verifizierungsdienst.copa-web.com Open in urlscan Pro
172.67.214.146 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://a.z-link.bio/w810n
Effective URL:
https://verifizierungsdienst.copa-web.com/
Submission: On September 19 via api (September 19th 2023, 3:39:24 pm UTC) from GB — Scanned from CA

Summary HTTP 17 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 17 HTTP transactions. The main IP is 172.67.214.146, located in United States and belongs to CLOUDFLARENET, US. The main domain is verifizierungsdienst.copa-web.com.
TLS certificate: Issued by GTS CA 1P5 on September 19th 2023. Valid for: 3 months.

This is the only time verifizierungsdienst.copa-web.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telekom (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1 1	51.222.207.122 51.222.207.122	16276 (OVH) (OVH)
10	172.67.214.146 172.67.214.146	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	62.157.140.200 62.157.140.200	3320 (DTAG Inte...) (DTAG Internet service provider operations)
1	80.158.67.40 80.158.67.40	34086 (SCZN-AS) (SCZN-AS)
17	3

1 51.222.207.122 (Canada) 1 redirects

ASN16276 (OVH, FR)
PTR: vps-509804ef.vps.ovh.ca

a.z-link.bio	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.67.214.146 (United States)

ASN13335 (CLOUDFLARENET, US)

verifizierungsdienst.copa-web.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 62.157.140.200 (Hanover, Germany)

ASN3320 (DTAG Internet service provider operations, DE)
PTR: accounts.login.idm.telekom.com

accounts.login.idm.telekom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.158.67.40 (Germany)

ASN34086 (SCZN-AS, DE)

www.telekom.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	copa-web.com verifizierungsdienst.copa-web.com	122 KB
6	telekom.com accounts.login.idm.telekom.com — Cisco Umbrella Rank: 46748	129 KB
1	telekom.de www.telekom.de — Cisco Umbrella Rank: 95057
1	z-link.bio 1 redirects a.z-link.bio	873 B
17	4

	Domain	Requested by
10	verifizierungsdienst.copa-web.com	verifizierungsdienst.copa-web.com
6	accounts.login.idm.telekom.com	verifizierungsdienst.copa-web.com
1	www.telekom.de	verifizierungsdienst.copa-web.com
1	a.z-link.bio	1 redirects
17	4

This site contains links to these domains. Also see Links.

Domain
www.telekom.de

Subject Issuer	Validity	Valid
copa-web.com GTS CA 1P5	`2023-09-19` - `2023-12-18`	3 months	crt.sh
accounts.login.idm.telekom.com Telekom Security ServerID EV Class 3 CA	`2023-07-27` - `2024-07-31`	a year	crt.sh
www.telekom.de Telekom Security ServerID OV Class 2 CA	`2023-07-03` - `2024-07-07`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://verifizierungsdienst.copa-web.com/
Frame ID: 10BCF6A620B1F6EE4D983E5C48032C5C
Requests: 16 HTTP requests in this frame

Frame: https://www.telekom.de/ueber-das-unternehmen/emetriq-xdn?zid=7eab1ec9-2260-46c8-9ae7-71c64b3545d9
Frame ID: 44B923C6AE36B9349A9629880421FBF4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telekom Login

Page URL History Show full URLs

https://a.z-link.bio/w810n HTTP 301
https://verifizierungsdienst.copa-web.com/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

251 kB
Transfer

484 kB
Size

3
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.telekom.de/datenschutzhinweise/download/026.pdf
Title: Datenschutzhinweisen

Search URL Search Domain Scan URL

URL: https://www.telekom.de/hilfe/telekom-login
Title: Benötigen Sie Hilfe?

Search URL Search Domain Scan URL

URL: https://www.telekom.de/unterwegs/apps-und-dienste/kommunikation/telekom-e-mail
Title: Telekom Login erstellen

Search URL Search Domain Scan URL

URL: https://www.telekom.de/hilfe/vertrag-meine-daten/login-daten-passwoerter/verimi
Title: Hier informieren über VERIMI

Search URL Search Domain Scan URL

URL: https://www.telekom.de/impressum
Title: Impressum

Search URL Search Domain Scan URL

URL: https://www.telekom.de/ueber-das-unternehmen/datenschutz#fragen-und-antworten
Title: Datenschutz

