mitteilungvr.xyz Open in urlscan Pro
185.139.230.138 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://kwoirekdewe.com/
Effective URL:
https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820...
Submission Tags: @ecarlesi threat #phishing Search All
Submission: On June 30 via api (June 30th 2023, 10:05:51 am UTC) from FR — Scanned from NL

Summary HTTP 23 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 23 HTTP transactions. The main IP is 185.139.230.138, located in Frankfurt am Main, Germany and belongs to CLOUDWEBMANAGE-IL-FR, US. The main domain is mitteilungvr.xyz.
TLS certificate: Issued by R3 on June 30th 2023. Valid for: 3 months.

This is the only time mitteilungvr.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Volksbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a10:92c0:1:0... 2a10:92c0:1:0:5::189	211786 (CHEESEHOS...) (CHEESEHOSTING)
4 25	185.139.230.138 185.139.230.138	204548 (CLOUDWEBM...) (CLOUDWEBMANAGE-IL-FR)
23	2

1 2a10:92c0:1:0:5::189 (Netherlands) 1 redirects

ASN211786 (CHEESEHOSTING, NL)

kwoirekdewe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 185.139.230.138 (Frankfurt am Main, Germany) 4 redirects

ASN204548 (CLOUDWEBMANAGE-IL-FR, US)

mitteilungvr.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	mitteilungvr.xyz 4 redirects mitteilungvr.xyz	277 KB
1	kwoirekdewe.com 1 redirects kwoirekdewe.com	102 B
0	mitteilungvr.online Failed mitteilungvr.online Failed
23	3

	Domain	Requested by
25	mitteilungvr.xyz	4 redirects mitteilungvr.xyz
1	kwoirekdewe.com	1 redirects
0	mitteilungvr.online Failed	mitteilungvr.xyz
23	3

This site contains no links.

Subject Issuer	Validity	Valid
mitteilungvr.xyz R3	`2023-06-30` - `2023-09-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4
Frame ID: 9F624FF822CC877D61746CF6D968EB44
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Volksbank

Page URL History Show full URLs

https://kwoirekdewe.com/ HTTP 301
https://mitteilungvr.xyz/DE/Vo HTTP 301
https://mitteilungvr.xyz/DE/Vo/ HTTP 302
https://mitteilungvr.xyz/DE/Vo/white.php?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Page URL
https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a?index=16520&feeder=52b7a1105df... HTTP 301
https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/?index=16520&feeder=52b7a1105d... HTTP 302
https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7... Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

23
Requests

91 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

276 kB
Transfer

471 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://kwoirekdewe.com/ HTTP 301
https://mitteilungvr.xyz/DE/Vo HTTP 301
https://mitteilungvr.xyz/DE/Vo/ HTTP 302
https://mitteilungvr.xyz/DE/Vo/white.php?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Page URL
https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 HTTP 301
https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 HTTP 302
https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://kwoirekdewe.com/ HTTP 301
https://mitteilungvr.xyz/DE/Vo HTTP 301
https://mitteilungvr.xyz/DE/Vo/ HTTP 302
https://mitteilungvr.xyz/DE/Vo/white.php?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4

