mitteilungvr.online Open in urlscan Pro
185.139.230.138 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://kwoirekdewe.com/
Effective URL:
https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca...
Submission Tags: @ecarlesi threat #phishing Search All
Submission: On June 30 via api (June 30th 2023, 7:54:50 am UTC) from FR — Scanned from NL

Summary HTTP 23 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 23 HTTP transactions. The main IP is 185.139.230.138, located in Frankfurt am Main, Germany and belongs to CLOUDWEBMANAGE-IL-FR, US. The main domain is mitteilungvr.online.
TLS certificate: Issued by R3 on June 29th 2023. Valid for: 3 months.

This is the only time mitteilungvr.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Volksbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 2	2a10:92c0:1:0... 2a10:92c0:1:0:5::189	211786 (CHEESEHOS...) (CHEESEHOSTING)
4 27	185.139.230.138 185.139.230.138	204548 (CLOUDWEBM...) (CLOUDWEBMANAGE-IL-FR)
23	2

2 2a10:92c0:1:0:5::189 (Netherlands) 2 redirects

ASN211786 (CHEESEHOSTING, NL)

kwoirekdewe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 185.139.230.138 (Frankfurt am Main, Germany) 4 redirects

ASN204548 (CLOUDWEBMANAGE-IL-FR, US)

mitteilungvr.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	mitteilungvr.online 4 redirects mitteilungvr.online	277 KB
2	kwoirekdewe.com 2 redirects kwoirekdewe.com	348 B
23	2

	Domain	Requested by
27	mitteilungvr.online	4 redirects mitteilungvr.online
2	kwoirekdewe.com	2 redirects
23	2

This site contains no links.

Subject Issuer	Validity	Valid
mitteilungvr.online R3	`2023-06-29` - `2023-09-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3
Frame ID: 8E8212420209CA9D1CFF106596EC4281
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Volksbank

Page URL History Show full URLs

http://kwoirekdewe.com/ HTTP 301
https://kwoirekdewe.com/ HTTP 301
https://mitteilungvr.online/DE/Vo HTTP 301
https://mitteilungvr.online/DE/Vo/ HTTP 302
https://mitteilungvr.online/DE/Vo/white.php?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Page URL
https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d?index=3399&feeder=a72a40f95577... HTTP 301
https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/?index=3399&feeder=a72a40f9557... HTTP 302
https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a4... Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

23
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

276 kB
Transfer

471 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://kwoirekdewe.com/ HTTP 301
https://kwoirekdewe.com/ HTTP 301
https://mitteilungvr.online/DE/Vo HTTP 301
https://mitteilungvr.online/DE/Vo/ HTTP 302
https://mitteilungvr.online/DE/Vo/white.php?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Page URL
https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 HTTP 301
https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 HTTP 302
https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://kwoirekdewe.com/ HTTP 301
https://kwoirekdewe.com/ HTTP 301
https://mitteilungvr.online/DE/Vo HTTP 301
https://mitteilungvr.online/DE/Vo/ HTTP 302
https://mitteilungvr.online/DE/Vo/white.php?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3

