www.maintelke.de
Open in
urlscan Pro
2a05:d580:0:1337::26
Malicious Activity!
Public Scan
Submission: On November 20 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R3 on November 18th 2022. Valid for: 3 months.
This is the only time www.maintelke.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: mobile.de (Marketplace)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2a05:d580:0:1... 2a05:d580:0:1337::26 | 199753 (UDMEDIA-AS) (UDMEDIA-AS) | |
2 | 2a02:26f0:480... 2a02:26f0:480:18d::1703 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
12 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
mobile.de
login.mobile.de |
1 KB |
2 |
maintelke.de
www.maintelke.de |
264 KB |
0 |
classistatic.de
Failed
static.classistatic.de Failed |
|
12 | 3 |
Domain | Requested by | |
---|---|---|
2 | login.mobile.de |
www.maintelke.de
|
2 | www.maintelke.de |
www.maintelke.de
|
0 | static.classistatic.de Failed |
www.maintelke.de
|
12 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
maintelke.de R3 |
2022-11-18 - 2023-02-16 |
3 months | crt.sh |
www.mobile.de DigiCert ECC Extended Validation Server CA |
2022-03-13 - 2023-03-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Frame ID: DBF49CE3F92D73191C387142E291D0E2
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
TAN eingebenDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Akamai Bot Manager (Security) Expand
Detected patterns
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
tanValidate.php
www.maintelke.de/fahrzeugbestand/ |
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.logo.data.svg.css
login.mobile.de/a2/css/icons/logo/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.abbea868.chunk.css
www.maintelke.de/fahrzeugbestand/ |
254 KB 256 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tanStatic
login.mobile.de/a2/ |
552 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Gibson-Regular-webfont-v2.woff2
static.classistatic.de/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Gibson-SemiBold-webfont-v2.woff2
static.classistatic.de/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Gibson-Regular-webfont-v2.woff
static.classistatic.de/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Gibson-SemiBold-webfont-v2.woff
static.classistatic.de/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
gibson-regular-v3.woff2
static.classistatic.de/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
gibson-regular-v3.woff
static.classistatic.de/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
gibson-semibold-v3.woff2
static.classistatic.de/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
gibson-semibold-v3.woff
static.classistatic.de/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- static.classistatic.de
- URL
- https://static.classistatic.de/fonts/Gibson-Regular-webfont-v2.woff2
- Domain
- static.classistatic.de
- URL
- https://static.classistatic.de/fonts/Gibson-SemiBold-webfont-v2.woff2
- Domain
- static.classistatic.de
- URL
- https://static.classistatic.de/fonts/Gibson-Regular-webfont-v2.woff
- Domain
- static.classistatic.de
- URL
- https://static.classistatic.de/fonts/Gibson-SemiBold-webfont-v2.woff
- Domain
- static.classistatic.de
- URL
- https://static.classistatic.de/fonts/gibson-regular-v3.woff2
- Domain
- static.classistatic.de
- URL
- https://static.classistatic.de/fonts/gibson-regular-v3.woff
- Domain
- static.classistatic.de
- URL
- https://static.classistatic.de/fonts/gibson-semibold-v3.woff2
- Domain
- static.classistatic.de
- URL
- https://static.classistatic.de/fonts/gibson-semibold-v3.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: mobile.de (Marketplace)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| buttonPressed3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.mobile.de/ | Name: _abck Value: A52B0840BC55291C8C701D91C68A7B1F~-1~YAAQjfAQAmpQt4qEAQAAQNOgkgidrnhRAzYRVDVi6wpHBkgu7lkwXqyIWtLsTudeyqgefDDFghGujdESjt1w/Aibf5+FRVmRK+8R+hCjROceGTM+83QHE+kWSB7bEOzDz/DbQfjjOVujOtb4lOOwH0LDaXdfgXI7p/X0TsbIqopf21WIQv4HIDulymWnA9M+68ffM7bdQypgq1P7cayf3zX16QnsUFVnLCV36HIBDsNstb0/NRbZ3wOH2JuGy98Sk7wWuKbuKDVVlhmYNFMHsSioIygwMjxNO81iIN8AQSGMoY3/2gF+oRm/faHi2/UDMyMZL954jRwOM2wrppBuvGg15CuYzBuuQ6n0uEx267jrKcLuOaIw7oTIHw==~-1~-1~-1 |
|
.mobile.de/ | Name: bm_sz Value: 89930F2EE3643EF33DB939B62C8AA31C~YAAQjfAQAmtQt4qEAQAAQNOgkhGWjXomEiMht0mjO+sXwA6FMptw7zCTU5DuXizonxYvzsaQ31ZuN1PJzPBBiGY+AXunWg6vd1NCAtXzA0ry6LG0svLYhciGGSLlFGW8jk9S1Hbi6/XZT9ycvVOQbM7I7iXntobheLLPiNlnnuHkOoNv7LbS7Q51hR+9sLYcGvaDbieUFSvxCBQwtcMWp260aTXUWu0QhTt71ndRT41C+KOpbpJovDQJtzDoy2fKpCW6aRcQEVuR3QrpLWVr6JWluTRPvb9gcZC2Oy1covzgDw==~3747892~4338233 |
|
.mobile.de/ | Name: ak_bmsc Value: 8159AECB0E54D7551C7A491F6B136205~000000000000000000000000000000~YAAQjfAQAmxQt4qEAQAAWNOgkhFkYmMQ/rOHNxoWK2/FVgvUrthQcppQbsN6zYRc3VINIkt0G4WQV8Vem5GPKcfxE7+0kdc+KetZMw4knmsi++zaAa0IO6mX4IGGoSG5+PRlGNjWG21m7+W4g9s8tvAXv20WMoiFlYYmRmKs/to8/a0hazLIVNExDUhJC4J/WSTItvjmRos7/QJAf4QJnu8bhJL6mjzP0sCod9Y0uE29w4Mtxts6ch8ENBd+j/gNUKb0rD1nTTy7wOSrzz8J0IZ1J3R6u3h2DSjpH9IijX0F/gocTDhAZ4sB7MyIiv3xIYIEZKZs4nOtZ07LPVaaCGlQSHztnEujeQxzs1dWF0YWXPs894n6qq6NLWaSTKU5nWWXk0IORU9CmGCH8IRIIw== |
17 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.mobile.de
static.classistatic.de
www.maintelke.de
static.classistatic.de
2a02:26f0:480:18d::1703
2a05:d580:0:1337::26
2e41703d3dc92e4d706c27154f5331e1f997a6a8217989d08a74b4917f02f564
578844be879df87dbfde1c30b8d67728497567ac89f384224bdb07303cb6bcf6
7b54eaba8bbfd0821c96d29e03b7e0cbad64180c7a6508ddba24262b5ddc9444
9438113100ff089d191a01c1b464f86963be589cd06c182b0c8b71fc95bd2200