www.maintelke.de Open in urlscan Pro
2a05:d580:0:1337::26 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Submission: On November 20 via automatic, source openphish (November 20th 2022, 1:22:08 am UTC) — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 12 HTTP transactions. The main IP is 2a05:d580:0:1337::26, located in Germany and belongs to UDMEDIA-AS, DE. The main domain is www.maintelke.de.
TLS certificate: Issued by R3 on November 18th 2022. Valid for: 3 months.

This is the only time www.maintelke.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: mobile.de (Marketplace)

Domain & IP information

	IP Address	AS Autonomous System
2	2a05:d580:0:1... 2a05:d580:0:1337::26	199753 (UDMEDIA-AS) (UDMEDIA-AS)
2	2a02:26f0:480... 2a02:26f0:480:18d::1703	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
12	3

2 2a05:d580:0:1337::26 (Germany)

ASN199753 (UDMEDIA-AS, DE)

www.maintelke.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:480:18d::1703 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

login.mobile.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	mobile.de login.mobile.de	1 KB
2	maintelke.de www.maintelke.de	264 KB
0	classistatic.de Failed static.classistatic.de Failed
12	3

	Domain	Requested by
2	login.mobile.de	www.maintelke.de
2	www.maintelke.de	www.maintelke.de
0	static.classistatic.de Failed	www.maintelke.de
12	3

This site contains no links.

Subject Issuer	Validity	Valid
maintelke.de R3	`2022-11-18` - `2023-02-16`	3 months	crt.sh
www.mobile.de DigiCert ECC Extended Validation Server CA	`2022-03-13` - `2023-03-16`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Frame ID: DBF49CE3F92D73191C387142E291D0E2
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

TAN eingeben

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

12
Requests

33 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

265 kB
Transfer

265 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request tanValidate.php Show response
www.maintelke.de/fahrzeugbestand/ 7 KB
7 KB 123ms
40ms Document
text/html 2a05:d580:0:1337::26
UDMEDIA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a05:d580:0:1337::26 , Germany, ASN199753 (UDMEDIA-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 2e41703d3dc92e4d706c27154f5331e1f997a6a8217989d08a74b4917f02f564

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=UTF-8
date: Sun, 20 Nov 2022 01:22:04 GMT
server: Apache

GET
H2 404 icons.logo.data.svg.css
login.mobile.de/a2/css/icons/logo/ 0
0 240ms
92ms Stylesheet
text/html 2a02:26f0:480:18d::1703
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://login.mobile.de/a2/css/icons/logo/icons.logo.data.svg.css
Requested by: Host: www.maintelke.de
URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:18d::1703 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.maintelke.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

GET
H2 200 3.abbea868.chunk.css
www.maintelke.de/fahrzeugbestand/ 254 KB
256 KB 38ms
37ms Stylesheet
text/css 2a05:d580:0:1337::26
UDMEDIA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.maintelke.de/fahrzeugbestand/3.abbea868.chunk.css
Requested by: Host: www.maintelke.de
URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a05:d580:0:1337::26 , Germany, ASN199753 (UDMEDIA-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 578844be879df87dbfde1c30b8d67728497567ac89f384224bdb07303cb6bcf6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.maintelke.de/fahrzeugbestand/tanValidate.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 20 Nov 2022 01:22:04 GMT
last-modified: Sat, 19 Nov 2022 14:35:47 GMT
server: Apache
accept-ranges: bytes
etag: "3f9e9-5edd3bcf01c2e"
content-length: 260585
content-type: text/css

GET
H2 200 tanStatic Show response
login.mobile.de/a2/ 552 B
1 KB 215ms
68ms Script
application/javascript 2a02:26f0:480:18d::1703
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://login.mobile.de/a2/tanStatic

Requested by

Host: www.maintelke.de
URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:18d::1703 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

7b54eaba8bbfd0821c96d29e03b7e0cbad64180c7a6508ddba24262b5ddc9444

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.maintelke.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 20 Nov 2022 01:22:04 GMT
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript;charset=UTF-8
cache-control: private, no-cache, no-store
accept-ranges: none
content-length: 237
x-xss-protection: 1; mode=block
expires: Sun, 20 Nov 2022 01:22:04 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9438113100ff089d191a01c1b464f86963be589cd06c182b0c8b71fc95bd2200

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=US-ASCII

GET Gibson-Regular-webfont-v2.woff2
static.classistatic.de/fonts/ 0
0

GET Gibson-SemiBold-webfont-v2.woff2
static.classistatic.de/fonts/ 0
0

GET Gibson-Regular-webfont-v2.woff
static.classistatic.de/fonts/ 0
0

GET Gibson-SemiBold-webfont-v2.woff
static.classistatic.de/fonts/ 0
0

GET gibson-regular-v3.woff2
static.classistatic.de/fonts/ 0
0

GET gibson-regular-v3.woff
static.classistatic.de/fonts/ 0
0

GET gibson-semibold-v3.woff2
static.classistatic.de/fonts/ 0
0

GET gibson-semibold-v3.woff
static.classistatic.de/fonts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/Gibson-Regular-webfont-v2.woff2

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/Gibson-SemiBold-webfont-v2.woff2

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/Gibson-Regular-webfont-v2.woff

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/Gibson-SemiBold-webfont-v2.woff

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/gibson-regular-v3.woff2

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/gibson-regular-v3.woff

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/gibson-semibold-v3.woff2

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/gibson-semibold-v3.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: mobile.de (Marketplace)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| buttonPressed