23 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	white.php Show response mitteilungvr.online/DE/Vo/ Redirect Chain http://kwoirekdewe.com/ https://kwoirekdewe.com/ https://mitteilungvr.online/DE/Vo https://mitteilungvr.online/DE/Vo/ https://mitteilungvr.online/DE/Vo/white.php?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3	753 B 763 B	67ms 66ms	Document text/html	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.online/DE/Vo/white.php?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `2fc076b9aabcf268ed9cdab3ed19f0bdabe7345e7842055da509144f89ce88b1` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers Connection Keep-Alive Content-Encoding gzip Content-Length 491 Content-Type text/html; charset=UTF-8 Date Fri, 30 Jun 2023 07:54:45 GMT Keep-Alive timeout=5, max=98 Server Apache/2.4.29 (Ubuntu) Vary Accept-Encoding Redirect headers Connection Keep-Alive Content-Length 1 Content-Type text/html; charset=UTF-8 Date Fri, 30 Jun 2023 07:54:45 GMT Keep-Alive timeout=5, max=99 Location white.php?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Server Apache/2.4.29 (Ubuntu)
GET H/1.1	200 OK	Primary Request / Show response mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/ Redirect Chain https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3	23 KB 4 KB	77ms 76ms	Document text/html	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/white.php?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `4818b52c361706d8668045d78e4de48106d1e500f8c82d2e0b39f4507e306093` Request headers Referer https://mitteilungvr.online/DE/Vo/white.php?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers Connection Keep-Alive Content-Encoding gzip Content-Length 3846 Content-Type text/html; charset=UTF-8 Date Fri, 30 Jun 2023 07:54:46 GMT Keep-Alive timeout=5, max=95 Server Apache/2.4.29 (Ubuntu) Vary Accept-Encoding Redirect headers Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Fri, 30 Jun 2023 07:54:46 GMT Keep-Alive timeout=5, max=96 Server Apache/2.4.29 (Ubuntu) location login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3
GET H/1.1	200 OK	jquery.min.js Show response mitteilungvr.online/DE/Vo/bower_components/jquery/dist/	85 KB 30 KB	79ms 79ms	Script application/javascript	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.online/DE/Vo/bower_components/jquery/dist/jquery.min.js Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:19:34 GMT Server Apache/2.4.29 (Ubuntu) ETag "15283-5ed64decc5980-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 30138
GET H/1.1	200 OK	ua-parser.min.js Show response mitteilungvr.online/DE/Vo/bower_components/ua-parser-js/dist/	17 KB 6 KB	122ms 39ms	Script application/javascript	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.online/DE/Vo/bower_components/ua-parser-js/dist/ua-parser.min.js Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:19:34 GMT Server Apache/2.4.29 (Ubuntu) ETag "4298-5ed64decc5980-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 6063
GET H/1.1	200 OK	font-awesome.min.css mitteilungvr.online/DE/Vo/bower_components/font-awesome/css/	30 KB 7 KB	78ms 32ms	Stylesheet text/css	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.online/DE/Vo/bower_components/font-awesome/css/font-awesome.min.css Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:19:32 GMT Server Apache/2.4.29 (Ubuntu) ETag "7918-5ed64deadd500-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 7053
GET H/1.1	200 OK	core_form.js Show response mitteilungvr.online/DE/Vo/core/form/	14 KB 4 KB	122ms 39ms	Script application/javascript	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.online/DE/Vo/core/form/core_form.js Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `6442786c2dffb3f5e31194486843fc456be31d704f0cd22a63398c83b339a97b` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:24:36 GMT Server Apache/2.4.29 (Ubuntu) ETag "396a-5ed64f0cc8100-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 3595
GET H/1.1	200 OK	core_form.css mitteilungvr.online/DE/Vo/core/form/	2 KB 912 B	78ms 33ms	Stylesheet text/css	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.online/DE/Vo/core/form/core_form.css Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `c50401c00bd5435f1a9870149af33863046ac69cc2fc9c030dcfcfb02081b110` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:24:36 GMT Server Apache/2.4.29 (Ubuntu) ETag "8b1-5ed64f0cc8100-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 576
GET H/1.1	200 OK	core_token.js Show response mitteilungvr.online/DE/Vo/core/token/	19 KB 2 KB	117ms 34ms	Script application/javascript	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.online/DE/Vo/core/token/core_token.js Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `63067b304ef12dfcc633f99211979f0c712e82aaf93533746fe56d68ba402532` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:24:36 GMT Server Apache/2.4.29 (Ubuntu) ETag "4c53-5ed64f0cc8100-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1748
GET H/1.1	200 OK	core_token.css mitteilungvr.online/DE/Vo/core/token/	699 B 674 B	78ms 32ms	Stylesheet text/css	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.online/DE/Vo/core/token/core_token.css Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `63a862bfdb8e871309839cef71334c2bbe1b4249b54bedf76120e9fdfdec5068` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:24:36 GMT Server Apache/2.4.29 (Ubuntu) ETag "2bb-5ed64f0cc8100-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 338
GET H/1.1	200 OK	css.css mitteilungvr.online/DE/Vo/login/form/	30 B 312 B	78ms 31ms	Stylesheet text/css	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.online/DE/Vo/login/form/css.css Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `44462ddc0fe126587c4c30004e159fb72e4478cd8843546a3a02b115752376fa` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Last-Modified Mon, 14 Nov 2022 02:19:04 GMT Server Apache/2.4.29 (Ubuntu) ETag "1e-5ed64dd029600" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 30
GET H/1.1	200 OK	index.css mitteilungvr.online/DE/Vo/login/	71 KB 14 KB	120ms 37ms	Stylesheet text/css	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.online/DE/Vo/login/index.css Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `944c771bb4aad2f9f68463e7e509943ab27c7cbe50b27c5984c579cb23d74ab6` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:19:02 GMT Server Apache/2.4.29 (Ubuntu) ETag "11b0d-5ed64dce41180-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 13520
GET H/1.1	200 OK	logo.png mitteilungvr.online/DE/Vo/login/	9 KB 10 KB	33ms 31ms	Image image/png	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Show image Full URL https://mitteilungvr.online/DE/Vo/login/logo.png Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `81e964fbcc0d91d57d4284567a6258537efdd63474f899bbd0ff419fa91c5984` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Last-Modified Mon, 14 Nov 2022 02:19:04 GMT Server Apache/2.4.29 (Ubuntu) ETag "259f-5ed64dd029600" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 9631