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://a.z-link.bio/w810n HTTP 301
https://verifizierungsdienst.copa-web.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
verifizierungsdienst.copa-web.com/
Redirect Chain

https://a.z-link.bio/w810n
https://verifizierungsdienst.copa-web.com/

10 KB
3 KB

238ms
184ms

Document
text/html

172.67.214.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://verifizierungsdienst.copa-web.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.214.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23aa31b9d41a960eb491ab00433c7e4c84c445741ac772ca5279a35d979c97a2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8092ebaf5e8936d8-YYZ
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 19 Sep 2023 15:39:18 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FEzURF2km7%2B7SpV28uSW%2Fac%2FUGJsmphu1SOI248CA7TylH9wDxM%2FvERDd%2F3Xt8Gph1WUfWDCWtXaUjXO4Bo5XbaHArrkoamYVMNthOk7kJ4whKbF%2FCljuzYPJz7T0m2lQ5FDVeW5drz%2FuDqXA7GYQfj%2Fn%2Fs%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

cache-control: must-revalidate, no-cache, no-store, private
content-type: text/html; charset=UTF-8
date: Tue, 19 Sep 2023 15:39:18 GMT
location: https://verifizierungsdienst.copa-web.com/
server: nginx/1.22.1
x-powered-by: PHP/8.1.21

GET
H2 200 components.min.css
verifizierungsdienst.copa-web.com/static/factorx/css/ 98 KB
18 KB 60ms
58ms Stylesheet
text/css 172.67.214.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://verifizierungsdienst.copa-web.com/static/factorx/css/components.min.css
Requested by: Host: verifizierungsdienst.copa-web.com
URL: https://verifizierungsdienst.copa-web.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.214.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f58ecb754487f42fbec18a84421310ab268024c38ec4f4e125aefbcc26fa2fe1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://verifizierungsdienst.copa-web.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 19 Sep 2023 15:39:18 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 16 May 2023 18:43:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2897
etag: W/"188ab-5fbd3f1dcbd80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kzVwdFQIi8PzLjOrQkO8QeDQb7JnEChJQBka9e39pT60hjAFUXkE2NYe0o3hV5UqmRnb%2FO9sn%2BkBqonITjjE6Kck21KqKacyasTWMG42Q26Zg8SdLhWrhNwZsjKISl7MAT4e99RF%2BL3I3Shyf4unc2ibWas%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8092ebb088c236d8-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 login-25.06.0.css
verifizierungsdienst.copa-web.com/static/factorx/css/ 19 KB
4 KB 32ms
30ms Stylesheet
text/css 172.67.214.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://verifizierungsdienst.copa-web.com/static/factorx/css/login-25.06.0.css
Requested by: Host: verifizierungsdienst.copa-web.com
URL: https://verifizierungsdienst.copa-web.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.214.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 83bd22cccb10027fa1d1d570e70b6f215ecddd6a3e5548dd1dba327d53f06cee

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://verifizierungsdienst.copa-web.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 19 Sep 2023 15:39:18 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 16 May 2023 18:51:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2896
etag: W/"4a39-5fbd40fe72b80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SsadIBWNkKjasodQqTVTNT4S%2BB43pju6YGn%2BqDlCjL06rhFYEf7raaizgmLoaLraDW5LQ6qy60ztKV2J4S8Nse6jdY2K8QAPnvbwYdXDZGS00xM8zzVIBk6QG4EcU9H3IWyZCFKAhkqwKSlpXsZOFjxnOk4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8092ebb088c736d8-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery-3.2.1.min.js Show response
verifizierungsdienst.copa-web.com/static/factorx/js/ 85 KB
31 KB 39ms
38ms Script
application/javascript 172.67.214.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://verifizierungsdienst.copa-web.com/static/factorx/js/jquery-3.2.1.min.js
Requested by: Host: verifizierungsdienst.copa-web.com
URL: https://verifizierungsdienst.copa-web.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.214.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://verifizierungsdienst.copa-web.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 19 Sep 2023 15:39:18 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 16 May 2023 18:43:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2896
etag: W/"15283-5fbd3f22908c0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WpDpt%2F4oiyZzwrieTN5ucei7hWjnSWurVHSJN2QVG%2FcdCsNlCO5YmZmOQFWrXS%2F%2BrJZmw5sOVJNmNWqugm4MZiFCR%2BUIwXgMc6PPHzTR9iF5OydPHQv%2Fd3uHGcuxJz20NKFeGnB5Zu7Tcn%2B1vPSnCYY2vPI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8092ebb088c936d8-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery-matchheight-0.7.2.min.js Show response
verifizierungsdienst.copa-web.com/static/factorx/js/ 3 KB
2 KB 37ms
36ms Script
application/javascript 172.67.214.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://verifizierungsdienst.copa-web.com/static/factorx/js/jquery-matchheight-0.7.2.min.js
Requested by: Host: verifizierungsdienst.copa-web.com
URL: https://verifizierungsdienst.copa-web.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.214.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ebd3995a2d04fc1550f8d025400411954fdb51dcaa24def899d8fc33b2504a7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://verifizierungsdienst.copa-web.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 19 Sep 2023 15:39:18 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 16 May 2023 18:43:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2895
etag: W/"d30-5fbd3f22908c0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PnfvcnctpMSBhMtoeznPfBb6D4zh1Awa0Ne45lhgx%2BO80rWLeDLhwb5tzbDi34ExQ78zxUAzuiCvdWvHO5G3GYGEZFzfC0Jmn4H830NXYRbCZsiab1ds3sGCUEzW2kJpbPdx0yZFDc83cBIj8FuTqC6cVoA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8092ebb088ca36d8-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 components.min.js Show response
verifizierungsdienst.copa-web.com/static/factorx/js/ 76 KB
23 KB 65ms
64ms Script
application/javascript 172.67.214.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://verifizierungsdienst.copa-web.com/static/factorx/js/components.min.js
Requested by: Host: verifizierungsdienst.copa-web.com
URL: https://verifizierungsdienst.copa-web.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.214.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42d274b3c3f7c6565c2f3cc9b009770f143ceca121b91bc25f844f7040f18c94

