thanhlapweb.com Open in urlscan Pro
123.30.139.93 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://webprotechnologies.com/webpro_bill/addnewtype.php
Effective URL:
https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html
Submission: On September 21 via manual (September 21st 2023, 9:05:40 am UTC) from IN — Scanned from DE

Summary HTTP 19 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 19 HTTP transactions. The main IP is 123.30.139.93, located in Viet Nam and belongs to VNPT-AS-VN Vietnam Posts and Telecommunications VNPT, VN. The main domain is thanhlapweb.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on December 27th 2022. Valid for: a year.

This is the only time thanhlapweb.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Immowelt (Real Estate)

Domain & IP information

	IP Address	AS Autonomous System
1	192.185.129.194 192.185.129.194	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
11	123.30.139.93 123.30.139.93	7643 (VNPT-AS-V...) (VNPT-AS-VN Vietnam Posts and Telecommunications VNPT)
7	2.16.215.101 2.16.215.101	16625 (AKAMAI-AS) (AKAMAI-AS)
19	3

1 192.185.129.194 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-129-194.unifiedlayer.com

webprotechnologies.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 123.30.139.93 (Viet Nam)

ASN7643 (VNPT-AS-VN Vietnam Posts and Telecommunications VNPT, VN)
PTR: c3.vinahost.vn

thanhlapweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.16.215.101 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-16-215-101.deploy.static.akamaitechnologies.com

cdnglobal.immowelt.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	thanhlapweb.com thanhlapweb.com	274 KB
7	immowelt.org cdnglobal.immowelt.org — Cisco Umbrella Rank: 225380	9 KB
1	webprotechnologies.com webprotechnologies.com	241 B
19	3

	Domain	Requested by
11	thanhlapweb.com	thanhlapweb.com
7	cdnglobal.immowelt.org	thanhlapweb.com
1	webprotechnologies.com
19	3

This site contains links to these domains. Also see Links.

Domain
www.immowelt.de
immowelt.de

Subject Issuer	Validity	Valid
webprotechnologies.com R3	`2023-08-02` - `2023-10-31`	3 months	crt.sh
thanhlapweb.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-27` - `2023-12-27`	a year	crt.sh
*.immowelt.org DigiCert TLS RSA SHA256 2020 CA1	`2023-04-14` - `2024-04-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html
Frame ID: 7435482B7792EE9370287ABB3DDF9BEF
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login | Immowelt

Page URL History Show full URLs

https://webprotechnologies.com/webpro_bill/addnewtype.php Page URL
https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html Page URL

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

283 kB
Transfer

400 kB
Size

0
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.immowelt.de/

Search URL Search Domain Scan URL

URL: http://www.immowelt.de/

Search URL Search Domain Scan URL

URL: https://immowelt.de/zugangsdaten/passwort/vergessen?signin=target%3Dmeinbereich%26path%3D%252Fredirect%26agent%3DWEB
Title: Passwort vergessen?

Search URL Search Domain Scan URL

URL: http://immowelt.de/registrieren?signin=target%3Dmeinbereich%26path%3D%252Fredirect
Title: Jetzt kostenfrei registrieren

