aspnetclient-login.air-technologie.de Open in urlscan Pro
2606:4700:3031::ac43:806e Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://aspnetclient-login.air-technologie.de/auth/
Effective URL:
https://aspnetclient-login.air-technologie.de/auth/login.php
Submission: On February 13 via manual (February 13th 2023, 11:28:00 am UTC) from HU — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3031::ac43:806e, located in United States and belongs to CLOUDFLARENET, US. The main domain is aspnetclient-login.air-technologie.de.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 13th 2023. Valid for: a year.

This is the only time aspnetclient-login.air-technologie.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: MKB Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 19	2606:4700:303... 2606:4700:3031::ac43:806e		13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	1

19 2606:4700:3031::ac43:806e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

aspnetclient-login.air-technologie.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	air-technologie.de 1 redirects aspnetclient-login.air-technologie.de	440 KB
18	1

	Domain	Requested by
19	aspnetclient-login.air-technologie.de	1 redirects aspnetclient-login.air-technologie.de
18	1

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-13` - `2024-02-13`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://aspnetclient-login.air-technologie.de/auth/login.php
Frame ID: 92130DD0738688EEDB7ECA85E89D131F
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Belepes|NetBMKNETLOGOMKB Internetbank logoFacebookLinkedinYoutubeQR icon oneQR icon twoQR icon threePersonal Banking iconBusiness or Corporate Banking icon

Page URL History Show full URLs

https://aspnetclient-login.air-technologie.de/auth/ HTTP 302
https://aspnetclient-login.air-technologie.de/auth/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