GET H/1.1	200 OK	xhtml-filler mitteilungvr.online/DE/Vo/login/	43 B 300 B	88ms 64ms	Image image/gif	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Show image Full URL https://mitteilungvr.online/DE/Vo/login/xhtml-filler Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `33dcafb8470734f44deceefaeb93ca1f4a82f79f8b9a15c7b7176a10b7bde15b` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Last-Modified Mon, 14 Nov 2022 02:19:04 GMT Server Apache/2.4.29 (Ubuntu) ETag "2b-5ed64dd029600" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 43
GET H/1.1	200 OK	ebpe-warnung mitteilungvr.online/DE/Vo/login/	2 KB 2 KB	65ms 65ms	Image image/gif	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Show image Full URL https://mitteilungvr.online/DE/Vo/login/ebpe-warnung Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `b5e024ed968916f0f6d124e5359850ac2e8b37d0232e5221cd01a6f9a0ba8702` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Last-Modified Mon, 14 Nov 2022 02:19:02 GMT Server Apache/2.4.29 (Ubuntu) ETag "671-5ed64dce41180" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1649
GET H/1.1	200 OK	ips mitteilungvr.online/DE/Vo/login/	159 KB 160 KB	26ms 26ms	Image image/jpeg	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Show image Full URL https://mitteilungvr.online/DE/Vo/login/ips Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `ad556ddd869fecdb5c863abaac84e9d95bfbbace86e179511c6841b381423ae8` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Last-Modified Mon, 14 Nov 2022 02:19:02 GMT Server Apache/2.4.29 (Ubuntu) ETag "27da2-5ed64dce41180" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 163234
GET H/1.1	200 OK	ips_001.dat mitteilungvr.online/DE/Vo/login/	31 KB 31 KB	26ms 26ms	Image image/jpeg	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Show image Full URL https://mitteilungvr.online/DE/Vo/login/ips_001.dat Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `b0b66376019d952661b1c357c901c8f337d47d01d4326e6b14ee8927dfeb5218` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Last-Modified Mon, 14 Nov 2022 02:19:02 GMT Server Apache/2.4.29 (Ubuntu) ETag "7c3a-5ed64dce41180" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 31802
GET H/1.1	200 OK	form.js Show response mitteilungvr.online/DE/Vo/login/form/	5 KB 1 KB	68ms 33ms	Script application/javascript	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.online/DE/Vo/login/form/form.js?v=649e8a46eedce Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `2bd88d44ab5b1dfcff947d5ce739fc6bcf61a4acbd043097d3b9aa245e3f34e3` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:19:04 GMT Server Apache/2.4.29 (Ubuntu) ETag "12d5-5ed64dd029600-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1054
GET H/1.1	200 OK	token.js Show response mitteilungvr.online/DE/Vo/login/token/	1 KB 877 B	37ms 30ms	Script application/javascript	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.online/DE/Vo/login/token/token.js?v=649e8a46eedd0 Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `50372824bb850b3891ec7f150cab492914fc6348f158deab54ecba2a48a2c5b0` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Content-Encoding gzip Last-Modified Mon, 14 Nov 2022 02:19:04 GMT Server Apache/2.4.29 (Ubuntu) ETag "4f3-5ed64dd029600-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 528
GET H/1.1	200 OK	wallpaper-body mitteilungvr.online/DE/Vo/login/	631 B 890 B	23ms 23ms	Image image/jpeg	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Show image Full URL https://mitteilungvr.online/DE/Vo/login/wallpaper-body Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/login/index.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `9284d948e86d2e99f31483b5f4b3a4c3e65e0a6fbca9a8d2db8c6095f82ac3f5` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/login/index.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Last-Modified Mon, 14 Nov 2022 02:19:02 GMT Server Apache/2.4.29 (Ubuntu) ETag "277-5ed64dce41180" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 631
GET DATA	200 OK	truncated /	329 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a07e35a0a48199eb5cde940517b95ba921bb4a58e173dfea2468c5e4b5578897` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml
GET H/1.1	200 OK	crossnav-link mitteilungvr.online/DE/Vo/login/	238 B 238 B	23ms 23ms	Image text/plain	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Show image Full URL https://mitteilungvr.online/DE/Vo/login/crossnav-link Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/login/index.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/login/index.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Last-Modified Mon, 14 Nov 2022 02:19:04 GMT Server Apache/2.4.29 (Ubuntu) ETag "ee-5ed64dd029600" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 238
GET H/1.1	200 OK	background-seitenanfang mitteilungvr.online/DE/Vo/login/	239 B 239 B	22ms 21ms	Image text/plain	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Show image Full URL https://mitteilungvr.online/DE/Vo/login/background-seitenanfang Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/login/index.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mitteilungvr.online/DE/Vo/login/index.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Last-Modified Mon, 14 Nov 2022 02:19:02 GMT Server Apache/2.4.29 (Ubuntu) ETag "ef-5ed64dce41180" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 239
GET H/1.1	200 OK	gate.php Show response mitteilungvr.online/DE/PA8m7G/secure-piemel/	57 B 258 B	37ms 36ms	XHR application/javascript	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.online/DE/PA8m7G/secure-piemel/gate.php?pl=token&link=volks&bid=0de901532e592b0ab8f89f0f060fce1d&callback=jQuery32100685177775928223_1688111687196&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1688111687197 Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/bower_components/jquery/dist/jquery.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `2f2a32fed2f6696da06a64604cef20c0e9967af4bf27177aa17454d861727900` Request headers Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 X-Requested-With XMLHttpRequest accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Server Apache/2.4.29 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=95 Content-Length 57 Content-Type application/javascript
GET H/1.1	200 OK	gate.php Show response mitteilungvr.online/DE/PA8m7G/secure-piemel/	57 B 258 B	57ms 56ms	XHR application/javascript	185.139.230.138 CLOUDWEBMANAGE-IL-FR
General Check archive.org Show headers Download Go to Full URL https://mitteilungvr.online/DE/PA8m7G/secure-piemel/gate.php?pl=token&link=volks&bid=0de901532e592b0ab8f89f0f060fce1d&callback=jQuery32100685177775928223_1688111687198&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1688111687199 Requested by Host: mitteilungvr.online URL: https://mitteilungvr.online/DE/Vo/bower_components/jquery/dist/jquery.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.139.230.138 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `69a63d24e4fd3ae66f68a95d4bff31158d49b0c12826a4588ef1acd7bed6f067` Request headers Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Referer https://mitteilungvr.online/DE/Vo/a1b2c3/0de901532e592b0ab8f89f0f060fce1d/login/?index=3399&feeder=a72a40f955773edda5a81a0ca88c2bb0a0bfc7a3 X-Requested-With XMLHttpRequest accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 30 Jun 2023 07:54:47 GMT Server Apache/2.4.29 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=96 Content-Length 57 Content-Type application/javascript