Search URL Search Domain Scan URL

URL: http://immowelt.de/immoweltag/datenschutz
Title: Datenschutzerklärung

Search URL Search Domain Scan URL

URL: https://www.immowelt.de/immoweltag/agb
Title: AGB

Search URL Search Domain Scan URL

URL: https://www.immowelt.de/immoweltag/datenschutz
Title: Datenschutz

Search URL Search Domain Scan URL

URL: https://www.immowelt.de/immoweltag/impressum
Title: Impressum

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://webprotechnologies.com/webpro_bill/addnewtype.php Page URL
https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	addnewtype.php webprotechnologies.com/webpro_bill/	122 B 241 B	1587ms 762ms	Document text/html	192.185.129.194 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://webprotechnologies.com/webpro_bill/addnewtype.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.129.194 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-129-194.unifiedlayer.com Software nginx/1.21.6 / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding gzip content-length 124 content-type text/html; charset=UTF-8 date Thu, 21 Sep 2023 09:05:18 GMT server nginx/1.21.6 vary Accept-Encoding x-server-cache false
GET H/1.1	200 OK	Primary Request index.html Show response thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/	9 KB 10 KB	2149ms 212ms	Document text/html	123.30.139.93 VNPT-AS-VN Vietna...
General Check archive.org Show headers Download Go to Full URL https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 123.30.139.93 , Viet Nam, ASN7643 (VNPT-AS-VN Vietnam Posts and Telecommunications VNPT, VN), Reverse DNS c3.vinahost.vn Software nginx / Resource Hash `76af6a8077afc6b48ed6a030dbda15cd5d73a5354163e1788b13da5c09d0dfdb` Request headers Referer https://webprotechnologies.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Connection keep-alive Content-Length 9579 Content-Type text/html Date Thu, 21 Sep 2023 09:05:37 GMT Last-Modified Fri, 07 Jul 2023 05:35:16 GMT Server nginx
GET H/1.1	200 OK	main-immowelt.css thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/	16 KB 16 KB	215ms 214ms	Stylesheet text/css	123.30.139.93 VNPT-AS-VN Vietna...
General Check archive.org Show headers Download Go to Full URL https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/main-immowelt.css Requested by Host: thanhlapweb.com URL: https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 123.30.139.93 , Viet Nam, ASN7643 (VNPT-AS-VN Vietnam Posts and Telecommunications VNPT, VN), Reverse DNS c3.vinahost.vn Software nginx / Resource Hash `7ed2f70842e0d45280ac4926fdf7f4c2ac99b2bbe770b449b68de05203b62440` Request headers accept-language de-DE,de;q=0.9 Referer https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 09:05:37 GMT Last-Modified Thu, 06 Jul 2023 05:58:40 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 16583 Content-Type text/css
GET H/1.1	200 OK	navigation.js Show response thanhlapweb.com/thuvien/immo2/immo2/navigation.immowelt.org/v1/MINIMAL/0/	45 KB 45 KB	853ms 637ms	Script application/javascript	123.30.139.93 VNPT-AS-VN Vietna...
General Check archive.org Show headers Download Go to Full URL https://thanhlapweb.com/thuvien/immo2/immo2/navigation.immowelt.org/v1/MINIMAL/0/navigation.js Requested by Host: thanhlapweb.com URL: https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 123.30.139.93 , Viet Nam, ASN7643 (VNPT-AS-VN Vietnam Posts and Telecommunications VNPT, VN), Reverse DNS c3.vinahost.vn Software nginx / Resource Hash `485fcb7db5c3ee1f69056394634c9d75eecf877b7b9cec7c0a2596ff35b80920` Request headers accept-language de-DE,de;q=0.9 Referer https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 09:05:37 GMT Last-Modified Fri, 07 Jul 2023 05:03:08 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 46056 Content-Type application/javascript
