akwaabait.com
Open in
urlscan Pro
50.31.162.117
Malicious Activity!
Public Scan
Submission: On March 06 via api from CA
Summary
This is the only time akwaabait.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telekom (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 50.31.162.117 50.31.162.117 | 23352 (SERVERCEN...) (SERVERCENTRAL) | |
1 1 | 2003:2:2:140:... 2003:2:2:140:62:157:140:200 | 3320 (DTAG Inte...) (DTAG Internet service provider operations) | |
1 1 | 2a02:cbf7::62... 2a02:cbf7::62:138:238:40 | 61157 (PLUSSERVE...) (PLUSSERVER-ASN1) | |
1 2 | 62.138.239.100 62.138.239.100 | 61157 (PLUSSERVE...) (PLUSSERVER-ASN1) | |
11 | 3 |
ASN23352 (SERVERCENTRAL, US)
PTR: sc501.whpservers.com
akwaabait.com |
ASN3320 (DTAG Internet service provider operations, DE)
accounts.login.idm.telekom.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
akwaabait.com
akwaabait.com |
75 KB |
3 |
t-online.de
2 redirects
tipi.api.t-online.de www.t-online.de |
558 B |
1 |
telekom.com
1 redirects
accounts.login.idm.telekom.com |
674 B |
11 | 3 |
Domain | Requested by | |
---|---|---|
7 | akwaabait.com |
akwaabait.com
|
2 | www.t-online.de |
1 redirects
akwaabait.com
|
1 | tipi.api.t-online.de | 1 redirects |
1 | accounts.login.idm.telekom.com | 1 redirects |
11 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
meinkonto.telekom-dienste.de |
accounts.login.idm.telekom.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.t-online.de DigiCert SHA2 Secure Server CA |
2019-03-23 - 2021-03-23 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://akwaabait.com/js/Telekom-Login.htm
Frame ID: 7B7E1AAA0FBCC01CB603968B1298956D
Requests: 11 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
RequireJS (JavaScript Frameworks) Expand
Detected patterns
- script /require.*\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Passwort vergessen?
Search URL Search Domain Scan URL
Title: Jetzt registrieren
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- https://accounts.login.idm.telekom.com/idmip?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.return_to=https%3A%2F%2Ftipi.api.t-online.de%2Fsrp-auth%2FoneIdm%2Fverify%3FreturnToUrl%3Dhttp%3A%2F%2Fwww.t-online.de%2F-%2Fid_62530878%2Ftid_tsr-landingpage-popup%2Findex&openid.realm=https%3A%2F%2Ftipi.api.t-online.de&openid.assoc_handle=S9463eeef-60a2-400c-b991-772b8a741de8&openid.mode=checkid_setup&openid.ns.ext1=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ext1.mode=fetch_request&openid.ext1.type.attr1=urn%3Atelekom.com%3Aall&openid.ext1.required=attr1&openid.ns.ext2=http%3A%2F%2Fidm.telekom.com%2Fopenid%2Foauth2%2F1.0&openid.ext2.client_id=10LIVESAM30000004901PORTAL00000000000000&openid.ext2.scopes=W3sic2NvcGUiOiJzcGljYSJ9XQ%3D%3D&openid.ns.ext3=http%3A%2F%2Fidm.telekom.com%2Fopenid%2Fext%2F2.0&openid.ext3.logout_endpoint=https%3A%2F%2Ftipi.api.t-online.de%2Fsrp-auth%2FoneIdm%2Flogout&openid.ns.ext4=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fui%2F1.0&openid.ext4.mode=popup HTTP 302
- https://tipi.api.t-online.de/srp-auth/oneIdm/verify?returnToUrl=http://www.t-online.de/-/id_62530878/tid_tsr-landingpage-popup/index&openid.mode=error&openid.error=OpenID+realm+not+allowed.&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.error_code=unknown-realm HTTP 302
- http://www.t-online.de/-/id_62530878/tid_tsr-landingpage-popup/index HTTP 301
- https://www.t-online.de/-/id_62530878/tid_tsr-landingpage-popup/index
- http://akwaabait.com/js/images/sprites/icons_16x16.png HTTP 302
- http://akwaabait.com/js/images/sprites/front.php HTTP 302
- http://akwaabait.com/js/images/sprites/front.php HTTP 302
- http://akwaabait.com/js/images/sprites/front.php HTTP 302
- http://akwaabait.com/js/images/sprites/front.php HTTP 302
- http://akwaabait.com/js/images/sprites/front.php HTTP 302
- http://akwaabait.com/js/images/sprites/front.php HTTP 302
- http://akwaabait.com/js/images/sprites/front.php HTTP 302
- http://akwaabait.com/js/images/sprites/front.php HTTP 302
- http://akwaabait.com/js/images/sprites/front.php HTTP 302
- http://akwaabait.com/js/images/sprites/front.php HTTP 302
- http://akwaabait.com/js/images/sprites/front.php HTTP 302
- http://akwaabait.com/js/images/sprites/front.php HTTP 302
- http://akwaabait.com/js/images/sprites/front.php
- http://akwaabait.com/js/fonts/TeleGroteskNormal.woff HTTP 302