23 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	white.php Show response mitteilungvr.xyz/DE/Vo/ Redirect Chain https://kwoirekdewe.com/ https://mitteilungvr.xyz/DE/Vo https://mitteilungvr.xyz/DE/Vo/ https://mitteilungvr.xyz/DE/Vo/white.php?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4	754 B 765 B	22ms 21ms	Document text/html	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.xyz/DE/Vo/white.php?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `f1e6c974aac80d6f9ffcecb90e6de58a8b5f60dde6a7c23cc25a8a65fbf2d16a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers Connection Keep-Alive Content-Encoding gzip Content-Length 493 Content-Type text/html; charset=UTF-8 Date Fri, 30 Jun 2023 10:05:46 GMT Keep-Alive timeout=5, max=98 Server Apache/2.4.29 (Ubuntu) Vary Accept-Encoding Redirect headers Connection Keep-Alive Content-Length 1 Content-Type text/html; charset=UTF-8 Date Fri, 30 Jun 2023 10:05:46 GMT Keep-Alive timeout=5, max=99 Location white.php?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Server Apache/2.4.29 (Ubuntu)
GET H/1.1	200 OK	Primary Request / Show response mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/ Redirect Chain https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4	23 KB 4 KB	30ms 30ms	Document text/html	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/white.php?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `d2f3892edb0f5559514edf56ba127ec53ab109d6515f86d39d6236be6644700a` Request headers Referer https://mitteilungvr.xyz/DE/Vo/white.php?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers Connection Keep-Alive Content-Encoding gzip Content-Length 3852 Content-Type text/html; charset=UTF-8 Date Fri, 30 Jun 2023 10:05:47 GMT Keep-Alive timeout=5, max=95 Server Apache/2.4.29 (Ubuntu) Vary Accept-Encoding Redirect headers Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Fri, 30 Jun 2023 10:05:47 GMT Keep-Alive timeout=5, max=96 Server Apache/2.4.29 (Ubuntu) location login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4
GET H/1.1	200 OK	jquery.min.js Show response mitteilungvr.xyz/DE/Vo/bower_components/jquery/dist/	85 KB 30 KB	25ms 24ms	Script application/javascript	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.xyz/DE/Vo/bower_components/jquery/dist/jquery.min.js Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:47 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:19:34 GMT Server Apache/2.4.29 (Ubuntu) ETag "15283-5ed64decc5980-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 30138
GET H/1.1	200 OK	ua-parser.min.js Show response mitteilungvr.xyz/DE/Vo/bower_components/ua-parser-js/dist/	17 KB 6 KB	80ms 20ms	Script application/javascript	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.xyz/DE/Vo/bower_components/ua-parser-js/dist/ua-parser.min.js Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:19:34 GMT Server Apache/2.4.29 (Ubuntu) ETag "4298-5ed64decc5980-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 6063
GET H/1.1	200 OK	font-awesome.min.css mitteilungvr.xyz/DE/Vo/bower_components/font-awesome/css/	30 KB 7 KB	59ms 20ms	Stylesheet text/css	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.xyz/DE/Vo/bower_components/font-awesome/css/font-awesome.min.css Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:19:32 GMT Server Apache/2.4.29 (Ubuntu) ETag "7918-5ed64deadd500-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 7053
GET H/1.1	200 OK	core_form.js Show response mitteilungvr.xyz/DE/Vo/core/form/	14 KB 4 KB	79ms 19ms	Script application/javascript	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.xyz/DE/Vo/core/form/core_form.js Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `6442786c2dffb3f5e31194486843fc456be31d704f0cd22a63398c83b339a97b` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:24:36 GMT Server Apache/2.4.29 (Ubuntu) ETag "396a-5ed64f0cc8100-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 3595
GET H/1.1	200 OK	core_form.css mitteilungvr.xyz/DE/Vo/core/form/	2 KB 912 B	58ms 19ms	Stylesheet text/css	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.xyz/DE/Vo/core/form/core_form.css Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `c50401c00bd5435f1a9870149af33863046ac69cc2fc9c030dcfcfb02081b110` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:24:36 GMT Server Apache/2.4.29 (Ubuntu) ETag "8b1-5ed64f0cc8100-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 576
GET H/1.1	200 OK	core_token.js Show response mitteilungvr.xyz/DE/Vo/core/token/	19 KB 2 KB	82ms 19ms	Script application/javascript	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.xyz/DE/Vo/core/token/core_token.js Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `63067b304ef12dfcc633f99211979f0c712e82aaf93533746fe56d68ba402532` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:24:36 GMT Server Apache/2.4.29 (Ubuntu) ETag "4c53-5ed64f0cc8100-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1748
GET H/1.1	200 OK	core_token.css mitteilungvr.xyz/DE/Vo/core/token/	699 B 674 B	60ms 19ms	Stylesheet text/css	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.xyz/DE/Vo/core/token/core_token.css Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `63a862bfdb8e871309839cef71334c2bbe1b4249b54bedf76120e9fdfdec5068` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:24:36 GMT Server Apache/2.4.29 (Ubuntu) ETag "2bb-5ed64f0cc8100-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 338
GET H/1.1	200 OK	css.css mitteilungvr.xyz/DE/Vo/login/form/	30 B 312 B	61ms 20ms	Stylesheet text/css	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.xyz/DE/Vo/login/form/css.css Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `44462ddc0fe126587c4c30004e159fb72e4478cd8843546a3a02b115752376fa` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Last-Modified Mon, 14 Nov 2022 02:19:04 GMT Server Apache/2.4.29 (Ubuntu) ETag "1e-5ed64dd029600" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 30
GET H/1.1	200 OK	index.css mitteilungvr.xyz/DE/Vo/login/	71 KB 14 KB	67ms 21ms	Stylesheet text/css	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.xyz/DE/Vo/login/index.css Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `944c771bb4aad2f9f68463e7e509943ab27c7cbe50b27c5984c579cb23d74ab6` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:19:02 GMT Server Apache/2.4.29 (Ubuntu) ETag "11b0d-5ed64dce41180-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 13520
