aixcloudhost.com
Open in
urlscan Pro
180.235.131.134
Malicious Activity!
Public Scan
Submission: On October 26 via automatic, source phishtank — Scanned from DE
Summary
This is the only time aixcloudhost.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telekom (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 180.235.131.134 180.235.131.134 | 24446 (NETREGIST...) (NETREGISTRY-AS-AP NetRegistry Pty Ltd.) | |
1 | 62.138.238.39 62.138.238.39 | 61157 (PLUSSERVE...) (PLUSSERVER-ASN1) | |
14 | 3 |
ASN24446 (NETREGISTRY-AS-AP NetRegistry Pty Ltd., AU)
PTR: apj5.strategymix.com
aixcloudhost.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
aixcloudhost.com
aixcloudhost.com |
317 KB |
1 |
t-online.de
login.t-online.de |
6 KB |
0 |
telekom.com
Failed
accounts.login.idm.telekom.com Failed |
|
14 | 3 |
Domain | Requested by | |
---|---|---|
8 | aixcloudhost.com |
aixcloudhost.com
|
1 | login.t-online.de |
aixcloudhost.com
|
0 | accounts.login.idm.telekom.com Failed |
aixcloudhost.com
|
14 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.telekom.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
login.t-online.de TeleSec ServerPass Class 2 CA |
2021-02-17 - 2022-02-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://aixcloudhost.com/f36h466/2osmffj/login.php?vAFieJKDni6sPqs0GEhAQLmDQmNzVbZllk7j5mIgn2NxSnSQeOeDduliDpuWCC6YOV5Tanu7jrVANmsl&SERVID=Service_Login_&_Authentication=8b5e5a1491822919f68d9e75dbd5737c5cfa45b166b1ecf3713c024bec320fa1bf7266f575a4d8f0cf93e8bcc5cb2e0e079027d931440679e77be1bd&SERVID=Service_Login_&_Authentication=9c391f9b889f7df0320749655c10aaae317ed52a18e4037cdffb63e3156aa286ff251337b05c0d584657a61ff5e37ee5a52c1906192b0878349b4885
Frame ID: D8750EEAB572CE6EA205A5EEABD5A554
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Telekom LoginDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: hier
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
login.php
aixcloudhost.com/f36h466/2osmffj/ |
8 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
components.min.css
aixcloudhost.com/f36h466/2osmffj/assets/ |
99 KB 99 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-20.26.0.css
aixcloudhost.com/f36h466/2osmffj/assets/ |
14 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.2.1.min.js
aixcloudhost.com/f36h466/2osmffj/assets/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
components.min.js
aixcloudhost.com/f36h466/2osmffj/assets/ |
76 KB 76 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
aixcloudhost.com/f36h466/2osmffj/assets/ |
11 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
t-online-logo-29112019.png
login.t-online.de/stats/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
services.png
aixcloudhost.com/f36h466/2osmffj/assets/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
data_protection.svg
aixcloudhost.com/static/factorx/vdplus/images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
teleicon-outline.woff
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
telegroteskscreen-ultra.woff
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
telegroteskscreen-regular.woff
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
telegroteskscreen-thin.woff
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
teleicon-ui.woff
accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- accounts.login.idm.telekom.com
- URL
- https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/teleicon-outline.woff
- Domain
- accounts.login.idm.telekom.com
- URL
- https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/telegroteskscreen-ultra.woff
- Domain
- accounts.login.idm.telekom.com
- URL
- https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/telegroteskscreen-regular.woff
- Domain
- accounts.login.idm.telekom.com
- URL
- https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/telegroteskscreen-thin.woff
- Domain
- accounts.login.idm.telekom.com
- URL
- https://accounts.login.idm.telekom.com/static/factorx/vdplus/fonts/teleicon-ui.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telekom (Telecommunication)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery object| Login1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
aixcloudhost.com/ | Name: PHPSESSID Value: a8a50380826c61f5ea84150197da1f65 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.login.idm.telekom.com
aixcloudhost.com
login.t-online.de
accounts.login.idm.telekom.com
180.235.131.134
62.138.238.39
11eed36ec8f3c28fd90958d9881d080cf237ab18d6792dd22785e729f06795ba
14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22
42d274b3c3f7c6565c2f3cc9b009770f143ceca121b91bc25f844f7040f18c94
61524aa76330a1046312d9641fa9230e6c7f9c21bac2d0aaa4150d59c10079bf
638b895638b74a68f11696db4b1210e91fdd0219307d8e2263bbd519f90565a6
8fb4dacc85198fcdab2b59b4b744d2c125a79e0ffd39f34cfe2593bfbd2ddea0
ade110571924954ac78b7b91a1fff0882d4e1c4e39aa8cbe7f332aa76e4a5b86
d3a518dea876de39f9e5dc1ffcdeb6c661aee25d8a62474386b664ef3bf1b40f
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3