18
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

440 kB
Transfer

771 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://aspnetclient-login.air-technologie.de/auth/ HTTP 302
https://aspnetclient-login.air-technologie.de/auth/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request login.php Show response aspnetclient-login.air-technologie.de/auth/ Redirect Chain https://aspnetclient-login.air-technologie.de/auth/ https://aspnetclient-login.air-technologie.de/auth/login.php	34 KB 13 KB	143ms 142ms	Document text/html	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://aspnetclient-login.air-technologie.de/auth/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.0.27 PleskLin Resource Hash `a3a495738c7191f5d3648fdfeadc811889a2ed1af3a8d7ab10b671de9e92c28b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 798d37a1e8d42c45-FRA content-encoding br content-type text/html; charset=UTF-8 date Mon, 13 Feb 2023 11:27:52 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BpjI6UIiMreGRmSwAX2aRBkBCOAApWKM6V514xKZvWMcqqohnwkYbiBj6bU0BF4CyHRLM%2BiZVS77WBIvTzDtfj4Ftt9YtxSnDFbvVQ3I66zfhjwg0FTekoQ7K9EnE8zCsXGGjJxocNkjuHc7Eq1MCP6jkSkROdK3oYkkM8CEWYTxe5km"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/8.0.27 PleskLin Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 798d37a0dfa92c45-FRA content-type text/html; charset=UTF-8 date Mon, 13 Feb 2023 11:27:52 GMT location login.php nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fbWJHxP1V5Wm1ZMmvl5ulVfuqYSlqQY2cOGYWMhrgZADjETxpb5fYuOH0BWd6OWEqtlFKgIz8YH2%2FNg4nlczOPwCRXe7uCZQFqjOg3hNMh%2FJf6Vx4nKo9YRVMJZyMRsUf0VPsglI8qYcuW2soBz9W%2F8sc%2F1fQTcEZU0n7qIQd%2BN8yf9U"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/8.0.27 PleskLin
GET H3	200	fnty.css aspnetclient-login.air-technologie.de/auth/1/	114 KB 19 KB	18ms 17ms	Stylesheet text/css	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://aspnetclient-login.air-technologie.de/auth/1/fnty.css Requested by Host: aspnetclient-login.air-technologie.de URL: https://aspnetclient-login.air-technologie.de/auth/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `2fcd15641284a62bc503fef5a6e6239de2b68f6e3d7b5cc3b6567ee90acd6ea9` Request headers accept-language de-DE,de;q=0.9 Referer https://aspnetclient-login.air-technologie.de/auth/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Mon, 13 Feb 2023 11:27:52 GMT content-encoding br cf-cache-status HIT last-modified Thu, 02 Jun 2022 17:41:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3712 etag W/"6298f63c-1c678" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fSB4spblG1knV2wGjjA9tiSrGQYf2hiLF2Y8wO%2F%2B1khrJ7OctQSCpS0c2Gf9DlKPxLEK3G%2F%2B042iAF3oaEVay2tJnqW0P4JlBLv0Dvv0%2B7M1tvwoOvDDmWGIYlpdjVmBmPc4gLasos9Louqw3u%2Fi9JPdF2G3uX6JFBHxPwNs%2FmdiOjAz"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 798d37a2cbfa3663-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	completesk.css aspnetclient-login.air-technologie.de/auth/1/	65 KB 11 KB	26ms 24ms	Stylesheet text/css	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://aspnetclient-login.air-technologie.de/auth/1/completesk.css Requested by Host: aspnetclient-login.air-technologie.de URL: https://aspnetclient-login.air-technologie.de/auth/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `46112103dc78f566f1d76261af2714fae87abbd52068d9add2e9d0cfc7d3765d` Request headers accept-language de-DE,de;q=0.9 Referer https://aspnetclient-login.air-technologie.de/auth/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Mon, 13 Feb 2023 11:27:52 GMT content-encoding br cf-cache-status HIT last-modified Thu, 02 Jun 2022 17:41:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3712 etag W/"6298f63c-1051b" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SP%2FKNF7PWzLdM7Rvb53zQWjpTLzdySYCwpWC6xife1zJ5Mp3si3W24MWT4LMqrQO0HhAjHAeqOMw5m7FcqmwNKzLR4sUItsO%2BAXzkr8glOGCvwYB1Hq5eDlJwdLDvxKKU%2FiBlLbGcrsoiJKQzez04Itaa2Q6hdEumNmXEDnlBHPOspXL"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 798d37a2dbfe3663-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	tvchannel.css aspnetclient-login.air-technologie.de/auth/1/	2 KB 1 KB	26ms 25ms	Stylesheet text/css	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://aspnetclient-login.air-technologie.de/auth/1/tvchannel.css Requested by Host: aspnetclient-login.air-technologie.de URL: https://aspnetclient-login.air-technologie.de/auth/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `650130cef7869061f4324e65b6b79d56e96a867a49ac2ada445e02549535a7b6` Request headers accept-language de-DE,de;q=0.9 Referer