GET H/1.1	200 OK	logo.png mitteilungvr.xyz/DE/Vo/login/	9 KB 10 KB	32ms 19ms	Image image/png	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Show image Full URL https://mitteilungvr.xyz/DE/Vo/login/logo.png Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `81e964fbcc0d91d57d4284567a6258537efdd63474f899bbd0ff419fa91c5984` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Last-Modified Mon, 14 Nov 2022 02:19:04 GMT Server Apache/2.4.29 (Ubuntu) ETag "259f-5ed64dd029600" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 9631
GET H/1.1	200 OK	xhtml-filler mitteilungvr.xyz/DE/Vo/login/	43 B 301 B	37ms 36ms	Image image/gif	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Show image Full URL https://mitteilungvr.xyz/DE/Vo/login/xhtml-filler Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `33dcafb8470734f44deceefaeb93ca1f4a82f79f8b9a15c7b7176a10b7bde15b` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Last-Modified Mon, 14 Nov 2022 02:19:04 GMT Server Apache/2.4.29 (Ubuntu) ETag "2b-5ed64dd029600" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 43
GET H/1.1	200 OK	ebpe-warnung mitteilungvr.xyz/DE/Vo/login/	2 KB 2 KB	23ms 22ms	Image image/gif	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Show image Full URL https://mitteilungvr.xyz/DE/Vo/login/ebpe-warnung Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `b5e024ed968916f0f6d124e5359850ac2e8b37d0232e5221cd01a6f9a0ba8702` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Last-Modified Mon, 14 Nov 2022 02:19:02 GMT Server Apache/2.4.29 (Ubuntu) ETag "671-5ed64dce41180" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1649
GET H/1.1	200 OK	ips mitteilungvr.xyz/DE/Vo/login/	159 KB 160 KB	22ms 22ms	Image image/jpeg	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Show image Full URL https://mitteilungvr.xyz/DE/Vo/login/ips Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `ad556ddd869fecdb5c863abaac84e9d95bfbbace86e179511c6841b381423ae8` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Last-Modified Mon, 14 Nov 2022 02:19:02 GMT Server Apache/2.4.29 (Ubuntu) ETag "27da2-5ed64dce41180" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 163234
GET H/1.1	200 OK	ips_001.dat mitteilungvr.xyz/DE/Vo/login/	31 KB 31 KB	22ms 22ms	Image image/jpeg	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Show image Full URL https://mitteilungvr.xyz/DE/Vo/login/ips_001.dat Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `b0b66376019d952661b1c357c901c8f337d47d01d4326e6b14ee8927dfeb5218` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Last-Modified Mon, 14 Nov 2022 02:19:02 GMT Server Apache/2.4.29 (Ubuntu) ETag "7c3a-5ed64dce41180" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 31802
GET H/1.1	200 OK	form.js Show response mitteilungvr.xyz/DE/Vo/login/form/	5 KB 1 KB	20ms 20ms	Script application/javascript	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.xyz/DE/Vo/login/form/form.js?v=649ea8fbe4d4e Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `2bd88d44ab5b1dfcff947d5ce739fc6bcf61a4acbd043097d3b9aa245e3f34e3` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:19:04 GMT Server Apache/2.4.29 (Ubuntu) ETag "12d5-5ed64dd029600-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1054
GET H/1.1	200 OK	token.js Show response mitteilungvr.xyz/DE/Vo/login/token/	1 KB 877 B	25ms 19ms	Script application/javascript	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.xyz/DE/Vo/login/token/token.js?v=649ea8fbe4d50 Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `50372824bb850b3891ec7f150cab492914fc6348f158deab54ecba2a48a2c5b0` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/a1b2c3/b56ae7519c77cbb5790b78247b5b1c0a/login/?index=16520&feeder=52b7a1105df3f5b4bdcc1820aa3037c546c610c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:19:04 GMT Server Apache/2.4.29 (Ubuntu) ETag "4f3-5ed64dd029600-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=92 Content-Length 528
GET H/1.1	200 OK	wallpaper-body mitteilungvr.xyz/DE/Vo/login/	631 B 890 B	21ms 21ms	Image image/jpeg	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Show image Full URL https://mitteilungvr.xyz/DE/Vo/login/wallpaper-body Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/login/index.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `9284d948e86d2e99f31483b5f4b3a4c3e65e0a6fbca9a8d2db8c6095f82ac3f5` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/login/index.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Last-Modified Mon, 14 Nov 2022 02:19:02 GMT Server Apache/2.4.29 (Ubuntu) ETag "277-5ed64dce41180" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=91 Content-Length 631
GET DATA	200 OK	truncated /	329 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a07e35a0a48199eb5cde940517b95ba921bb4a58e173dfea2468c5e4b5578897` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml
GET H/1.1	200 OK	crossnav-link mitteilungvr.xyz/DE/Vo/login/	238 B 238 B	24ms 24ms	Image text/plain	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Show image Full URL https://mitteilungvr.xyz/DE/Vo/login/crossnav-link Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/login/index.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/login/index.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Last-Modified Mon, 14 Nov 2022 02:19:04 GMT Server Apache/2.4.29 (Ubuntu) ETag "ee-5ed64dd029600" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 238
GET H/1.1	200 OK	background-seitenanfang mitteilungvr.xyz/DE/Vo/login/	239 B 239 B	23ms 22ms	Image text/plain	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Show image Full URL https://mitteilungvr.xyz/DE/Vo/login/background-seitenanfang Requested by Host: mitteilungvr.xyz URL: https://mitteilungvr.xyz/DE/Vo/login/index.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.xyz/DE/Vo/login/index.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 10:05:48 GMT Last-Modified Mon, 14 Nov 2022 02:19:02 GMT Server Apache/2.4.29 (Ubuntu) ETag "ef-5ed64dce41180" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 239
GET		gate.php mitteilungvr.online/DE/PA8m7G/secure-piemel/	0 0