GET H2	200	logo_immowelt.svg cdnglobal.immowelt.org/global-assets/4.0.1/legacy/0/images/	4 KB 2 KB	137ms 34ms	Image image/svg+xml	2.16.215.101 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cdnglobal.immowelt.org/global-assets/4.0.1/legacy/0/images/logo_immowelt.svg Requested by Host: thanhlapweb.com URL: https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.215.101 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-16-215-101.deploy.static.akamaitechnologies.com Software Akamai Resource Optimizer / Resource Hash `23938eb4314413660e24c2a78dd20ae6bfeff839962ebea8ab2a19dee5ae226a` Request headers accept-language de-DE,de;q=0.9 Referer https://thanhlapweb.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Thu, 21 Sep 2023 09:05:37 GMT content-encoding br server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1695287137522_386904492_365520225_30_1317_31_34_146";dur=1 content-length 1450 last-modified Thu, 20 Jul 2023 16:07:49 GMT server Akamai Resource Optimizer etag "12a36ea277732f464361d90291ad3224:1584713245.120842" vary Accept-Encoding access-control-max-age 86400 content-type image/svg+xml access-control-allow-origin * access-control-allow-methods GET,POST cache-control max-age=2579978, max-age=8640000 access-control-allow-credentials false accept-ranges bytes access-control-allow-headers *
GET H2	200	icon-teaser-magnify.svg cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/icons/icons-iw/	2 KB 1 KB	34ms 33ms	Image image/svg+xml	2.16.215.101 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/icons/icons-iw/icon-teaser-magnify.svg Requested by Host: thanhlapweb.com URL: https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.215.101 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-16-215-101.deploy.static.akamaitechnologies.com Software Akamai Resource Optimizer / Resource Hash `95b6af6df04ea28daee05d78c1de48f9b386294a6a87503b9eae94d3e8ceff70` Request headers accept-language de-DE,de;q=0.9 Referer https://thanhlapweb.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Thu, 21 Sep 2023 09:05:37 GMT content-encoding br server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1695287137592_386904492_365520250_26_1326_31_0_146";dur=1 content-length 841 last-modified Tue, 13 Jun 2023 17:43:19 GMT server Akamai Resource Optimizer etag "4b6938455aa3d71d0405b5a67e1d5e38:1686234426.481001" vary Accept-Encoding access-control-max-age 86400 content-type image/svg+xml access-control-allow-origin * access-control-allow-methods GET,POST cache-control max-age=2576646, max-age=8640000 access-control-allow-credentials false accept-ranges bytes access-control-allow-headers *
GET H2	200	icon-teaser-arrows.svg cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/icons/icons-iw/	2 KB 1 KB	34ms 34ms	Image image/svg+xml	2.16.215.101 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/icons/icons-iw/icon-teaser-arrows.svg Requested by Host: thanhlapweb.com URL: https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.215.101 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-16-215-101.deploy.static.akamaitechnologies.com Software Akamai Resource Optimizer / Resource Hash `667e25b67585a8da45125ea470976ef8ae9df1b8c9413388b32fc7a45549b632` Request headers accept-language de-DE,de;q=0.9 Referer https://thanhlapweb.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Thu, 21 Sep 2023 09:05:37 GMT content-encoding br server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1695287137626_386904492_365520272_38_1828_31_0_146";dur=1 content-length 835 last-modified Fri, 26 May 2023 12:06:01 GMT server Akamai Resource Optimizer etag "c8551e0ed6f820f4be47c4ad37c67330:1684931126.483374" vary Accept-Encoding access-control-max-age 86400 content-type image/svg+xml access-control-allow-origin * access-control-allow-methods GET,POST cache-control max-age=2576646, max-age=8640000 access-control-allow-credentials false accept-ranges bytes access-control-allow-headers *
GET H2	200	minimal-0-header.css cdnglobal.immowelt.org/navigation-ui/89bd584411c4c86d5e21fa94e5a5b50d5b120311/css/	1006 B 718 B	37ms 36ms	Stylesheet text/css	2.16.215.101 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://cdnglobal.immowelt.org/navigation-ui/89bd584411c4c86d5e21fa94e5a5b50d5b120311/css/minimal-0-header.css Requested by Host: thanhlapweb.com URL: https://thanhlapweb.com/thuvien/immo2/immo2/navigation.immowelt.org/v1/MINIMAL/0/navigation.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.215.101 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-16-215-101.deploy.static.akamaitechnologies.com Software Akamai Resource Optimizer / Resource Hash `8c643cf092aae00273e2163a89a756093f1a44bb79acefc0421f2d164806498a` Request headers accept-language de-DE,de;q=0.9 Referer https://thanhlapweb.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Thu, 21 Sep 2023 09:05:38 GMT content-encoding br server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1695287138305_386904492_365520737_26_1347_31_0_255";dur=1 content-length 292 last-modified Wed, 24 May 2023 15:01:27 GMT server Akamai Resource Optimizer etag "1c83ab44fb80e33960d085b8e11f163c:1684911193.005276" vary Accept-Encoding access-control-max-age 86400 content-type text/css access-control-allow-origin * access-control-allow-methods GET,POST cache-control max-age=2575968, max-age=8640000 access-control-allow-credentials false accept-ranges bytes access-control-allow-headers *