https://aspnetclient-login.air-technologie.de/auth/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Mon, 13 Feb 2023 11:27:52 GMT content-encoding br cf-cache-status HIT last-modified Thu, 02 Jun 2022 17:41:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3712 etag W/"6298f63c-909" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mCJl%2FSTm6w5QdDJJUEuncbYZILiBSVg%2BjznE%2BNJLaB0d2ZFsEpP%2BbH28EROu7sAOALywY3GTvbVnAjDVrmfmAr8WpeAbIZ8GmkxSthH%2BM%2BFwYXWlTfwIzJa4sjhCh1OnojweXAgxE5bHxbGexW2tDnJ8Sjx5dVeZ70oLKBbCAX7sxW9a"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 798d37a2dbff3663-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	agharowa.css aspnetclient-login.air-technologie.de/auth/1/	31 KB 6 KB	27ms 25ms	Stylesheet text/css	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://aspnetclient-login.air-technologie.de/auth/1/agharowa.css Requested by Host: aspnetclient-login.air-technologie.de URL: https://aspnetclient-login.air-technologie.de/auth/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `1dc3ba634a07c47568bfaa14d149c0c33d6c9b606e33adbe7bdeea65951fe0c7` Request headers accept-language de-DE,de;q=0.9 Referer https://aspnetclient-login.air-technologie.de/auth/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Mon, 13 Feb 2023 11:27:52 GMT content-encoding br cf-cache-status HIT last-modified Thu, 02 Jun 2022 17:41:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3712 etag W/"6298f63c-7b8b" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JC%2BH1CyJA0XifB86Z%2BUSH%2BHX%2FMKIJtwudxX2d83Y6p5L7MRU3p%2FJ1kwVQ9rEtMfKtB7mlvguLS8YA%2F4tQUCcbXoEV8U6YOBEDuLwh1gnOonBGEz6SuYTdSpMH4rF5KftpxU9f0CoKZWecA4cYA0zbH7%2BicfKDiLubdevr3bwokm%2F2%2Fcf"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 798d37a2dc013663-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	agbede.css aspnetclient-login.air-technologie.de/auth/1/	145 KB 27 KB	32ms 31ms	Stylesheet text/css	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://aspnetclient-login.air-technologie.de/auth/1/agbede.css Requested by Host: aspnetclient-login.air-technologie.de URL: https://aspnetclient-login.air-technologie.de/auth/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `92f315bef53a5c3e44c2839f3142d7369954ff0dce6152bc65592f24ed91685b` Request headers accept-language de-DE,de;q=0.9 Referer https://aspnetclient-login.air-technologie.de/auth/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Mon, 13 Feb 2023 11:27:52 GMT content-encoding br cf-cache-status HIT last-modified Thu, 02 Jun 2022 17:41:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3712 etag W/"6298f63c-24346" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wXOjWFgeGYvTGjUQmodrwfl%2FMxCSLzHKDbR%2BGPmLMfOpw8NfS%2B4SALqgbX731xsL42eRFwkqs%2FY8fN1%2FbSPslSQ%2FDdUE1xVmDbLvES5Jif4iEJing0MkB45RbKoyMmXMhJo5oWj67%2FC%2B%2B%2F76CJWXEvPq62EdB6L8dqGZKHvSTEUEof97"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 798d37a2dc033663-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	bbcustommessage-web-skin.css aspnetclient-login.air-technologie.de/auth/1/	0 0	84ms 83ms	Stylesheet text/html	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://aspnetclient-login.air-technologie.de/auth/1/bbcustommessage-web-skin.css Requested by Host: aspnetclient-login.air-technologie.de URL: https://aspnetclient-login.air-technologie.de/auth/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://aspnetclient-login.air-technologie.de/auth/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Mon, 13 Feb 2023 11:27:52 GMT content-encoding br cf-cache-status EXPIRED last-modified Mon, 13 Feb 2023 08:40:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IrbgZ49im30b3F7Po8DDiNrKW7o%2FQg3uAwTnqCBoWp%2BaMHXMEz3iMQL1gdx17nOPfTT%2FRsMJZ9miIDY5Ws4B5J1VnrjGxo0zuUVcJfU4rZ2iLgEWcTeNUhR8smA4wJkrb7w5B3lD7UlBKORlgk7bmrw5HtL2aGZQEgTh3TZqr%2Fk01yCh"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control max-age=14400 cf-ray 798d37a2dc073663-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	app_store.svg aspnetclient-login.air-technologie.de/auth/1/	14 KB 6 KB	20ms 19ms	Image image/svg+xml	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://aspnetclient-login.air-technologie.de/auth/1/app_store.svg Requested by Host: aspnetclient-login.air-technologie.de URL: https://aspnetclient-login.air-technologie.de/auth/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `69549eaf67ac1808260235965d746722c05ddf9857c3669e9fc134cc470f96d3` Request headers accept-language de-DE,de;q=0.9 Referer https://aspnetclient-login.air-technologie.de/auth/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Mon, 