www.maintelke.de Open in urlscan Pro
2a05:d580:0:1337::26  Malicious Activity! Public Scan

URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Submission: On November 20 via automatic, source openphish — Scanned from DE

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 12 HTTP transactions. The main IP is 2a05:d580:0:1337::26, located in Germany and belongs to UDMEDIA-AS, DE. The main domain is www.maintelke.de.
TLS certificate: Issued by R3 on November 18th 2022. Valid for: 3 months.
This is the only time www.maintelke.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: mobile.de (Marketplace)

Domain & IP information

IP Address AS Autonomous System
2 2a05:d580:0:1... 199753 (UDMEDIA-AS)
2 2a02:26f0:480... 20940 (AKAMAI-ASN1)
12 3
Apex Domain
Subdomains
Transfer
2 mobile.de
login.mobile.de
1 KB
2 maintelke.de
www.maintelke.de
264 KB
0 classistatic.de Failed
static.classistatic.de Failed
12 3
Domain Requested by
2 login.mobile.de www.maintelke.de
2 www.maintelke.de www.maintelke.de
0 static.classistatic.de Failed www.maintelke.de
12 3

This site contains no links.

Subject Issuer Validity Valid
maintelke.de
R3
2022-11-18 -
2023-02-16
3 months crt.sh
www.mobile.de
DigiCert ECC Extended Validation Server CA
2022-03-13 -
2023-03-16
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Frame ID: DBF49CE3F92D73191C387142E291D0E2
Requests: 13 HTTP requests in this frame

Screenshot

Page Title

TAN eingeben

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns

Page Statistics

12
Requests

33 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

265 kB
Transfer

265 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request tanValidate.php
www.maintelke.de/fahrzeugbestand/
7 KB
7 KB
Document
General
Full URL
https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d580:0:1337::26 , Germany, ASN199753 (UDMEDIA-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
2e41703d3dc92e4d706c27154f5331e1f997a6a8217989d08a74b4917f02f564

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-type
text/html; charset=UTF-8
date
Sun, 20 Nov 2022 01:22:04 GMT
server
Apache
icons.logo.data.svg.css
login.mobile.de/a2/css/icons/logo/
0
0
Stylesheet
General
Full URL
https://login.mobile.de/a2/css/icons/logo/icons.logo.data.svg.css
Requested by
Host: www.maintelke.de
URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:18d::1703 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.maintelke.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

3.abbea868.chunk.css
www.maintelke.de/fahrzeugbestand/
254 KB
256 KB
Stylesheet
General
Full URL
https://www.maintelke.de/fahrzeugbestand/3.abbea868.chunk.css
Requested by
Host: www.maintelke.de
URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d580:0:1337::26 , Germany, ASN199753 (UDMEDIA-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
578844be879df87dbfde1c30b8d67728497567ac89f384224bdb07303cb6bcf6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.maintelke.de/fahrzeugbestand/tanValidate.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Sun, 20 Nov 2022 01:22:04 GMT
last-modified
Sat, 19 Nov 2022 14:35:47 GMT
server
Apache
accept-ranges
bytes
etag
"3f9e9-5edd3bcf01c2e"
content-length
260585
content-type
text/css
tanStatic
login.mobile.de/a2/
552 B
1 KB
Script
General
Full URL
https://login.mobile.de/a2/tanStatic
Requested by
Host: www.maintelke.de
URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:18d::1703 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
7b54eaba8bbfd0821c96d29e03b7e0cbad64180c7a6508ddba24262b5ddc9444
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.maintelke.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 20 Nov 2022 01:22:04 GMT
x-frame-options
deny
vary
Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
private, no-cache, no-store
accept-ranges
none
content-length
237
x-xss-protection
1; mode=block
expires
Sun, 20 Nov 2022 01:22:04 GMT
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9438113100ff089d191a01c1b464f86963be589cd06c182b0c8b71fc95bd2200

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=US-ASCII
Gibson-Regular-webfont-v2.woff2
static.classistatic.de/fonts/
0
0

Gibson-SemiBold-webfont-v2.woff2
static.classistatic.de/fonts/
0
0

Gibson-Regular-webfont-v2.woff
static.classistatic.de/fonts/
0
0

Gibson-SemiBold-webfont-v2.woff
static.classistatic.de/fonts/
0
0

gibson-regular-v3.woff2
static.classistatic.de/fonts/
0
0

gibson-regular-v3.woff
static.classistatic.de/fonts/
0
0

gibson-semibold-v3.woff2
static.classistatic.de/fonts/
0
0

gibson-semibold-v3.woff
static.classistatic.de/fonts/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
static.classistatic.de
URL
https://static.classistatic.de/fonts/Gibson-Regular-webfont-v2.woff2
Domain
static.classistatic.de
URL
https://static.classistatic.de/fonts/Gibson-SemiBold-webfont-v2.woff2
Domain
static.classistatic.de
URL
https://static.classistatic.de/fonts/Gibson-Regular-webfont-v2.woff
Domain
static.classistatic.de
URL
https://static.classistatic.de/fonts/Gibson-SemiBold-webfont-v2.woff
Domain
static.classistatic.de
URL
https://static.classistatic.de/fonts/gibson-regular-v3.woff2
Domain
static.classistatic.de
URL
https://static.classistatic.de/fonts/gibson-regular-v3.woff
Domain
static.classistatic.de
URL
https://static.classistatic.de/fonts/gibson-semibold-v3.woff2
Domain
static.classistatic.de
URL
https://static.classistatic.de/fonts/gibson-semibold-v3.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: mobile.de (Marketplace)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| buttonPressed