GET H2	200	logo_immowelt.svg cdnglobal.immowelt.org/global-assets/4.3.0/legacy/0/images/	4 KB 2 KB	34ms 33ms	Image image/svg+xml	2.16.215.101 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cdnglobal.immowelt.org/global-assets/4.3.0/legacy/0/images/logo_immowelt.svg Requested by Host: thanhlapweb.com URL: https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.215.101 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-16-215-101.deploy.static.akamaitechnologies.com Software Akamai Resource Optimizer / Resource Hash `23938eb4314413660e24c2a78dd20ae6bfeff839962ebea8ab2a19dee5ae226a` Request headers accept-language de-DE,de;q=0.9 Referer https://thanhlapweb.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Thu, 21 Sep 2023 09:05:38 GMT content-encoding br server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1695287138305_386904492_365520738_28_1188_31_0_146";dur=1 content-length 1450 last-modified Tue, 13 Jun 2023 14:08:19 GMT server Akamai Resource Optimizer etag "12a36ea277732f464361d90291ad3224:1616750426.02394" vary Accept-Encoding access-control-max-age 86400 content-type image/svg+xml access-control-allow-origin * access-control-allow-methods GET,POST cache-control max-age=2575030, max-age=8640000 access-control-allow-credentials false accept-ranges bytes access-control-allow-headers *
GET H2	200	minimal-0-footer.css cdnglobal.immowelt.org/navigation-ui/89bd584411c4c86d5e21fa94e5a5b50d5b120311/css/	463 B 577 B	37ms 36ms	Stylesheet text/css	2.16.215.101 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://cdnglobal.immowelt.org/navigation-ui/89bd584411c4c86d5e21fa94e5a5b50d5b120311/css/minimal-0-footer.css Requested by Host: thanhlapweb.com URL: https://thanhlapweb.com/thuvien/immo2/immo2/navigation.immowelt.org/v1/MINIMAL/0/navigation.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.215.101 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-16-215-101.deploy.static.akamaitechnologies.com Software Akamai Resource Optimizer / Resource Hash `82f4ee0332972e2ff06e0a60eb98a465865e88e0fbd24ba2a03a4114dfe68fa0` Request headers accept-language de-DE,de;q=0.9 Referer https://thanhlapweb.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Thu, 21 Sep 2023 09:05:38 GMT content-encoding br server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1695287138307_386904492_365520740_49_974_31_0_255";dur=1 content-length 151 last-modified Wed, 07 Jun 2023 14:44:15 GMT server Akamai Resource Optimizer etag "b2a529235bf5f9f985043c8cc9174af6:1684911192.962989" vary Accept-Encoding access-control-max-age 86400 content-type text/css access-control-allow-origin * access-control-allow-methods GET,POST cache-control max-age=2575968, max-age=8640000 access-control-allow-credentials false accept-ranges bytes access-control-allow-headers *
GET H2	200	minimal-0-footer.js Show response cdnglobal.immowelt.org/navigation-ui/89bd584411c4c86d5e21fa94e5a5b50d5b120311/	2 KB 1 KB	37ms 36ms	Script application/x-javascript	2.16.215.101 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://cdnglobal.immowelt.org/navigation-ui/89bd584411c4c86d5e21fa94e5a5b50d5b120311/minimal-0-footer.js Requested by Host: thanhlapweb.com URL: https://thanhlapweb.com/thuvien/immo2/immo2/navigation.immowelt.org/v1/MINIMAL/0/navigation.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.215.101 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-16-215-101.deploy.static.akamaitechnologies.com Software Akamai Resource Optimizer / Resource Hash `000445d12d9235c469e3fe9caa91d2c44876bed1d97615912c927f0c56baa50b` Request headers accept-language de-DE,de;q=0.9 Referer https://thanhlapweb.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Thu, 21 Sep 2023 09:05:38 GMT content-encoding br server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1695287138307_386904492_365520741_50_1015_31_0_146";dur=1 content-length 945 last-modified Sun, 13 Aug 2023 02:42:37 GMT server Akamai Resource Optimizer etag "7c6a89b6e7fee833f81729fef45724d7:1691478513.331648" vary Accept-Encoding access-control-max-age 86400 content-type application/x-javascript access-control-allow-origin * access-control-allow-methods GET,POST cache-control max-age=2575968, max-age=8640000 access-control-allow-credentials false accept-ranges bytes access-control-allow-headers *
