URL: https://airglo.com/telekom/626626452772782/emailcenter/account-upgrade.htm
Submission: On September 12 via automatic, source openphish

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 207.45.189.88, located in Southfield, United States and belongs to ASACENET1 - ACENET, INC., US. The main domain is airglo.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 8th 2018. Valid for: 3 months.
This is the only time airglo.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telekom (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 207.45.189.88 22878 (ASACENET1)
6 2003:2:2:140:... 3320 (DTAG Inte...)
1 2a02:cbf7:1:0... 61157 (PLUSSERVE...)
8 3
Domain Requested by
6 accounts.login.idm.telekom.com airglo.com
1 p.t-online.de airglo.com
1 airglo.com
8 3

This site contains links to these domains. Also see Links.

Domain
meinkonto.telekom-dienste.de
Subject Issuer Validity Valid
phase73.com
Let's Encrypt Authority X3
2018-09-08 -
2018-12-07
3 months crt.sh
accounts.login.idm.telekom.com
TeleSec ServerPass Extended Validation Class 3 CA
2018-03-27 -
2020-04-01
2 years crt.sh
p.t-online.de
DigiCert Global CA G2
2018-07-09 -
2019-08-17
a year crt.sh

This page contains 2 frames:

Primary Page: https://airglo.com/telekom/626626452772782/emailcenter/account-upgrade.htm
Frame ID: D323FF6A7B6A73C37182194050D77E8D
Requests: 7 HTTP requests in this frame

Frame: https://p.t-online.de/email/sam3-login-ivw.html?page=login&mode=web&context=auth&status=first_attempt
Frame ID: AF903A1385A62F46693B769F02199A95
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

8
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

90 kB
Transfer

101 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request account-upgrade.htm
airglo.com/telekom/626626452772782/emailcenter/
9 KB
3 KB
Document
General
Full URL
https://airglo.com/telekom/626626452772782/emailcenter/account-upgrade.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
207.45.189.88 Southfield, United States, ASN22878 (ASACENET1 - ACENET, INC., US),
Reverse DNS
sublime-music.co.uk
Software
Apache /
Resource Hash
460837b602c1a6feedf86c8e25bc756d577f4789447b3311edafa6556c525ef7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Host
airglo.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D323FF6A7B6A73C37182194050D77E8D

