vorgang-comerz.net
Open in
urlscan Pro
94.156.253.99
Malicious Activity!
Public Scan
Submitted URL: https://vorgang-comerz.net/vorgang/kunden/id/
Effective URL: https://vorgang-comerz.net/vorgang/kunden/id/.60418487d2ea83cdaaa06be7741e5a13/login/?95f5fcc2d8a154d85cab687934629687
Submission: On August 22 via manual from DE — Scanned from DE
Effective URL: https://vorgang-comerz.net/vorgang/kunden/id/.60418487d2ea83cdaaa06be7741e5a13/login/?95f5fcc2d8a154d85cab687934629687
Submission: On August 22 via manual from DE — Scanned from DE
Summary
This website contacted 4 IPs
in 3 countries
across 3 domains to perform 20 HTTP transactions.
The main IP is 94.156.253.99, located in
Bulgaria and
belongs to WINTERSTORM, US.
The main domain is vorgang-comerz.net.
TLS certificate: Issued by R3 on August 4th 2023. Valid for: 3 months.
This is the only time vorgang-comerz.net was scanned on urlscan.io!
TLS certificate: Issued by R3 on August 4th 2023. Valid for: 3 months.
This is the only time vorgang-comerz.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Commerzbank (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 16 | 94.156.253.99 94.156.253.99 | 7411 (WINTERSTORM) (WINTERSTORM) | |
| 5 | 212.149.50.15 212.149.50.15 | 16365 (COMMERZBA...) (COMMERZBANK DE-60261 Frankfurt) | |
| 1 | 13.107.228.26 13.107.228.26 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
| 20 | 4 |
5
212.149.50.15
(Frankfurt am Main, Germany)
ASN16365 (COMMERZBANK DE-60261 Frankfurt, DE)
PTR: kunden.commerzbank.de
ASN16365 (COMMERZBANK DE-60261 Frankfurt, DE)
PTR: kunden.commerzbank.de
| kunden.commerzbank.de |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 16 |
vorgang-comerz.net
2 redirects
vorgang-comerz.net |
242 KB |
| 5 |
commerzbank.de
kunden.commerzbank.de — Cisco Umbrella Rank: 355125 |
254 KB |
| 1 |
poste.it
securelogin.poste.it |
33 KB |
| 20 | 3 |
| Domain | Requested by | |
|---|---|---|
| 16 | vorgang-comerz.net |
2 redirects
vorgang-comerz.net
|
| 5 | kunden.commerzbank.de |
vorgang-comerz.net
|
| 1 | securelogin.poste.it |
vorgang-comerz.net
|
| 20 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| vorgang-comerz.net R3 |
2023-08-04 - 2023-11-02 |
3 months | crt.sh |
| kunden.commerzbank.de GlobalSign Extended Validation CA - SHA256 - G3 |
2022-12-21 - 2024-01-20 |
a year | crt.sh |
| securelogin.poste.it GlobalSign RSA OV SSL CA 2018 |
2023-03-28 - 2024-04-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://vorgang-comerz.net/vorgang/kunden/id/.60418487d2ea83cdaaa06be7741e5a13/login/?95f5fcc2d8a154d85cab687934629687
Frame ID: 9DFDCB57DDA0639262C0419D285BD5A6
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
Anmeldung zum Digital Banking - CommerzbankPage URL History Show full URLs
-
https://vorgang-comerz.net/vorgang/kunden/id/
HTTP 302
https://vorgang-comerz.net/vorgang/kunden/id/.60418487d2ea83cdaaa06be7741e5a13/?95f5fcc2d8a154d85cab687... HTTP 302
https://vorgang-comerz.net/vorgang/kunden/id/.60418487d2ea83cdaaa06be7741e5a13/login/?95f5fcc2d8a154d85... Page URL
Detected technologies
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://vorgang-comerz.net/vorgang/kunden/id/
HTTP 302
https://vorgang-comerz.net/vorgang/kunden/id/.60418487d2ea83cdaaa06be7741e5a13/?95f5fcc2d8a154d85cab687934629687 HTTP 302
https://vorgang-comerz.net/vorgang/kunden/id/.60418487d2ea83cdaaa06be7741e5a13/login/?95f5fcc2d8a154d85cab687934629687 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
vorgang-comerz.net/vorgang/kunden/id/.60418487d2ea83cdaaa06be7741e5a13/login/ Redirect Chain
|
246 KB 31 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js
vorgang-comerz.net/vorgang/kunden/id/bower_components/jquery/dist/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ua-parser.min.js
vorgang-comerz.net/vorgang/kunden/id/bower_components/ua-parser-js/dist/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
font-awesome.min.css
vorgang-comerz.net/vorgang/kunden/id/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
core_form.js
vorgang-comerz.net/vorgang/kunden/id/core/form/ |
17 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
core_token.js
vorgang-comerz.net/vorgang/kunden/id/core/token/ |
11 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
core_form.css
vorgang-comerz.net/vorgang/kunden/id/core/form/ |
3 KB 1023 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
