble.min.js.download Requested by Host: akwaabait.com URL: http://akwaabait.com/js/Telekom-Login.htm Protocol HTTP/1.1 Server 69.65.3.197 Arlington Heights, United States, ASN32181 (ASN-GIGENET - GigeNET, US), Reverse DNS server407.webhostingpad.com Software Apache / Resource Hash `e6ec6456b73e851bc7dca0ea35513f36da9be07c92e4aac61485bf7ef674dc84` Request headers Referer http://akwaabait.com/js/Telekom-Login.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 15 Dec 2019 01:25:23 GMT Content-Encoding gzip Last-Modified Fri, 16 Nov 2018 22:36:18 GMT Server Apache Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection close Accept-Ranges bytes Content-Length 497
GET H/1.1	200 OK	import-event-0746 akwaabait.com/js/Telekom-Login_files/	0 283 B	1114ms 257ms	Image text/plain	69.65.3.197 GigeNET
General Check archive.org Show headers Download Go to Show image Full URL http://akwaabait.com/js/Telekom-Login_files/import-event-0746 Requested by Host: akwaabait.com URL: http://akwaabait.com/js/Telekom-Login.htm Protocol HTTP/1.1 Server 69.65.3.197 Arlington Heights, United States, ASN32181 (ASN-GIGENET - GigeNET, US), Reverse DNS server407.webhostingpad.com Software Apache / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://akwaabait.com/js/Telekom-Login.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 15 Dec 2019 01:25:24 GMT Content-Encoding gzip Last-Modified Fri, 16 Nov 2018 22:36:00 GMT Server Apache Vary Accept-Encoding,User-Agent Content-Type text/plain Connection close Accept-Ranges bytes Content-Length 20
GET H/1.1	200 OK	index www.t-online.de/-/id_62530878/tid_tsr-landingpage-popup/ Redirect Chain https://accounts.login.idm.telekom.com/idmip?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=ht... https://tipi.api.t-online.de/srp-auth/oneIdm/verify?returnToUrl=http://www.t-online.de/-/id_62530878/tid_tsr-landingpage-popup/index&openid.mode=error&openid.error=OpenID+realm+not+allowed.&openid.... http://www.t-online.de/-/id_62530878/tid_tsr-landingpage-popup/index https://www.t-online.de/-/id_62530878/tid_tsr-landingpage-popup/index	0 0	114ms 28ms	Image text/html	62.138.238.100 PLUSSERVER-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www.t-online.de/-/id_62530878/tid_tsr-landingpage-popup/index Requested by Host: akwaabait.com URL: http://akwaabait.com/js/Telekom-Login.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 62.138.238.100 , Germany, ASN61157 (PLUSSERVER-ASN1, DE), Reverse DNS www.t-online.de Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://akwaabait.com/js/Telekom-Login.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Redirect headers Location https://www.t-online.de/-/id_62530878/tid_tsr-landingpage-popup/index Cache-Control private, max-age=3600 Connection Keep-Alive Content-Length 0
GET H/1.1	200 OK	login.min.js.download Show response akwaabait.com/js/Telekom-Login_files/	1 KB 857 B	765ms 238ms	Script application/javascript	69.65.3.197 GigeNET
General Check archive.org Show headers Download Go to Full URL http://akwaabait.com/js/Telekom-Login_files/login.min.js.download Requested by Host: akwaabait.com URL: http://akwaabait.com/js/Telekom-Login.htm Protocol HTTP/1.1 Server 69.65.3.197 Arlington Heights, United States, ASN32181 (ASN-GIGENET - GigeNET, US), Reverse DNS server407.webhostingpad.com Software Apache / Resource Hash `cfdf1c50f8bfcbeca67bed8a074bf099493011ae84b5d0ef1adfc1fb1609563d` Request headers Referer http://akwaabait.com/js/Telekom-Login.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 15 Dec 2019 01:25:24 GMT Content-Encoding gzip Last-Modified Fri, 16 Nov 2018 22:37:12 GMT Server Apache Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection close Accept-Ranges bytes Content-Length 581
GET		front.php akwaabait.com/js/images/sprites/ Redirect Chain http://akwaabait.com/js/images/sprites/icons_16x16.png http://akwaabait.com/js/images/sprites/front.php http://akwaabait.com/js/images/sprites/front.php http://akwaabait.com/js/images/sprites/front.php http://akwaabait.com/js/images/sprites/front.php http://akwaabait.com/js/images/sprites/front.php http://akwaabait.com/js/images/sprites/front.php http://akwaabait.com/js/images/sprites/front.php http://akwaabait.com/js/images/sprites/front.php http://akwaabait.com/js/images/sprites/front.php http://akwaabait.com/js/images/sprites/front.php http://akwaabait.com/js/images/sprites/front.php http://akwaabait.com/js/images/sprites/front.php http://akwaabait.com/js/images/sprites/front.php http://akwaabait.com/js/images/sprites/front.php http://akwaabait.com/js/images/sprites/front.php http://akwaabait.com/js/images/sprites/front.php	0 0

GET		front.php akwaabait.com/js/fonts/ Redirect Chain http://akwaabait.com/js/fonts/TeleGroteskNormal.woff http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php http://akwaabait.com/js/fonts/front.php	0 0

GET		front.php akwaabait.com/js/images/ Redirect Chain http://akwaabait.com/js/images/logo_short_50x25.png http://akwaabait.com/js/images/front.php http://akwaabait.com/js/images/front.php http://akwaabait.com/js/images/front.php http://akwaabait.com/js/images/front.php http://akwaabait.com/js/images/front.php http://akwaabait.com/js/images/front.php http://akwaabait.com/js/images/front.php http://akwaabait.com/js/images/front.php http://akwaabait.com/js/images/front.php http://akwaabait.com/js/images/front.php http://akwaabait.com/js/images/front.php http://akwaabait.com/js/images/front.php http://akwaabait.com/js/images/front.php http://akwaabait.com/js/images/front.php http://akwaabait.com/js/images/front.php	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: akwaabait.com
URL: http://akwaabait.com/js/images/sprites/front.php

Domain: akwaabait.com
URL: http://akwaabait.com/js/fonts/front.php

Domain: akwaabait.com
URL: http://akwaabait.com/js/images/front.php

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telekom (Telecommunication)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.login.idm.telekom.com
akwaabait.com
tipi.api.t-online.de
www.t-online.de
akwaabait.com
2003:2:2:140:62:157:140:200
2a02:cbf7::62:138:238:40
62.138.238.100
69.65.3.197
09d509e53f80e5fbd039cffaa28e5c6d506ae95fea2a032f967ccf050c0c910a
1e9b8dff87cfa82666141f733968f3f04130f8308b423fda13a160c76eee0d95
2f7e6b7468366efc884e59791d8f155894a2345f6cb7b4428805a27b1ed072ea
cfdf1c50f8bfcbeca67bed8a074bf099493011ae84b5d0ef1adfc1fb1609563d
d7da32a9755cc6511c3377230a4015796c984a05034ca81e3a03ca9d13c49b1d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6ec6456b73e851bc7dca0ea35513f36da9be07c92e4aac61485bf7ef674dc84

akwaabait.com Open in urlscan Pro 69.65.3.197 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

11 Requests

9 %HTTPS

50 %IPv6

3 Domains

4 Subdomains

3 IPs

2 Countries

75 kBTransfer

434 kBSize

0 Cookies

2 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

23 JavaScript Global Variables

0 Cookies

Indicators

akwaabait.com Open in urlscan Pro
69.65.3.197 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

9 %
HTTPS

50 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

75 kB
Transfer

434 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!