3 Cookies

Domain/Path Name / Value
.mobile.de/ Name: _abck
Value: A52B0840BC55291C8C701D91C68A7B1F~-1~YAAQjfAQAmpQt4qEAQAAQNOgkgidrnhRAzYRVDVi6wpHBkgu7lkwXqyIWtLsTudeyqgefDDFghGujdESjt1w/Aibf5+FRVmRK+8R+hCjROceGTM+83QHE+kWSB7bEOzDz/DbQfjjOVujOtb4lOOwH0LDaXdfgXI7p/X0TsbIqopf21WIQv4HIDulymWnA9M+68ffM7bdQypgq1P7cayf3zX16QnsUFVnLCV36HIBDsNstb0/NRbZ3wOH2JuGy98Sk7wWuKbuKDVVlhmYNFMHsSioIygwMjxNO81iIN8AQSGMoY3/2gF+oRm/faHi2/UDMyMZL954jRwOM2wrppBuvGg15CuYzBuuQ6n0uEx267jrKcLuOaIw7oTIHw==~-1~-1~-1
.mobile.de/ Name: bm_sz
Value: 89930F2EE3643EF33DB939B62C8AA31C~YAAQjfAQAmtQt4qEAQAAQNOgkhGWjXomEiMht0mjO+sXwA6FMptw7zCTU5DuXizonxYvzsaQ31ZuN1PJzPBBiGY+AXunWg6vd1NCAtXzA0ry6LG0svLYhciGGSLlFGW8jk9S1Hbi6/XZT9ycvVOQbM7I7iXntobheLLPiNlnnuHkOoNv7LbS7Q51hR+9sLYcGvaDbieUFSvxCBQwtcMWp260aTXUWu0QhTt71ndRT41C+KOpbpJovDQJtzDoy2fKpCW6aRcQEVuR3QrpLWVr6JWluTRPvb9gcZC2Oy1covzgDw==~3747892~4338233
.mobile.de/ Name: ak_bmsc
Value: 8159AECB0E54D7551C7A491F6B136205~000000000000000000000000000000~YAAQjfAQAmxQt4qEAQAAWNOgkhFkYmMQ/rOHNxoWK2/FVgvUrthQcppQbsN6zYRc3VINIkt0G4WQV8Vem5GPKcfxE7+0kdc+KetZMw4knmsi++zaAa0IO6mX4IGGoSG5+PRlGNjWG21m7+W4g9s8tvAXv20WMoiFlYYmRmKs/to8/a0hazLIVNExDUhJC4J/WSTItvjmRos7/QJAf4QJnu8bhJL6mjzP0sCod9Y0uE29w4Mtxts6ch8ENBd+j/gNUKb0rD1nTTy7wOSrzz8J0IZ1J3R6u3h2DSjpH9IijX0F/gocTDhAZ4sB7MyIiv3xIYIEZKZs4nOtZ07LPVaaCGlQSHztnEujeQxzs1dWF0YWXPs894n6qq6NLWaSTKU5nWWXk0IORU9CmGCH8IRIIw==

17 Console Messages

Source Level URL
Text
network error URL: https://login.mobile.de/a2/css/icons/logo/icons.logo.data.svg.css
Message:
Failed to load resource: the server responded with a status of 404 ()
javascript error URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Message:
Access to font at 'https://static.classistatic.de/fonts/Gibson-Regular-webfont-v2.woff2' from origin 'https://www.maintelke.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://static.classistatic.de/fonts/Gibson-Regular-webfont-v2.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Message:
Access to font at 'https://static.classistatic.de/fonts/Gibson-SemiBold-webfont-v2.woff2' from origin 'https://www.maintelke.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://static.classistatic.de/fonts/Gibson-SemiBold-webfont-v2.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Message:
Access to font at 'https://static.classistatic.de/fonts/Gibson-Regular-webfont-v2.woff' from origin 'https://www.maintelke.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://static.classistatic.de/fonts/Gibson-Regular-webfont-v2.woff
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Message:
Access to font at 'https://static.classistatic.de/fonts/Gibson-SemiBold-webfont-v2.woff' from origin 'https://www.maintelke.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://static.classistatic.de/fonts/Gibson-SemiBold-webfont-v2.woff
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Message:
Access to font at 'https://static.classistatic.de/fonts/gibson-regular-v3.woff2' from origin 'https://www.maintelke.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://static.classistatic.de/fonts/gibson-regular-v3.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Message:
Access to font at 'https://static.classistatic.de/fonts/gibson-regular-v3.woff' from origin 'https://www.maintelke.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://static.classistatic.de/fonts/gibson-regular-v3.woff
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Message:
Access to font at 'https://static.classistatic.de/fonts/gibson-semibold-v3.woff2' from origin 'https://www.maintelke.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://static.classistatic.de/fonts/gibson-semibold-v3.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Message:
Access to font at 'https://static.classistatic.de/fonts/gibson-semibold-v3.woff' from origin 'https://www.maintelke.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://static.classistatic.de/fonts/gibson-semibold-v3.woff
Message:
Failed to load resource: net::ERR_FAILED