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Volksbank (Banking)

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			mitteilungvr.online/DE/Vo	1969-12-31 23:59:59	Name: real Value: OK
			mitteilungvr.online/	1970-01-20 13:38:23	Name: bid Value: 0de901532e592b0ab8f89f0f060fce1d

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

kwoirekdewe.com
mitteilungvr.online
185.139.230.138
2a10:92c0:1:0:5::189
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
2bd88d44ab5b1dfcff947d5ce739fc6bcf61a4acbd043097d3b9aa245e3f34e3
2f2a32fed2f6696da06a64604cef20c0e9967af4bf27177aa17454d861727900
2fc076b9aabcf268ed9cdab3ed19f0bdabe7345e7842055da509144f89ce88b1
33dcafb8470734f44deceefaeb93ca1f4a82f79f8b9a15c7b7176a10b7bde15b
44462ddc0fe126587c4c30004e159fb72e4478cd8843546a3a02b115752376fa
4818b52c361706d8668045d78e4de48106d1e500f8c82d2e0b39f4507e306093
50372824bb850b3891ec7f150cab492914fc6348f158deab54ecba2a48a2c5b0
63067b304ef12dfcc633f99211979f0c712e82aaf93533746fe56d68ba402532
63a862bfdb8e871309839cef71334c2bbe1b4249b54bedf76120e9fdfdec5068
6442786c2dffb3f5e31194486843fc456be31d704f0cd22a63398c83b339a97b
69a63d24e4fd3ae66f68a95d4bff31158d49b0c12826a4588ef1acd7bed6f067
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
81e964fbcc0d91d57d4284567a6258537efdd63474f899bbd0ff419fa91c5984
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
9284d948e86d2e99f31483b5f4b3a4c3e65e0a6fbca9a8d2db8c6095f82ac3f5
944c771bb4aad2f9f68463e7e509943ab27c7cbe50b27c5984c579cb23d74ab6
a07e35a0a48199eb5cde940517b95ba921bb4a58e173dfea2468c5e4b5578897
ad556ddd869fecdb5c863abaac84e9d95bfbbace86e179511c6841b381423ae8
b0b66376019d952661b1c357c901c8f337d47d01d4326e6b14ee8927dfeb5218
b5e024ed968916f0f6d124e5359850ac2e8b37d0232e5221cd01a6f9a0ba8702
c50401c00bd5435f1a9870149af33863046ac69cc2fc9c030dcfcfb02081b110
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

mitteilungvr.online Open in urlscan Pro 185.139.230.138 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

276 kBTransfer

471 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

46 JavaScript Global Variables

2 Cookies

Indicators

mitteilungvr.online Open in urlscan Pro
185.139.230.138 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

276 kB
Transfer

471 kB
Size

2
Cookies

23 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!