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://verifizierungsdienst.copa-web.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 19 Sep 2023 15:39:18 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 16 May 2023 18:43:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2897
etag: W/"12f8a-5fbd3f1fb4200-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n5KCX31UEtWPTINkeSRuUsUfsYF6ArrLgCaen%2FIJkudNE9aAypK89jKW%2FMl9FwyZwqFXold%2BaxqmeIDafQv1o%2Bq49NKodspz3GjeIRjKh7GgF3yp6DIoGiZVM2jxNpwTjINEdaUwYQ7jzg2VE25DOmxKSmQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8092ebb088cc36d8-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 login.js Show response
verifizierungsdienst.copa-web.com/static/factorx/js/ 17 KB
4 KB 37ms
36ms Script
application/javascript 172.67.214.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://verifizierungsdienst.copa-web.com/static/factorx/js/login.js
Requested by: Host: verifizierungsdienst.copa-web.com
URL: https://verifizierungsdienst.copa-web.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.214.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ebdecd626a8b90569845752ff2127d026d88f4b314440627bf1987acdec5595

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://verifizierungsdienst.copa-web.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 19 Sep 2023 15:39:18 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 16 May 2023 18:43:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2895
etag: W/"446d-5fbd3f2384b00-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NqDfHBqwxSB25Idw%2FtcMHZWffTSDm3%2F5LROTake6rR36jsycP4Q23ANNVqwYCREViGm9agbNKcA1UgNtNzsPMYMfWnhaO%2FGBUwnowrJ1h2sdMsgmxFCTYTQ0mYmzU73iKzF3HTxA7UK0dH8Z6BqGhhNRpNY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8092ebb088d036d8-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 behavioweb_form_2021-06-24.min.js Show response
verifizierungsdienst.copa-web.com/static/factorx/js/ 22 KB
8 KB 33ms
32ms Script
application/javascript 172.67.214.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://verifizierungsdienst.copa-web.com/static/factorx/js/behavioweb_form_2021-06-24.min.js
Requested by: Host: verifizierungsdienst.copa-web.com
URL: https://verifizierungsdienst.copa-web.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.214.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6bc4cb95356938694c444e05063a18fb77ef9a804edc1a1a8c9a9f6460f95533

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://verifizierungsdienst.copa-web.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 19 Sep 2023 15:39:18 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 16 May 2023 18:43:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2895
etag: W/"56a0-5fbd3f1ebffc0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9FndUZ00ygowIUc86uYd2ATA1CxtqwKDGtm1NVnmzUwFKsRAlUzpkAPwYaPsY6ux1jMoAKYQDc3uGyBQGu%2FXjt9l9VUvGjMGOi0R7F6Sjr%2Brnrk8siD%2F%2FEM3pgucPj14ivf25D4QCnBtlb8aPWCgNTm2lGQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8092ebb088d236d8-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 telekom-logo-claim.svg
accounts.login.idm.telekom.com/static/factorx/images/ 5 KB
5 KB 1155ms
119ms Image
image/svg+xml 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://accounts.login.idm.telekom.com/static/factorx/images/telekom-logo-claim.svg