13 Feb 2023 11:27:52 GMT content-encoding br cf-cache-status HIT last-modified Thu, 02 Jun 2022 17:41:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3712 etag W/"6298f63c-395d" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=06X%2BagR%2FOX5bqAO0KjjYsz10lpGxAitKrPFG55L7vQIblMpE%2F%2Bt5lCPE3nhwBJn5tVmdgS9%2FF0BlXEXO7WhTl8%2Bfdg9KkO6W3e2PtBsE7Y0P7ExvlnaV61iM31GdqolV5mIcNr6kTrIxmC4nlPyGozXqsHKTDZMAMDKtakVav7c7%2ByDl"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 798d37a2ec2c3663-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	google_play.svg aspnetclient-login.air-technologie.de/auth/1/	17 KB 7 KB	15ms 15ms	Image image/svg+xml	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://aspnetclient-login.air-technologie.de/auth/1/google_play.svg Requested by Host: aspnetclient-login.air-technologie.de URL: https://aspnetclient-login.air-technologie.de/auth/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `ac12f6652fa9f1fffecc6510dbe11cae0d42ea0c58ac1f1986a8e73a786424c7` Request headers accept-language de-DE,de;q=0.9 Referer https://aspnetclient-login.air-technologie.de/auth/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Mon, 13 Feb 2023 11:27:52 GMT content-encoding br cf-cache-status HIT last-modified Thu, 02 Jun 2022 17:41:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3712 etag W/"6298f63c-45b3" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bLvsLtpqBpxDOzhbkMsUa4YlFmxqsIRC0TCfVO411Ywes8L0ZXXOhT4vWCDvrYCSyEuR7xLZ93QpcpfdduxSda7%2F%2FSx%2FlbdjNjh6mh9fzwK5RGE4vRdtgN%2FW0z5%2BfmSTOF0F6XB7LFrBX8bgAc1%2BgiZP8wPGXjjez10G6dyFC5KU2Gkw"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 798d37a2ec2d3663-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	kperere.png aspnetclient-login.air-technologie.de/auth/1/	109 KB 110 KB	16ms 15ms	Image image/png	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://aspnetclient-login.air-technologie.de/auth/1/kperere.png Requested by Host: aspnetclient-login.air-technologie.de URL: https://aspnetclient-login.air-technologie.de/auth/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `b8161d36e9c952fe3d3be771c9c63226913989c0fc320c2ccef261e1098194ec` Request headers accept-language de-DE,de;q=0.9 Referer https://aspnetclient-login.air-technologie.de/auth/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Mon, 13 Feb 2023 11:27:52 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3712 x-powered-by PleskLin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 111833 last-modified Thu, 02 Jun 2022 17:41:16 GMT server cloudflare etag "6298f63c-1b4d9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NgvAE7sQ7aoaO46BMRScZp8MO9i%2BiX1YxYbxxy1wke0pi5AttuuXqR6n3If6Q5SdvrgSxbj05QedibT4KGUwQX1%2FrYhjM0YNPJK%2B3lghZzbDfQgEOqxapDGRiVT1tMNrjLTfI8hRxs85P492ZKEMXiIGUG%2BX7mctOGnKgQDPSP7EJLw6"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 798d37a2ec2f3663-FRA
GET H3	200	pic0147.png aspnetclient-login.air-technologie.de/auth/1/	239 KB 239 KB	20ms 19ms	Image image/png	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://aspnetclient-login.air-technologie.de/auth/1/pic0147.png Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `fc12733e917f5be70c6071c68fbb2359f8b990bd19d78cd2d9e8bbcc6078ca1f` Request headers accept-language de-DE,de;q=0.9 Referer https://aspnetclient-login.air-technologie.de/auth/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Mon, 13 Feb 2023 11:27:52 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3712 x-powered-by PleskLin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 244668 last-modified Mon, 20 Apr 2020 09:25:44 GMT server cloudflare etag "5e9d6a98-3bbbc" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zPCS%2BdHlsPJ%2BDflFx3gF9tUAdxYiJppJg1%2F5WaL1rkCAhelFFiLNkmPRaW%2B5OM1816CLf9%2F3ZJZILBSDeo236%2BdhnBYmJi1RGNYCXht62NDYDqUTXb5GPlOA7l7lco3q1zyKYW0VRwqheUhTLwJ9Q31V6dV4g4BrcHP4e0d8HkfzlTqo"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 798d37a35ce93663-FRA
