![](/screenshots/a7405cab-f76d-490d-914b-83f289f81fa8.png)
airglo.com
Open in
urlscan Pro
207.45.189.88
Malicious Activity!
Public Scan
Submission: On September 12 via automatic, source openphish
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on September 8th 2018. Valid for: 3 months.
This is the only time airglo.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telekom (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 207.45.189.88 207.45.189.88 | 22878 (ASACENET1) (ASACENET1 - ACENET) | |
6 | 2003:2:2:140:... 2003:2:2:140:62:157:140:200 | 3320 (DTAG Inte...) (DTAG Internet service provider operations) | |
1 | 2a02:cbf7:1:0... 2a02:cbf7:1:0:62:138:239:59 | 61157 (PLUSSERVE...) (PLUSSERVER-ASN1) | |
8 | 3 |
ASN22878 (ASACENET1 - ACENET, INC., US)
PTR: sublime-music.co.uk
airglo.com |
ASN3320 (DTAG Internet service provider operations, DE)
accounts.login.idm.telekom.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
telekom.com
accounts.login.idm.telekom.com |
87 KB |
1 |
t-online.de
p.t-online.de |
|
1 |
airglo.com
airglo.com |
3 KB |
8 | 3 |
Domain | Requested by | |
---|---|---|
6 | accounts.login.idm.telekom.com |
airglo.com
|
1 | p.t-online.de |
airglo.com
|
1 | airglo.com | |
8 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
meinkonto.telekom-dienste.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
phase73.com Let's Encrypt Authority X3 |
2018-09-08 - 2018-12-07 |
3 months | crt.sh |
accounts.login.idm.telekom.com TeleSec ServerPass Extended Validation Class 3 CA |
2018-03-27 - 2020-04-01 |
2 years | crt.sh |
p.t-online.de DigiCert Global CA G2 |
2018-07-09 - 2019-08-17 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://airglo.com/telekom/626626452772782/emailcenter/account-upgrade.htm
Frame ID: D323FF6A7B6A73C37182194050D77E8D
Requests: 7 HTTP requests in this frame
Frame:
https://p.t-online.de/email/sam3-login-ivw.html?page=login&mode=web&context=auth&status=first_attempt
Frame ID: AF903A1385A62F46693B769F02199A95
Requests: 1 HTTP requests in this frame
2 Outgoing links
These are links going to different origins than the main page.
Title: Registrieren
Search URL Search Domain Scan URL
Title: Passwort vergessen?
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
account-upgrade.htm
airglo.com/telekom/626626452772782/emailcenter/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
web_lazy_font.min.css
accounts.login.idm.telekom.com/static/css/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-information-bubble.min.js
accounts.login.idm.telekom.com/static/jscript/ |
1 KB 995 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icons_16x16.png
accounts.login.idm.telekom.com/static/images/sprites/ |
431 B 875 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-header-web.png
accounts.login.idm.telekom.com/static/css/images/web/ |
98 B 541 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_short_50x25.png
accounts.login.idm.telekom.com/static/css/images/ |
310 B 754 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TeleGroteskNormal.woff
accounts.login.idm.telekom.com/static/css/fonts/ |
80 KB 81 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sam3-login-ivw.html
p.t-online.de/email/ Frame AF90 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telekom (Telecommunication)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| idm_stopEvent function| idm_attachEvent function| registerEventHandler function| smartFocus function| handleLoginSubmition0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.login.idm.telekom.com
airglo.com
p.t-online.de
2003:2:2:140:62:157:140:200
207.45.189.88
2a02:cbf7:1:0:62:138:239:59
419bf2f4f4f833e2dc27e13167c8be728b59fa2a20400df58ff8a32d974eba55
460837b602c1a6feedf86c8e25bc756d577f4789447b3311edafa6556c525ef7
5a1e69517c76c1fda68cff8b3b6fb6b7773a4b75932684b72b0a23325b14c5fd
c51918b2e8a90ec12f396f1fbda614322033a6897a6812c58233f8ad4d4e1c2a
e6ec6456b73e851bc7dca0ea35513f36da9be07c92e4aac61485bf7ef674dc84
f01cc09c1caa77810d0a5315f5d3f1129713bed386269fd71543a08e151bf2af
fe4d4c713ab42d26a821d8e526958acdf76d2ae9d4a3dbcb1fe757c0bedda554