Requested by

Host: verifizierungsdienst.copa-web.com
URL: https://verifizierungsdienst.copa-web.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

62.157.140.200 Hanover, Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

5c39703ca6b9a762a5ed4308ed1722b8361742c4d8a4869ced5c8d6140403f95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://verifizierungsdienst.copa-web.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 19 Sep 2023 15:39:19 GMT
sh: 24bd52440b59a9c54a04fab4442b7384
last-modified: Wed, 18 Jan 2023 06:40:33 GMT
server: Apache
p3p: CP="NOI CURa TAIa OUR NOR UNI"
content-type: image/svg+xml
cache-control: public
accept-ranges: bytes
content-length: 5001
expires: Tue, 19 Sep 2023 16:39:19 GMT

GET
H3 200 t-online-logo-29112019.png
verifizierungsdienst.copa-web.com/www.t-online.de/auth/ 6 KB
6 KB 30ms
30ms Image
image/png 172.67.214.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://verifizierungsdienst.copa-web.com/www.t-online.de/auth/t-online-logo-29112019.png
Requested by: Host: verifizierungsdienst.copa-web.com
URL: https://verifizierungsdienst.copa-web.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.214.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11eed36ec8f3c28fd90958d9881d080cf237ab18d6792dd22785e729f06795ba

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://verifizierungsdienst.copa-web.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 19 Sep 2023 15:39:18 GMT
cf-cache-status: HIT
last-modified: Tue, 16 May 2023 18:43:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2753
etag: "16db-5fbd3f0ca1500"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TRspkVDWfAIKFodtbKROBw6zZNJ1akeNlTbXDKCZRtvdELkGXFPIO8yGxM1kiU1DLD%2FaeHmlnvDt7QZCp1NkCw54bVCu%2F86428u%2FgrFWMYmKnMnn%2BWKSfNhmWJ%2FADYgHGDPH7R35j5ZA4Vvlp9L1EM1jKwE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8092ebb12bb3a22c-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 5851

GET
H3 200 services.png
verifizierungsdienst.copa-web.com/static/factorx/images/ 22 KB
23 KB 33ms
32ms Image
image/png 172.67.214.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://verifizierungsdienst.copa-web.com/static/factorx/images/services.png
Requested by: Host: verifizierungsdienst.copa-web.com
URL: https://verifizierungsdienst.copa-web.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.214.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://verifizierungsdienst.copa-web.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 19 Sep 2023 15:39:18 GMT
cf-cache-status: HIT
last-modified: Tue, 16 May 2023 18:43:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2751
etag: "5877-5fbd3f1dcbd80"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YAffDIlfnV1gObqHJuo8ZsAbYpzg9NjSSXreZg8F26caaufTpmrCCAIYAT6rF7ER5vu5aG%2FB2%2BfqjrTIydQVnsssJ5RWk7NltsBIcfudqw6Y9jYV8cqYjRWrPY4VBn78zW7Yq8vGPWVvlf%2FQ0hEtU%2Fhg%2F%2FY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8092ebb13bbea22c-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 22647

GET
H2 200 emetriq-xdn
www.telekom.de/ueber-das-unternehmen/ Frame 44B9 0
0 501ms
146ms Document
text/html 80.158.67.40
SCZN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.telekom.de/ueber-das-unternehmen/emetriq-xdn?zid=7eab1ec9-2260-46c8-9ae7-71c64b3545d9

Requested by

Host: verifizierungsdienst.copa-web.com
URL: https://verifizierungsdienst.copa-web.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

80.158.67.40 , Germany, ASN34086 (SCZN-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' accounts.login.idm.telekom.com;
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://verifizierungsdienst.copa-web.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 287
cache-control: max-age=3600
content-disposition: inline; filename="emetriq-xdn.htm"
content-language: de
content-length: 951
content-security-policy: frame-ancestors 'self' accounts.login.idm.telekom.com;
content-type: text/html;charset=UTF-8
date: Tue, 19 Sep 2023 15:34:31 GMT
server: Apache
strict-transport-security: max-age=16070400; includeSubDomains
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-frame-options: DENY
x-varnish: 736343776 736048631
x-xss-protection: 1; mode=block
xkey: 698752

GET
H2 200 data_protection.svg
accounts.login.idm.telekom.com/static/factorx/images/ 673 B
731 B 1109ms
120ms Image
image/svg+xml 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://accounts.login.idm.telekom.com/static/factorx/images/data_protection.svg