GET H/1.1	200 OK	9c511efd92044f6f6dbf.svg thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/	748 B 961 B	213ms 213ms	Image image/svg+xml	123.30.139.93 VNPT-AS-VN Vietna...
General Check archive.org Show headers Download Go to Show image Full URL https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/9c511efd92044f6f6dbf.svg Requested by Host: thanhlapweb.com URL: https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/main-immowelt.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 123.30.139.93 , Viet Nam, ASN7643 (VNPT-AS-VN Vietnam Posts and Telecommunications VNPT, VN), Reverse DNS c3.vinahost.vn Software nginx / Resource Hash `c9b195475a3f38e0828aded7ea31494e35f49052b44644f9718d4946e81c8f63` Request headers accept-language de-DE,de;q=0.9 Referer https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/main-immowelt.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 09:05:38 GMT Last-Modified Thu, 06 Jul 2023 05:58:40 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 748 Content-Type image/svg+xml
GET H/1.1	200 OK	5cdd20e6900e0ca47d80.svg thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/	801 B 1014 B	214ms 212ms	Image image/svg+xml	123.30.139.93 VNPT-AS-VN Vietna...
General Check archive.org Show headers Download Go to Show image Full URL https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/5cdd20e6900e0ca47d80.svg Requested by Host: thanhlapweb.com URL: https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/main-immowelt.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 123.30.139.93 , Viet Nam, ASN7643 (VNPT-AS-VN Vietnam Posts and Telecommunications VNPT, VN), Reverse DNS c3.vinahost.vn Software nginx / Resource Hash `451770ba091160eee511e9e1ad0ec7681f8d1849614081afa350c8093e9828f2` Request headers accept-language de-DE,de;q=0.9 Referer https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/main-immowelt.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 09:05:38 GMT Last-Modified Thu, 06 Jul 2023 05:58:40 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 801 Content-Type image/svg+xml
GET H/1.1	200 OK	8fa38303f99cf0518547.svg thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/	2 KB 2 KB	657ms 217ms	Image image/svg+xml	123.30.139.93 VNPT-AS-VN Vietna...
General Check archive.org Show headers Download Go to Show image Full URL https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/8fa38303f99cf0518547.svg Requested by Host: thanhlapweb.com URL: https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/main-immowelt.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 123.30.139.93 , Viet Nam, ASN7643 (VNPT-AS-VN Vietnam Posts and Telecommunications VNPT, VN), Reverse DNS c3.vinahost.vn Software nginx / Resource Hash `ff5a7ccafdf5655b806f5fc619bd47fb43e9858021a5d72e742dd5f647e8ffee` Request headers accept-language de-DE,de;q=0.9 Referer https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/main-immowelt.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 09:05:38 GMT Last-Modified Thu, 06 Jul 2023 05:58:40 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 1737 Content-Type image/svg+xml
GET H/1.1	200 OK	864e5120f57decbc804c.jpg thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/	112 KB 0	872ms 431ms	Image image/jpeg	123.30.139.93 VNPT-AS-VN Vietna...
General Check archive.org Show headers Download Go to Show image Full URL https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/864e5120f57decbc804c.jpg Requested by Host: thanhlapweb.com URL: https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/main-immowelt.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 123.30.139.93 , Viet Nam, ASN7643 (VNPT-AS-VN Vietnam Posts and Telecommunications VNPT, VN), Reverse DNS c3.vinahost.vn Software nginx / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/main-immowelt.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 09:05:38 GMT Last-Modified Thu, 06 Jul 2023 05:58:40 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 135408 Content-Type image/jpeg