Response headers

Date
Wed, 12 Sep 2018 18:53:31 GMT
Server
Apache
Last-Modified
Wed, 12 Sep 2018 03:18:59 GMT
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000
Content-Length
3167
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
web_lazy_font.min.css
accounts.login.idm.telekom.com/static/css/
10 KB
3 KB
Stylesheet
General
Full URL
https://accounts.login.idm.telekom.com/static/css/web_lazy_font.min.css
Requested by
Host: airglo.com
URL: https://airglo.com/telekom/626626452772782/emailcenter/account-upgrade.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
fe4d4c713ab42d26a821d8e526958acdf76d2ae9d4a3dbcb1fe757c0bedda554
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://airglo.com/telekom/626626452772782/emailcenter/account-upgrade.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Wed, 12 Sep 2018 18:53:31 GMT
Content-Encoding
gzip
SH
110d449c84a04f1e83bf5c7134ae0e21
Last-Modified
Tue, 13 Feb 2018 13:49:50 GMT
Server
Apache
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Cache-Control
public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
text/css; charset=utf-8
Keep-Alive
timeout=2, max=1000
Content-Length
2478
Expires
Wed, 19 Sep 2018 18:53:31 GMT
login-information-bubble.min.js
accounts.login.idm.telekom.com/static/jscript/
1 KB
995 B
Script
General
Full URL
https://accounts.login.idm.telekom.com/static/jscript/login-information-bubble.min.js
Requested by
Host: airglo.com
URL: https://airglo.com/telekom/626626452772782/emailcenter/account-upgrade.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
e6ec6456b73e851bc7dca0ea35513f36da9be07c92e4aac61485bf7ef674dc84
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://airglo.com/telekom/626626452772782/emailcenter/account-upgrade.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Wed, 12 Sep 2018 18:53:31 GMT
Content-Encoding
gzip
SH
4c19b305d0f564643c756f778e6033e3
Last-Modified
Fri, 09 Feb 2018 11:07:24 GMT
Server
Apache
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Cache-Control
public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
text/javascript
Keep-Alive
timeout=2, max=1000
Content-Length
497
Expires
Wed, 19 Sep 2018 18:53:31 GMT
icons_16x16.png
accounts.login.idm.telekom.com/static/images/sprites/
431 B
875 B
Image
General
Full URL
https://accounts.login.idm.telekom.com/static/images/sprites/icons_16x16.png
Requested by
Host: airglo.com
URL: https://airglo.com/telekom/626626452772782/emailcenter/account-upgrade.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
c51918b2e8a90ec12f396f1fbda614322033a6897a6812c58233f8ad4d4e1c2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://accounts.login.idm.telekom.com/static/css/web_lazy_font.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Wed, 12 Sep 2018 18:53:31 GMT
SH
4c19b305d0f564643c756f778e6033e3
Last-Modified
Fri, 09 Feb 2018 11:07:25 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Cache-Control
public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=2, max=999
Content-Length
431
Expires
Wed, 19 Sep 2018 18:53:31 GMT
bg-header-web.png
accounts.login.idm.telekom.com/static/css/images/web/
98 B
541 B
Image
General
Full URL
https://accounts.login.idm.telekom.com/static/css/images/web/bg-header-web.png
Requested by
Host: airglo.com
URL: https://airglo.com/telekom/626626452772782/emailcenter/account-upgrade.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
f01cc09c1caa77810d0a5315f5d3f1129713bed386269fd71543a08e151bf2af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://accounts.login.idm.telekom.com/static/css/web_lazy_font.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Wed, 12 Sep 2018 18:53:31 GMT
SH
110d449c84a04f1e83bf5c7134ae0e21
Last-Modified
Tue, 13 Feb 2018 13:49:51 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Cache-Control
public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=2, max=999
Content-Length
98
Expires
Wed, 19 Sep 2018 18:53:31 GMT
logo_short_50x25.png
accounts.login.idm.telekom.com/static/css/images/
310 B
754 B
Image
General
Full URL
https://accounts.login.idm.telekom.com/static/css/images/logo_short_50x25.png
Requested by
Host: airglo.com
URL: https://airglo.com/telekom/626626452772782/emailcenter/account-upgrade.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
5a1e69517c76c1fda68cff8b3b6fb6b7773a4b75932684b72b0a23325b14c5fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://accounts.login.idm.telekom.com/static/css/web_lazy_font.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Wed, 12 Sep 2018 18:53:31 GMT
SH
4c19b305d0f564643c756f778e6033e3
Last-Modified
Fri, 09 Feb 2018 11:07:26 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Cache-Control
public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=2, max=998
Content-Length
310
Expires
Wed, 19 Sep 2018 18:53:31 GMT
TeleGroteskNormal.woff
accounts.login.idm.telekom.com/static/css/fonts/
80 KB
81 KB
Font
General
Full URL
https://accounts.login.idm.telekom.com/static/css/fonts/TeleGroteskNormal.woff
Requested by
Host: airglo.com
URL: https://airglo.com/telekom/626626452772782/emailcenter/account-upgrade.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
Apache /
Resource Hash
419bf2f4f4f833e2dc27e13167c8be728b59fa2a20400df58ff8a32d974eba55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://accounts.login.idm.telekom.com/static/css/web_lazy_font.min.css
Origin
https://airglo.com

Response headers

Date
Wed, 12 Sep 2018 18:53:31 GMT
SH
93af4dd1b134b2f36da439adedb1c728
Last-Modified
Tue, 13 Feb 2018 10:15:32 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin
https://airglo.com
Cache-Control
public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
application/x-font-woff
Keep-Alive
timeout=2, max=1000
Content-Length
82424
Expires
Wed, 19 Sep 2018 18:53:31 GMT
sam3-login-ivw.html
p.t-online.de/email/ Frame AF90
0
0
Document
General
Full URL
https://p.t-online.de/email/sam3-login-ivw.html?page=login&mode=web&context=auth&status=first_attempt
Requested by
Host: airglo.com
URL: https://airglo.com/telekom/626626452772782/emailcenter/account-upgrade.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:cbf7:1:0:62:138:239:59 , Germany, ASN61157 (PLUSSERVER-ASN1, DE),
Reverse DNS
Software
Apache/2.4.18 (Ubuntu) /
Resource Hash

Request headers

Host
p.t-online.de
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://airglo.com/telekom/626626452772782/emailcenter/account-upgrade.htm
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D323FF6A7B6A73C37182194050D77E8D
Referer
https://airglo.com/telekom/626626452772782/emailcenter/account-upgrade.htm

Response headers

Date
Wed, 12 Sep 2018 18:53:31 GMT
Server
Apache/2.4.18 (Ubuntu)
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Last-Modified
Wed, 13 Dec 2017 17:11:34 GMT
ETag
"b42-5603bdc037d2d-gzip"
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
1199
Keep-Alive
timeout=5, max=100
Content-Type
text/html; charset=utf-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telekom (Telecommunication)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| idm_stopEvent function| idm_attachEvent function| registerEventHandler function| smartFocus function| handleLoginSubmition

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000