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mobile.de/	1970-01-20 16:20:43	Name: _abck Value: A52B0840BC55291C8C701D91C68A7B1F~-1~YAAQjfAQAmpQt4qEAQAAQNOgkgidrnhRAzYRVDVi6wpHBkgu7lkwXqyIWtLsTudeyqgefDDFghGujdESjt1w/Aibf5+FRVmRK+8R+hCjROceGTM+83QHE+kWSB7bEOzDz/DbQfjjOVujOtb4lOOwH0LDaXdfgXI7p/X0TsbIqopf21WIQv4HIDulymWnA9M+68ffM7bdQypgq1P7cayf3zX16QnsUFVnLCV36HIBDsNstb0/NRbZ3wOH2JuGy98Sk7wWuKbuKDVVlhmYNFMHsSioIygwMjxNO81iIN8AQSGMoY3/2gF+oRm/faHi2/UDMyMZL954jRwOM2wrppBuvGg15CuYzBuuQ6n0uEx267jrKcLuOaIw7oTIHw==~-1~-1~-1
.mobile.de/	1970-01-20 07:35:21	Name: bm_sz Value: 89930F2EE3643EF33DB939B62C8AA31C~YAAQjfAQAmtQt4qEAQAAQNOgkhGWjXomEiMht0mjO+sXwA6FMptw7zCTU5DuXizonxYvzsaQ31ZuN1PJzPBBiGY+AXunWg6vd1NCAtXzA0ry6LG0svLYhciGGSLlFGW8jk9S1Hbi6/XZT9ycvVOQbM7I7iXntobheLLPiNlnnuHkOoNv7LbS7Q51hR+9sLYcGvaDbieUFSvxCBQwtcMWp260aTXUWu0QhTt71ndRT41C+KOpbpJovDQJtzDoy2fKpCW6aRcQEVuR3QrpLWVr6JWluTRPvb9gcZC2Oy1covzgDw==~3747892~4338233
.mobile.de/	1970-01-20 07:35:14	Name: ak_bmsc Value: 8159AECB0E54D7551C7A491F6B136205~000000000000000000000000000000~YAAQjfAQAmxQt4qEAQAAWNOgkhFkYmMQ/rOHNxoWK2/FVgvUrthQcppQbsN6zYRc3VINIkt0G4WQV8Vem5GPKcfxE7+0kdc+KetZMw4knmsi++zaAa0IO6mX4IGGoSG5+PRlGNjWG21m7+W4g9s8tvAXv20WMoiFlYYmRmKs/to8/a0hazLIVNExDUhJC4J/WSTItvjmRos7/QJAf4QJnu8bhJL6mjzP0sCod9Y0uE29w4Mtxts6ch8ENBd+j/gNUKb0rD1nTTy7wOSrzz8J0IZ1J3R6u3h2DSjpH9IijX0F/gocTDhAZ4sB7MyIiv3xIYIEZKZs4nOtZ07LPVaaCGlQSHztnEujeQxzs1dWF0YWXPs894n6qq6NLWaSTKU5nWWXk0IORU9CmGCH8IRIIw==

17 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://login.mobile.de/a2/css/icons/logo/icons.logo.data.svg.css Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php Message: Access to font at 'https://static.classistatic.de/fonts/Gibson-Regular-webfont-v2.woff2' from origin 'https://www.maintelke.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/Gibson-Regular-webfont-v2.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php Message: Access to font at 'https://static.classistatic.de/fonts/Gibson-SemiBold-webfont-v2.woff2' from origin 'https://www.maintelke.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/Gibson-SemiBold-webfont-v2.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php Message: Access to font at 'https://static.classistatic.de/fonts/Gibson-Regular-webfont-v2.woff' from origin 'https://www.maintelke.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/Gibson-Regular-webfont-v2.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php Message: Access to font at 'https://static.classistatic.de/fonts/Gibson-SemiBold-webfont-v2.woff' from origin 'https://www.maintelke.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/Gibson-SemiBold-webfont-v2.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php Message: Access to font at 'https://static.classistatic.de/fonts/gibson-regular-v3.woff2' from origin 'https://www.maintelke.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/gibson-regular-v3.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php Message: Access to font at 'https://static.classistatic.de/fonts/gibson-regular-v3.woff' from origin 'https://www.maintelke.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/gibson-regular-v3.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php Message: Access to font at 'https://static.classistatic.de/fonts/gibson-semibold-v3.woff2' from origin 'https://www.maintelke.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/gibson-semibold-v3.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.maintelke.de/fahrzeugbestand/tanValidate.php Message: Access to font at 'https://static.classistatic.de/fonts/gibson-semibold-v3.woff' from origin 'https://www.maintelke.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/gibson-semibold-v3.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login.mobile.de
static.classistatic.de
www.maintelke.de
static.classistatic.de
2a02:26f0:480:18d::1703
2a05:d580:0:1337::26
2e41703d3dc92e4d706c27154f5331e1f997a6a8217989d08a74b4917f02f564
578844be879df87dbfde1c30b8d67728497567ac89f384224bdb07303cb6bcf6
7b54eaba8bbfd0821c96d29e03b7e0cbad64180c7a6508ddba24262b5ddc9444
9438113100ff089d191a01c1b464f86963be589cd06c182b0c8b71fc95bd2200

www.maintelke.de Open in urlscan Pro 2a05:d580:0:1337::26 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

12 Requests

33 %HTTPS

100 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

265 kBTransfer

265 kBSize

3 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

3 Cookies

17 Console Messages

Indicators

www.maintelke.de Open in urlscan Pro
2a05:d580:0:1337::26 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

33 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

265 kB
Transfer

265 kB
Size

3
Cookies

12 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!