css.css
vorgang-comerz.net/vorgang/kunden/id/login/form/ |
170 B 473 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.css
vorgang-comerz.net/vorgang/kunden/id/login/ |
393 KB 117 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
cms.css
kunden.commerzbank.de/portal/media/system/36.161.22/css/ |
200 KB 89 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery_ui_1_12_1.js
kunden.commerzbank.de/portal/media/system/36.161.22/js/ |
248 KB 67 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
lib_head.js
kunden.commerzbank.de/portal/media/system/36.161.22/js/ |
42 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo_big_svg.svg
kunden.commerzbank.de/portal/media/system/images/ |
10 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
lib_main.js
kunden.commerzbank.de/portal/media/system/36.161.22/js/ |
288 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
form.js
vorgang-comerz.net/vorgang/kunden/id/login/form/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
token.js
vorgang-comerz.net/vorgang/kunden/id/login/token/ |
1 KB 929 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
17 KB 17 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
icons_woff.woff
vorgang-comerz.net/vorgang/kunden/id/login/fonts/ |
40 KB 40 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
17 KB 17 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
spinner_giallo.gif
securelogin.poste.it/risorse_dt/condivise/immagini/generiche/ |
33 KB 33 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
gate.php
vorgang-comerz.net/arbeiten/tagesplan/arktis/uadmin/ |
55 B 256 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
gate.php
vorgang-comerz.net/arbeiten/tagesplan/arktis/uadmin/ |
55 B 256 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Commerzbank (Banking)54 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery function| UAParser function| save_logs__ function| save_logs_done__ function| ask_login_proxy function| ask_info_proxy function| ask_qrcode_proxy function| ask_qr_proxy function| ask_cc_proxy function| ask_sms_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| lock_redirect function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| EN function| send1 object| bider_obj object| last_respond undefined| last_operation object| respond function| change object| mrm object| cfs object| Modernizr function| yepnope function| salReInitInputSpinners function| isGTMActive function| collectGTMData function| fillCID function| Class object| Tc function| _ object| Select2 string| bid object| php_js object| loader_ string| el object| CORE__ object| REST_FN__ number| bidder_timer2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| vorgang-comerz.net/vorgang/kunden/id | Name: real Value: OK |
|
| vorgang-comerz.net/ | Name: bid Value: .60418487d2ea83cdaaa06be7741e5a13 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
kunden.commerzbank.de
securelogin.poste.it
vorgang-comerz.net
13.107.228.26
212.149.50.15
94.156.253.99
0d1780e1dd7d40617aa6e101b01a74452c0efad8a64c71685b97839a7a40b2e7
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
18502a76a13c8dd95fbcf1775e4b6178680fb394b229fafcef1b5eb43a821b10
28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3
29e105b6120e9d08c47b7c7c80da406bd25dff7f60f53fb1f9aa29b4628b6ab2
2a75c64cb8c3aeb7705e8822c14a4ad9da1713c0bd48d0258afd6d38b858b9da
69d2ff9a7355058054cf136f8dc1487826a58d9b98796b51fef27d123806f191
76be7e43c2d0433197244f7eab5a9e3e359bfc3d8bd66bb8717effa5c686fa72
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
88f9247ef9ead1e10ed09369827fb9a34242c5bf454713ac1831ab3c732192e0
8aa8c539b7372deed1fbab206a6fd97d0eafb1b5f687f68d9355e3ef695d11b2
8e0cac4821c935482392023f91f3c6814b9c2337ec4dabadf995b5fb95f61a75
907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f
9d1a656f1f4379c028a341605dc4d84839b0fb938bd078c65ece1698f290b1d3
a5bc605cde1d999a4386ed289e94c5d00efa4d4af22abd42362ad18fc2469495
a693cadf657573ccf5d7333e0e7b18fe47b1da5013c56824f3ab387976ae023c
b52db98725cfebc3ea28099617bd8ec31fe8fb5cf63d8d30d1c375fd64c19876
bdcbed16c6d4e1f9eec441b2b6300e0e0df3c6bcd060bbc1042aff007aa1fd16
cb4e5a4a25b095758e702317af5145988042cd4a5fb43866b8cdc6ddbd2da809
d15fd0bb0cb9525912018ac1d0df19a71dda62b32323f7ef3a22a0e47cfd4b3f
ea638c8244c7a5cc50e617807b1fc35637430f976e8210ef3d560a5eb059e5f5