GET H/1.1	200 OK	0c36eafde177ab546868.woff2 thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/	45 KB 45 KB	442ms 227ms	Font font/woff2	123.30.139.93 VNPT-AS-VN Vietna...
General Check archive.org Show headers Download Go to Full URL https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/0c36eafde177ab546868.woff2 Requested by Host: thanhlapweb.com URL: https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/main-immowelt.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 123.30.139.93 , Viet Nam, ASN7643 (VNPT-AS-VN Vietnam Posts and Telecommunications VNPT, VN), Reverse DNS c3.vinahost.vn Software nginx / Resource Hash `1e2ca939c8ea6e474d75968c821c6b0e9a7d326dab593bb97478012372b20617` Request headers Referer https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/main-immowelt.css Origin https://thanhlapweb.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 09:05:38 GMT Last-Modified Thu, 06 Jul 2023 05:58:40 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 45900 Content-Type font/woff2
GET H/1.1	200 OK	967e123ad65de8c5d5c4.woff2 thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/	46 KB 46 KB	650ms 434ms	Font font/woff2	123.30.139.93 VNPT-AS-VN Vietna...
General Check archive.org Show headers Download Go to Full URL https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/967e123ad65de8c5d5c4.woff2 Requested by Host: thanhlapweb.com URL: https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/main-immowelt.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 123.30.139.93 , Viet Nam, ASN7643 (VNPT-AS-VN Vietnam Posts and Telecommunications VNPT, VN), Reverse DNS c3.vinahost.vn Software nginx / Resource Hash `4c1c2e95835201077586a3698cd47806dd18df10d32a1e6cb6aa9e47224a55e3` Request headers Referer https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/main-immowelt.css Origin https://thanhlapweb.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 09:05:38 GMT Last-Modified Thu, 06 Jul 2023 05:58:40 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 47016 Content-Type font/woff2
GET H/1.1	200 OK	1a12317389afca44fc29.woff2 thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/	46 KB 46 KB	858ms 430ms	Font font/woff2	123.30.139.93 VNPT-AS-VN Vietna...
General Check archive.org Show headers Download Go to Full URL https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/1a12317389afca44fc29.woff2 Requested by Host: thanhlapweb.com URL: https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/main-immowelt.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 123.30.139.93 , Viet Nam, ASN7643 (VNPT-AS-VN Vietnam Posts and Telecommunications VNPT, VN), Reverse DNS c3.vinahost.vn Software nginx / Resource Hash `c1c24d6a7ce4bd24b1f3f51ab6f74667c94263fa4b109cc3ff32f4f22848087f` Request headers Referer https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/main-immowelt.css Origin https://thanhlapweb.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 09:05:38 GMT Last-Modified Thu, 06 Jul 2023 05:58:40 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 46676 Content-Type font/woff2
GET H/1.1	200 OK	fb9fdde61d631c58d46c.woff2 thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/	62 KB 62 KB	862ms 433ms	Font font/woff2	123.30.139.93 VNPT-AS-VN Vietna...
General Check archive.org Show headers Download Go to Full URL https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/fb9fdde61d631c58d46c.woff2 Requested by Host: thanhlapweb.com URL: https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/main-immowelt.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 123.30.139.93 , Viet Nam, ASN7643 (VNPT-AS-VN Vietnam Posts and Telecommunications VNPT, VN), Reverse DNS c3.vinahost.vn Software nginx / Resource Hash `df0231affb521137bf135898b6ce4c2ce59a79e3e23068a673868366c7ac68bb` Request headers Referer https://thanhlapweb.com/thuvien/immo2/immo2/cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/main-immowelt.css Origin https://thanhlapweb.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 09:05:38 GMT Last-Modified Thu, 06 Jul 2023 05:58:40 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 63728 Content-Type font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Immowelt (Real Estate)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| navigationUI function| __CE_installPolyfill