- http://akwaabait.com/js/fonts/front.php HTTP 302
- http://akwaabait.com/js/fonts/front.php HTTP 302
- http://akwaabait.com/js/fonts/front.php HTTP 302
- http://akwaabait.com/js/fonts/front.php HTTP 302
- http://akwaabait.com/js/fonts/front.php HTTP 302
- http://akwaabait.com/js/fonts/front.php HTTP 302
- http://akwaabait.com/js/fonts/front.php HTTP 302
- http://akwaabait.com/js/fonts/front.php HTTP 302
- http://akwaabait.com/js/fonts/front.php HTTP 302
- http://akwaabait.com/js/fonts/front.php HTTP 302
- http://akwaabait.com/js/fonts/front.php HTTP 302
- http://akwaabait.com/js/fonts/front.php HTTP 302
- http://akwaabait.com/js/fonts/front.php HTTP 302
- http://akwaabait.com/js/fonts/front.php HTTP 302
- http://akwaabait.com/js/fonts/front.php HTTP 302
- http://akwaabait.com/js/fonts/front.php
- http://akwaabait.com/js/images/logo_short_50x25.png HTTP 302
- http://akwaabait.com/js/images/front.php HTTP 302
- http://akwaabait.com/js/images/front.php HTTP 302
- http://akwaabait.com/js/images/front.php HTTP 302
- http://akwaabait.com/js/images/front.php HTTP 302
- http://akwaabait.com/js/images/front.php HTTP 302
- http://akwaabait.com/js/images/front.php HTTP 302
- http://akwaabait.com/js/images/front.php HTTP 302
- http://akwaabait.com/js/images/front.php HTTP 302
- http://akwaabait.com/js/images/front.php HTTP 302
- http://akwaabait.com/js/images/front.php HTTP 302
- http://akwaabait.com/js/images/front.php HTTP 302
- http://akwaabait.com/js/images/front.php HTTP 302
- http://akwaabait.com/js/images/front.php HTTP 302
- http://akwaabait.com/js/images/front.php HTTP 302
- http://akwaabait.com/js/images/front.php
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Telekom-Login.htm
akwaabait.com/js/ |
14 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dtag.css
akwaabait.com/js/Telekom-Login_files/ |
306 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
web.min.css
akwaabait.com/js/Telekom-Login_files/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
require-jquery.min.js.download
akwaabait.com/js/Telekom-Login_files/ |
105 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-information-bubble.min.js.download
akwaabait.com/js/Telekom-Login_files/ |
1 KB 870 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
import-event-0746
akwaabait.com/js/Telekom-Login_files/ |
0 286 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index
www.t-online.de/-/id_62530878/tid_tsr-landingpage-popup/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.min.js.download
akwaabait.com/js/Telekom-Login_files/ |
1 KB 927 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
front.php
akwaabait.com/js/images/sprites/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
front.php
akwaabait.com/js/fonts/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
front.php
akwaabait.com/js/images/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- akwaabait.com
- URL
- http://akwaabait.com/js/images/sprites/front.php
- Domain
- akwaabait.com
- URL
- http://akwaabait.com/js/fonts/front.php
- Domain
- akwaabait.com
- URL
- http://akwaabait.com/js/images/front.php
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telekom (Telecommunication)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| requirejs function| require function| define function| $ function| jQuery object| dtag function| idm_stopEvent function| idm_attachEvent function| registerEventHandler function| smartFocus object| html function| OpenPopupCenter function| log function| enableSubmitButton function| disableSubmitButton function| applyTimeLock function| emailCheck function| toolTip function| switchCheckBox function| showInformation function| hideInformation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.login.idm.telekom.com
akwaabait.com
tipi.api.t-online.de
www.t-online.de
akwaabait.com
2003:2:2:140:62:157:140:200
2a02:cbf7::62:138:238:40
50.31.162.117
62.138.239.100
09d509e53f80e5fbd039cffaa28e5c6d506ae95fea2a032f967ccf050c0c910a
1e9b8dff87cfa82666141f733968f3f04130f8308b423fda13a160c76eee0d95
2f7e6b7468366efc884e59791d8f155894a2345f6cb7b4428805a27b1ed072ea
cfdf1c50f8bfcbeca67bed8a074bf099493011ae84b5d0ef1adfc1fb1609563d
d7da32a9755cc6511c3377230a4015796c984a05034ca81e3a03ca9d13c49b1d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6ec6456b73e851bc7dca0ea35513f36da9be07c92e4aac61485bf7ef674dc84