GET H3	404	opensans400.woff aspnetclient-login.air-technologie.de/auth/fonts/	0 0	80ms 80ms	Font text/html	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://aspnetclient-login.air-technologie.de/auth/fonts/opensans400.woff Requested by Host: aspnetclient-login.air-technologie.de URL: https://aspnetclient-login.air-technologie.de/auth/1/agbede.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://aspnetclient-login.air-technologie.de/auth/1/agbede.css Origin https://aspnetclient-login.air-technologie.de accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Mon, 13 Feb 2023 11:27:52 GMT content-encoding br cf-cache-status EXPIRED last-modified Mon, 13 Feb 2023 08:40:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tGthqY4%2FQ2BdkKJldPfCdSMehSWQDY9pnw%2BTdDOUmQ7l%2F0gjjnCYz8Gf5hr3cJtDPQk%2BeUBltHlxqTCUZ7jG9RvimdTuGfTWtf2X9PZnhKjX0nZ7GskM2tHuGLtY9QOSPms%2FLJ3917N6HFv%2F0QnIXObJRKoWGjBadXEuF0SrxrveTuSh"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control max-age=14400 cf-ray 798d37a36cf53663-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	icon_info.png aspnetclient-login.air-technologie.de/auth/images/default/infoicon/	808 B 808 B	81ms 81ms	Image text/html	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://aspnetclient-login.air-technologie.de/auth/images/default/infoicon/icon_info.png Requested by Host: aspnetclient-login.air-technologie.de URL: https://aspnetclient-login.air-technologie.de/auth/1/completesk.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187` Request headers accept-language de-DE,de;q=0.9 Referer https://aspnetclient-login.air-technologie.de/auth/1/completesk.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Mon, 13 Feb 2023 11:27:52 GMT content-encoding br cf-cache-status EXPIRED last-modified Mon, 13 Feb 2023 08:40:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sTdUFtecp%2BmT3EgMkVd2XqjU6g%2FfrjhVmG3ac3e8YUqYO9IF32iD%2Feo3STDSUDwXJ1kjn1CUGqBunrUDqjtC3oaHbE1a21%2BiBGuOtxwpJBFBZ36uWUTR4iBDhkMVJxjcULXiRS6%2BhWxzYBzRZrEIdVsOxfl9GFpQ7%2FUPpgfUvwzOuoLg"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control max-age=14400 cf-ray 798d37a36cf93663-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	opensans600.woff aspnetclient-login.air-technologie.de/auth/fonts/	0 0	81ms 81ms	Font text/html	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://aspnetclient-login.air-technologie.de/auth/fonts/opensans600.woff Requested by Host: aspnetclient-login.air-technologie.de URL: https://aspnetclient-login.air-technologie.de/auth/1/agbede.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://aspnetclient-login.air-technologie.de/auth/1/agbede.css Origin https://aspnetclient-login.air-technologie.de accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Mon, 13 Feb 2023 11:27:52 GMT content-encoding br cf-cache-status EXPIRED last-modified Mon, 13 Feb 2023 08:40:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5InOfCXWC7dn1ehdRer8uGQQqTCBthC8Q7WGygFxwZXUxfGXUxttZ7OvaTtk7fwuC%2FIMkbFg9sWiKbdXK%2FOwse59uEOYbxLFEAlunn7%2BbN8u%2BXI2t%2BFkJ1wYKtbG%2Bh6btW2GR9xvER7%2BIrQVxBk8EUJcMpyv0E2NsxKIA03NEq4C5dnk"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control max-age=14400 cf-ray 798d37a36cfe3663-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	opensans400.woff2 aspnetclient-login.air-technologie.de/auth/fonts/	0 0	80ms 80ms	Font text/html	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://aspnetclient-login.air-technologie.de/auth/fonts/opensans400.woff2 Requested by Host: aspnetclient-login.air-technologie.de URL: https://aspnetclient-login.air-technologie.de/auth/1/agbede.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://aspnetclient-login.air-technologie.de/auth/1/agbede.css Origin https://aspnetclient-login.air-technologie.de accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Mon, 13 Feb 2023 11:27:53 GMT content-encoding br cf-cache-status EXPIRED last-modified Mon, 13 Feb 2023 08:40:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i9JOp%2FM02zeJZqN2U7QIE08%2FkNDiz5FlmejGkT%2FbWyVYriLmo758UzFpUET07l4AR7FRPiaMOMCbsntvQdcf2EcU8I5Oy%2FEmgoHU%2FOQcbMPb6VyrvUd4ZsW7E4jTAQpxzsp7a50mro59uErHkAbD2s01zDNlzIHVRwP4erLYQpH3rEjo"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control max-age=14400 cf-ray 798d37a3edbe3663-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	opensans600.woff2 aspnetclient-login.air-technologie.de/auth/fonts/	0 0	86ms 85ms	Font text/html	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://aspnetclient-login.air-technologie.de/auth/fonts/opensans600.woff2 Requested by Host: aspnetclient-login.air-technologie.de URL: https://aspnetclient-login.air-technologie.de/auth/1/agbede.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://aspnetclient-login.air-technologie.de/auth/1/agbede.css Origin https://aspnetclient-login.air-technologie.de accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Mon, 13 Feb 2023 11:27:53 GMT content-encoding br cf-cache-status EXPIRED last-modified Mon, 13 Feb 2023 08:40:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Y8tyYsBZ39hBE%2FZyXCWjsoC%2F3ndZMFlpVBIogdW8JbInCB0Yp1GRc4943xitD3OEjK3a1eOXNLbKsIAqGmPPmoKpE1LkqjjN6lkepmfD6S59JQJ43bXZbegdAI4cGetY9MZwOrnPvOX%2B%2F%2BvW3Vgpk1E2V9pBQR5CVPDNuqrmLhod9uo"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control max-age=14400 cf-ray 798d37a3edc63663-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	opensans400.ttf aspnetclient-login.air-technologie.de/auth/fonts/	0 0	84ms 84ms	Font text/html	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://aspnetclient-login.air-technologie.de/auth/fonts/opensans400.ttf Requested by Host: aspnetclient-login.air-technologie.de URL: https://aspnetclient-login.air-technologie.de/auth/1/agbede.