Requested by

Host: verifizierungsdienst.copa-web.com
URL: https://verifizierungsdienst.copa-web.com/static/factorx/css/login-25.06.0.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

62.157.140.200 Hanover, Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

53637a2d4745687c07969427a743c6b9207b3ba6e261fa19a61cccaab46eb316

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://verifizierungsdienst.copa-web.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 19 Sep 2023 15:39:19 GMT
sh: 24bd52440b59a9c54a04fab4442b7384
last-modified: Wed, 25 Nov 2020 06:16:23 GMT
server: Apache
p3p: CP="NOI CURa TAIa OUR NOR UNI"
content-type: image/svg+xml
cache-control: public
accept-ranges: bytes
content-length: 673
expires: Tue, 19 Sep 2023 16:39:19 GMT

GET
H2 200 telegroteskscreen-thin.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 57 KB
58 KB 1101ms
113ms Font
application/x-font-woff 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-thin.woff

Requested by

Host: verifizierungsdienst.copa-web.com
URL: https://verifizierungsdienst.copa-web.com/static/factorx/css/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

62.157.140.200 Hanover, Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

3c3cff57406992d5b880806e120965b2a77f6a9ac1bbe7a781bfc9f752b4ab5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://verifizierungsdienst.copa-web.com/
Origin: https://verifizierungsdienst.copa-web.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 19 Sep 2023 15:39:19 GMT
sh: 48a2a2f8015144cc8362d02caadc02cf
last-modified: Wed, 25 Nov 2020 05:40:34 GMT
server: Apache
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://verifizierungsdienst.copa-web.com
content-type: application/x-font-woff
cache-control: public
accept-ranges: bytes
content-length: 58248
expires: Tue, 26 Sep 2023 15:39:19 GMT

GET
H2 200 telegroteskscreen-regular.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 53 KB
54 KB 1102ms
114ms Font
application/x-font-woff 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-regular.woff

Requested by

Host: verifizierungsdienst.copa-web.com
URL: https://verifizierungsdienst.copa-web.com/static/factorx/css/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

62.157.140.200 Hanover, Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

b80effdb6b1baee7ad8a926a027a9f085d0b91a1b52e3a8cf34e9a6b087aad97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://verifizierungsdienst.copa-web.com/
Origin: https://verifizierungsdienst.copa-web.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 19 Sep 2023 15:39:19 GMT
sh: 48a2a2f8015144cc8362d02caadc02cf
last-modified: Wed, 25 Nov 2020 05:40:34 GMT
server: Apache
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://verifizierungsdienst.copa-web.com
content-type: application/x-font-woff
cache-control: public
accept-ranges: bytes
content-length: 54684
expires: Tue, 26 Sep 2023 15:39:19 GMT

GET
H2 200 teleicon-outline.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 9 KB
9 KB 1103ms
114ms Font
application/x-font-woff 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/fonts/teleicon-outline.woff

Requested by

Host: verifizierungsdienst.copa-web.com
URL: https://verifizierungsdienst.copa-web.com/static/factorx/css/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

62.157.140.200 Hanover, Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

01fa42140c7fd1e43496b320027681e75123e8121c4ff52e7a390a4ec37d9379

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://verifizierungsdienst.copa-web.com/
Origin: https://verifizierungsdienst.copa-web.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 19 Sep 2023 15:39:19 GMT
sh: 48a2a2f8015144cc8362d02caadc02cf
last-modified: Wed, 25 Nov 2020 05:40:34 GMT
server: Apache
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://verifizierungsdienst.copa-web.com
content-type: application/x-font-woff
cache-control: public
accept-ranges: bytes
content-length: 8824
expires: Tue, 26 Sep 2023 15:39:19 GMT

GET
H2 200 teleicon-ui.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 3 KB
3 KB 1084ms
118ms Font
application/x-font-woff 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/fonts/teleicon-ui.woff

Requested by

Host: verifizierungsdienst.copa-web.com
URL: https://verifizierungsdienst.copa-web.com/static/factorx/css/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