GET		gate.php mitteilungvr.online/DE/PA8m7G/secure-piemel/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mitteilungvr.online
URL: https://mitteilungvr.online/DE/PA8m7G/secure-piemel/gate.php?pl=token&link=volks&bid=b56ae7519c77cbb5790b78247b5b1c0a&callback=jQuery321031577460466590157_1688119547993&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1688119547994

Domain: mitteilungvr.online
URL: https://mitteilungvr.online/DE/PA8m7G/secure-piemel/gate.php?pl=token&link=volks&bid=b56ae7519c77cbb5790b78247b5b1c0a&callback=jQuery321031577460466590157_1688119547995&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1688119547996

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Volksbank (Banking)

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			mitteilungvr.xyz/DE/Vo	1969-12-31 23:59:59	Name: real Value: OK
			mitteilungvr.xyz/	1970-01-20 13:38:31	Name: bid Value: b56ae7519c77cbb5790b78247b5b1c0a

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://mitteilungvr.online/DE/PA8m7G/secure-piemel/gate.php?pl=token&link=volks&bid=b56ae7519c77cbb5790b78247b5b1c0a&callback=jQuery321031577460466590157_1688119547993&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1688119547994 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://mitteilungvr.online/DE/PA8m7G/secure-piemel/gate.php?pl=token&link=volks&bid=b56ae7519c77cbb5790b78247b5b1c0a&callback=jQuery321031577460466590157_1688119547995&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1688119547996 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

kwoirekdewe.com
mitteilungvr.online
mitteilungvr.xyz
mitteilungvr.online
185.139.230.138
2a10:92c0:1:0:5::189
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
2bd88d44ab5b1dfcff947d5ce739fc6bcf61a4acbd043097d3b9aa245e3f34e3
33dcafb8470734f44deceefaeb93ca1f4a82f79f8b9a15c7b7176a10b7bde15b
44462ddc0fe126587c4c30004e159fb72e4478cd8843546a3a02b115752376fa
50372824bb850b3891ec7f150cab492914fc6348f158deab54ecba2a48a2c5b0
63067b304ef12dfcc633f99211979f0c712e82aaf93533746fe56d68ba402532
63a862bfdb8e871309839cef71334c2bbe1b4249b54bedf76120e9fdfdec5068
6442786c2dffb3f5e31194486843fc456be31d704f0cd22a63398c83b339a97b
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
81e964fbcc0d91d57d4284567a6258537efdd63474f899bbd0ff419fa91c5984
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
9284d948e86d2e99f31483b5f4b3a4c3e65e0a6fbca9a8d2db8c6095f82ac3f5
944c771bb4aad2f9f68463e7e509943ab27c7cbe50b27c5984c579cb23d74ab6
a07e35a0a48199eb5cde940517b95ba921bb4a58e173dfea2468c5e4b5578897
ad556ddd869fecdb5c863abaac84e9d95bfbbace86e179511c6841b381423ae8
b0b66376019d952661b1c357c901c8f337d47d01d4326e6b14ee8927dfeb5218
b5e024ed968916f0f6d124e5359850ac2e8b37d0232e5221cd01a6f9a0ba8702
c50401c00bd5435f1a9870149af33863046ac69cc2fc9c030dcfcfb02081b110
d2f3892edb0f5559514edf56ba127ec53ab109d6515f86d39d6236be6644700a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1e6c974aac80d6f9ffcecb90e6de58a8b5f60dde6a7c23cc25a8a65fbf2d16a

mitteilungvr.xyz Open in urlscan Pro 185.139.230.138 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

91 %HTTPS

50 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

276 kBTransfer

471 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

46 JavaScript Global Variables

2 Cookies

2 Console Messages

Indicators

mitteilungvr.xyz Open in urlscan Pro
185.139.230.138 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

91 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

276 kB
Transfer

471 kB
Size

2
Cookies

23 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!