urlscan.io logo urlscan.io
SecurityTrails logo

ferienhaus-anja.de Open in urlscan Pro
217.160.0.89  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://ferienhaus-anja.de/mobile.de/a2/login/tanValidate.html
Submission: On June 25 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 12 HTTP transactions. The main IP is 217.160.0.89, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is ferienhaus-anja.de.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on October 6th 2020. Valid for: a year.
This is the only time ferienhaus-anja.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: mobile.de (Marketplace)

Domain & IP information

IP Address AS Autonomous System
2 217.160.0.89 8560 (IONOS-AS ...)
2 2a02:26f0:310... 20940 (AKAMAI-ASN1)
12 3
Apex Domain
Subdomains		 Transfer
2 mobile.de
login.mobile.de
1 KB
2 ferienhaus-anja.de
ferienhaus-anja.de
258 KB
0 classistatic.de Failed
static.classistatic.de Failed
12 3
Domain Requested by
2 login.mobile.de ferienhaus-anja.de
2 ferienhaus-anja.de ferienhaus-anja.de
0 static.classistatic.de Failed ferienhaus-anja.de
12 3

This site contains no links.

Subject Issuer Validity Valid
*.ferienhaus-anja.de
Encryption Everywhere DV TLS CA - G1		 2020-10-06 -
2021-10-20		 a year crt.sh
www.mobile.de
DigiCert ECC Extended Validation Server CA		 2020-03-11 -
2022-06-10		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://ferienhaus-anja.de/mobile.de/a2/login/tanValidate.html
Frame ID: FF85F3CF754610880AA3A4BA5923C585
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

12
Requests

33 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

259 kB
Transfer

267 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request tanValidate.html
ferienhaus-anja.de/mobile.de/a2/login/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ferienhaus-anja.de/mobile.de/a2/login/tanValidate.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.89 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-89.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
48703f1d61a2d4a7d6dd9fc934116705b6c39ae971fc790ca9e52171172c4384

Request headers

:method
GET
:authority
ferienhaus-anja.de
:scheme
https
:path
/mobile.de/a2/login/tanValidate.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
text/html
date
Fri, 25 Jun 2021 01:07:58 GMT
server
Apache
last-modified
Wed, 13 Jan 2021 16:06:00 GMT
etag
W/"2469-5b8ca50ad6a00"
content-encoding
gzip
icons.logo.data.svg.css
login.mobile.de/a2/css/icons/logo/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.mobile.de/a2/css/icons/logo/icons.logo.data.svg.css
Requested by
Host: ferienhaus-anja.de
URL: https://ferienhaus-anja.de/mobile.de/a2/login/tanValidate.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100:78e::1703 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://ferienhaus-anja.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
3.6c709db4.chunk.css
ferienhaus-anja.de/mobile.de/a2/login/index_files/ 		254 KB
255 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ferienhaus-anja.de/mobile.de/a2/login/index_files/3.6c709db4.chunk.css
Requested by
Host: ferienhaus-anja.de
URL: https://ferienhaus-anja.de/mobile.de/a2/login/tanValidate.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.89 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-89.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
c9f67d91418198652afa16581f6a823ab1e9f57e0270f4821d1a6918e5b6cf60

Request headers

:path
/mobile.de/a2/login/index_files/3.6c709db4.chunk.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
ferienhaus-anja.de
referer
https://ferienhaus-anja.de/mobile.de/a2/login/tanValidate.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://ferienhaus-anja.de/mobile.de/a2/login/tanValidate.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 25 Jun 2021 01:07:58 GMT
last-modified
Tue, 12 Jan 2021 21:26:28 GMT
server
Apache
accept-ranges
bytes
etag
"3f9e8-5b8baacea0900"
content-length
260584
content-type
text/css
tanStatic
login.mobile.de/a2/ 		552 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.mobile.de/a2/tanStatic
Requested by
Host: ferienhaus-anja.de
URL: https://ferienhaus-anja.de/mobile.de/a2/login/tanValidate.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100:78e::1703 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
7b54eaba8bbfd0821c96d29e03b7e0cbad64180c7a6508ddba24262b5ddc9444
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ferienhaus-anja.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 25 Jun 2021 01:07:58 GMT
x-frame-options
deny
content-type
application/javascript;charset=UTF-8
cache-control
private, no-cache, no-store
accept-ranges
none
vary
Accept-Encoding
content-length
237
x-xss-protection
1; mode=block
expires
Fri, 25 Jun 2021 01:07:58 GMT
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9438113100ff089d191a01c1b464f86963be589cd06c182b0c8b71fc95bd2200

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=US-ASCII
Gibson-Regular-webfont-v2.woff2
static.classistatic.de/fonts/ 		0
0
Gibson-SemiBold-webfont-v2.woff2
static.classistatic.de/fonts/ 		0
0
Gibson-Regular-webfont-v2.woff
static.classistatic.de/fonts/ 		0
0
Gibson-SemiBold-webfont-v2.woff
static.classistatic.de/fonts/ 		0
0
gibson-regular-v3.woff2
static.classistatic.de/fonts/ 		0
0
gibson-regular-v3.woff
static.classistatic.de/fonts/ 		0
0
gibson-semibold-v3.woff2
static.classistatic.de/fonts/ 		0
0
gibson-semibold-v3.woff
static.classistatic.de/fonts/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
static.classistatic.de
URL
https://static.classistatic.de/fonts/Gibson-Regular-webfont-v2.woff2
Domain
static.classistatic.de
URL
https://static.classistatic.de/fonts/Gibson-SemiBold-webfont-v2.woff2
Domain
static.classistatic.de
URL
https://static.classistatic.de/fonts/Gibson-Regular-webfont-v2.woff
Domain
static.classistatic.de
URL
https://static.classistatic.de/fonts/Gibson-SemiBold-webfont-v2.woff
Domain
static.classistatic.de
URL
https://static.classistatic.de/fonts/gibson-regular-v3.woff2
Domain
static.classistatic.de
URL
https://static.classistatic.de/fonts/gibson-regular-v3.woff
Domain
static.classistatic.de
URL
https://static.classistatic.de/fonts/gibson-semibold-v3.woff2
Domain
static.classistatic.de
URL
https://static.classistatic.de/fonts/gibson-semibold-v3.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: mobile.de (Marketplace)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| buttonPressed

0 Cookies