62.157.140.200 Hanover, Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

3cf35b128c4c5dcd9bb0a12bcc009f2e46e382edec4737360a623d0052a6fe34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://verifizierungsdienst.copa-web.com/
Origin: https://verifizierungsdienst.copa-web.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 19 Sep 2023 15:39:19 GMT
sh: 48a2a2f8015144cc8362d02caadc02cf
last-modified: Wed, 25 Nov 2020 05:40:34 GMT
server: Apache
p3p: CP="NOI CURa TAIa OUR NOR UNI"
access-control-allow-origin: https://verifizierungsdienst.copa-web.com
content-type: application/x-font-woff
cache-control: public
accept-ranges: bytes
content-length: 2736
expires: Tue, 26 Sep 2023 15:39:19 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telekom (Telecommunication)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
a.z-link.bio/	1970-01-20 14:52:25	Name: XSRF-TOKEN Value: eyJpdiI6InpmV09ZREFDRkRCWmxhazd3cVhXS3c9PSIsInZhbHVlIjoiUHgxY1JQZVpuN1BPRXVPVzJldENxekViaW15UEk5UEpzRjF5aHZ2R3JscU81b0NuT2hNb3k5Si8wbEZwN0dWcmdjbW9Ha0lMblFNUTJLYXJBckxqU1U4ZElGbE5RTGlLTjRYbTJLWU5kM0ZtNVREdHZ5aU1GY2tBWEN5R1RvSGoiLCJtYWMiOiI5Y2I2NTFhZDgwMzMyZmI1Y2IxM2FjYTljNTJlM2I4OThkOTI4ZDM0MTMxZmQ2MzA0ZTVmYzFmMzQ3NGNhNjljIiwidGFnIjoiIn0%3D
a.z-link.bio/	1970-01-20 14:52:25	Name: phpshort_session Value: eyJpdiI6Imowczd5UmZhd1lPMkZPNW53S0VZemc9PSIsInZhbHVlIjoiSk5KcXZhaExDRlZtTnp4Y3FaVWxtc1pSRTRGdVZlZVUwQlZuV3JadlFiNUsyQnczZXRqdDA5UjViUVlVY0Q1NHRVa0k5ZmZTL09LM3FOOHRKUTQ1b2NwazV4Qmd5MTBXRFVBaHZyY1JxWndtTzlGZkN0M1Y4enhDM2U3RlVQTk4iLCJtYWMiOiI5MjI4NjIxNTRjNTdmNzg1ZGE5Mjk0YzQ4NGI1ZWViMzc4ZDAyMzZjYjRjNTMzMjE5OTM3NGQ3OTNjMTUxNjcxIiwidGFnIjoiIn0%3D
verifizierungsdienst.copa-web.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 2iarkpqor7fmi9i8vgecn16hvl

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	Message: Refused to frame 'https://www.telekom.de/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' accounts.login.idm.telekom.com".

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.z-link.bio
accounts.login.idm.telekom.com
verifizierungsdienst.copa-web.com
www.telekom.de
172.67.214.146
51.222.207.122
62.157.140.200
80.158.67.40
01fa42140c7fd1e43496b320027681e75123e8121c4ff52e7a390a4ec37d9379
11eed36ec8f3c28fd90958d9881d080cf237ab18d6792dd22785e729f06795ba
14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22
23aa31b9d41a960eb491ab00433c7e4c84c445741ac772ca5279a35d979c97a2
3c3cff57406992d5b880806e120965b2a77f6a9ac1bbe7a781bfc9f752b4ab5c
3cf35b128c4c5dcd9bb0a12bcc009f2e46e382edec4737360a623d0052a6fe34
42d274b3c3f7c6565c2f3cc9b009770f143ceca121b91bc25f844f7040f18c94
53637a2d4745687c07969427a743c6b9207b3ba6e261fa19a61cccaab46eb316
5c39703ca6b9a762a5ed4308ed1722b8361742c4d8a4869ced5c8d6140403f95
6bc4cb95356938694c444e05063a18fb77ef9a804edc1a1a8c9a9f6460f95533
6ebd3995a2d04fc1550f8d025400411954fdb51dcaa24def899d8fc33b2504a7
83bd22cccb10027fa1d1d570e70b6f215ecddd6a3e5548dd1dba327d53f06cee
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8ebdecd626a8b90569845752ff2127d026d88f4b314440627bf1987acdec5595
b80effdb6b1baee7ad8a926a027a9f085d0b91a1b52e3a8cf34e9a6b087aad97
f58ecb754487f42fbec18a84421310ab268024c38ec4f4e125aefbcc26fa2fe1

verifizierungsdienst.copa-web.com Open in urlscan Pro 172.67.214.146 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

3 IPs

3 Countries

251 kBTransfer

484 kBSize

3 Cookies

6 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

3 Cookies

1 Console Messages

Indicators

verifizierungsdienst.copa-web.com Open in urlscan Pro
172.67.214.146 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

251 kB
Transfer

484 kB
Size

3
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!