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html Message: Mixed Content: The page at 'https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html' was loaded over HTTPS, but requested an insecure element 'http://cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/icons/icons-iw/icon-teaser-magnify.svg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html Message: Mixed Content: The page at 'https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html' was loaded over HTTPS, but requested an insecure element 'http://cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/icons/icons-iw/icon-teaser-arrows.svg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html(Line 228) Message: Mixed Content: The page at 'https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html' was loaded over HTTPS, but requested an insecure element 'http://cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/icons/icons-iw/icon-teaser-magnify.svg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html(Line 228) Message: Mixed Content: The page at 'https://thanhlapweb.com/thuvien/immo2/immo2/signin.immowelt.de/index.html' was loaded over HTTPS, but requested an insecure element 'http://cdnglobal.immowelt.org/signin-ui/4ea57237727ccb2940892364908fb740108ad38f/images/icons/icons-iw/icon-teaser-arrows.svg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnglobal.immowelt.org
thanhlapweb.com
webprotechnologies.com
123.30.139.93
192.185.129.194
2.16.215.101
000445d12d9235c469e3fe9caa91d2c44876bed1d97615912c927f0c56baa50b
1e2ca939c8ea6e474d75968c821c6b0e9a7d326dab593bb97478012372b20617
23938eb4314413660e24c2a78dd20ae6bfeff839962ebea8ab2a19dee5ae226a
451770ba091160eee511e9e1ad0ec7681f8d1849614081afa350c8093e9828f2
485fcb7db5c3ee1f69056394634c9d75eecf877b7b9cec7c0a2596ff35b80920
4c1c2e95835201077586a3698cd47806dd18df10d32a1e6cb6aa9e47224a55e3
667e25b67585a8da45125ea470976ef8ae9df1b8c9413388b32fc7a45549b632
76af6a8077afc6b48ed6a030dbda15cd5d73a5354163e1788b13da5c09d0dfdb
7ed2f70842e0d45280ac4926fdf7f4c2ac99b2bbe770b449b68de05203b62440
82f4ee0332972e2ff06e0a60eb98a465865e88e0fbd24ba2a03a4114dfe68fa0
8c643cf092aae00273e2163a89a756093f1a44bb79acefc0421f2d164806498a
95b6af6df04ea28daee05d78c1de48f9b386294a6a87503b9eae94d3e8ceff70
c1c24d6a7ce4bd24b1f3f51ab6f74667c94263fa4b109cc3ff32f4f22848087f
c9b195475a3f38e0828aded7ea31494e35f49052b44644f9718d4946e81c8f63
df0231affb521137bf135898b6ce4c2ce59a79e3e23068a673868366c7ac68bb
ff5a7ccafdf5655b806f5fc619bd47fb43e9858021a5d72e742dd5f647e8ffee

thanhlapweb.com Open in urlscan Pro 123.30.139.93 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

283 kBTransfer

400 kBSize

0 Cookies

8 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

thanhlapweb.com Open in urlscan Pro
123.30.139.93 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

283 kB
Transfer

400 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!