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://aspnetclient-login.air-technologie.de/auth/1/agbede.css Origin https://aspnetclient-login.air-technologie.de accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Mon, 13 Feb 2023 11:27:53 GMT content-encoding br cf-cache-status EXPIRED last-modified Mon, 13 Feb 2023 08:40:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SLZfzsGOB6M6vMQp%2FjdMoXgZoUJEFn66OpnqxJmaer4%2BfON52eSeBVrXRYs8bEbcqnUV5VX6gIWJB4Xofu2bHuabxWD%2F38EFX%2BFxnXsfIZdsTbYIsiPnonqDNzfn7dWfgsd4IsyNPmSnPZpeN4AUJ1k3SXV8D6gie2M3mICHlnFKjzmT"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control max-age=14400 cf-ray 798d37a46e783663-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	opensans600.ttf aspnetclient-login.air-technologie.de/auth/fonts/	0 0	84ms 83ms	Font text/html	2606:4700:3031::ac43:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://aspnetclient-login.air-technologie.de/auth/fonts/opensans600.ttf Requested by Host: aspnetclient-login.air-technologie.de URL: https://aspnetclient-login.air-technologie.de/auth/1/agbede.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://aspnetclient-login.air-technologie.de/auth/1/agbede.css Origin https://aspnetclient-login.air-technologie.de accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Mon, 13 Feb 2023 11:27:53 GMT content-encoding br cf-cache-status EXPIRED last-modified Mon, 13 Feb 2023 08:40:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S4dQPlPS302mFzupPV3xhuT1daOe0GOMEzMxInI9ZOjPIoKa3%2FlMWKl9ltdro8fObelbgD7xPp7p3%2BXViyhH5FJPnKf0acMqvjxv5U065f5cQgS9FTBRq106Tw4ClFvvGSdUo%2FumFEHkR6YlG6VwmP%2Fes3lW3fHc2Am0rzdEAgp1vRsO"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control max-age=14400 cf-ray 798d37a47e8e3663-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: MKB Bank (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://aspnetclient-login.air-technologie.de/auth/1/bbcustommessage-web-skin.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://aspnetclient-login.air-technologie.de/auth/fonts/opensans400.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://aspnetclient-login.air-technologie.de/auth/images/default/infoicon/icon_info.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://aspnetclient-login.air-technologie.de/auth/fonts/opensans600.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://aspnetclient-login.air-technologie.de/auth/fonts/opensans400.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://aspnetclient-login.air-technologie.de/auth/fonts/opensans600.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://aspnetclient-login.air-technologie.de/auth/fonts/opensans400.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://aspnetclient-login.air-technologie.de/auth/fonts/opensans600.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aspnetclient-login.air-technologie.de
2606:4700:3031::ac43:806e
1dc3ba634a07c47568bfaa14d149c0c33d6c9b606e33adbe7bdeea65951fe0c7
2fcd15641284a62bc503fef5a6e6239de2b68f6e3d7b5cc3b6567ee90acd6ea9
46112103dc78f566f1d76261af2714fae87abbd52068d9add2e9d0cfc7d3765d
650130cef7869061f4324e65b6b79d56e96a867a49ac2ada445e02549535a7b6
69549eaf67ac1808260235965d746722c05ddf9857c3669e9fc134cc470f96d3
92f315bef53a5c3e44c2839f3142d7369954ff0dce6152bc65592f24ed91685b
a3a495738c7191f5d3648fdfeadc811889a2ed1af3a8d7ab10b671de9e92c28b
ac12f6652fa9f1fffecc6510dbe11cae0d42ea0c58ac1f1986a8e73a786424c7
b8161d36e9c952fe3d3be771c9c63226913989c0fc320c2ccef261e1098194ec
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
fc12733e917f5be70c6071c68fbb2359f8b990bd19d78cd2d9e8bbcc6078ca1f

aspnetclient-login.air-technologie.de Open in urlscan Pro 2606:4700:3031::ac43:806e Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

440 kBTransfer

771 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

8 Console Messages

Indicators

aspnetclient-login.air-technologie.de Open in urlscan Pro
2606:4700:3031::ac43:806e Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

440 kB
Transfer

771 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!