vertrag.commerzbank.de.dsv-information.ru Open in urlscan Pro
62.133.61.213 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://app.numasa.net/CibIP
Effective URL:
https://vertrag.commerzbank.de.dsv-information.ru/433285743214
Submission: On December 04 via manual (December 4th 2023, 11:45:37 am UTC) from DE — Scanned from DE

Summary HTTP 6 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main IP is 62.133.61.213, located in Netherlands and belongs to GIR-AS, RU. The main domain is vertrag.commerzbank.de.dsv-information.ru.
TLS certificate: Issued by R3 on December 2nd 2023. Valid for: 3 months.

This is the only time vertrag.commerzbank.de.dsv-information.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Commerzbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	174.138.188.6 174.138.188.6	19318 (IS-AS-1) (IS-AS-1)
1 1	2606:4700:303... 2606:4700:3033::6815:4b62	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	62.133.61.213 62.133.61.213	207713 (GIR-AS) (GIR-AS)
6	2

1 174.138.188.6 (United States) 1 redirects

ASN19318 (IS-AS-1, US)
PTR: webhosting2026.is.cc

app.numasa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::6815:4b62 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

defaulter.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 62.133.61.213 (Netherlands)

ASN207713 (GIR-AS, RU)
PTR: revomeno.ip-ptr.tech

vertrag.commerzbank.de.dsv-information.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	dsv-information.ru vertrag.commerzbank.de.dsv-information.ru	698 KB
1	defaulter.site 1 redirects defaulter.site	800 B
1	numasa.net 1 redirects app.numasa.net	412 B
6	3

	Domain	Requested by
6	vertrag.commerzbank.de.dsv-information.ru	vertrag.commerzbank.de.dsv-information.ru
1	defaulter.site	1 redirects
1	app.numasa.net	1 redirects
6	3

This site contains links to these domains. Also see Links.

Domain
service.commerzbank.de

Subject Issuer	Validity	Valid
vertrag.commerzbank.de.dsv-information.ru R3	`2023-12-02` - `2024-03-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://vertrag.commerzbank.de.dsv-information.ru/433285743214
Frame ID: 347173D1EED91723073197B91B4985AC
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Die Bank für Privat- und Unternehmerkunden - Commerzbankionicons-v5-b

Page URL History Show full URLs

https://app.numasa.net/CibIP HTTP 301
https://defaulter.site/4ZFjn6 HTTP 302
https://vertrag.commerzbank.de.dsv-information.ru/433285743214 Page URL

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

6
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

736 kB
Transfer

735 kB
Size

4
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://service.commerzbank.de/welche-fehler-treten-haeufig-in-der-phototan-app-auf/
Title: hier

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://app.numasa.net/CibIP HTTP 301
https://defaulter.site/4ZFjn6 HTTP 302
https://vertrag.commerzbank.de.dsv-information.ru/433285743214 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request 433285743214 Show response vertrag.commerzbank.de.dsv-information.ru/ Redirect Chain https://app.numasa.net/CibIP https://defaulter.site/4ZFjn6 https://vertrag.commerzbank.de.dsv-information.ru/433285743214	482 B 575 B	513ms 109ms	Document text/html	62.133.61.213 GIR-AS
General Check archive.org Show headers Download Go to Full URL https://vertrag.commerzbank.de.dsv-information.ru/433285743214 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 62.133.61.213 , Netherlands, ASN207713 (GIR-AS, RU), Reverse DNS revomeno.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `2f6a1a26f7693389f1e818719e7bdf03d6e7073595742455d5bd6ca7796096cb` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html Date Mon, 04 Dec 2023 11:45:32 GMT ETag W/"6562b18a-1e2" Last-Modified Sun, 26 Nov 2023 02:46:34 GMT Server nginx/1.18.0 (Ubuntu) Transfer-Encoding chunked Redirect headers access-control-allow-origin * alt-svc h3=":443"; ma=86400 cache-control no-cache, no-store, must-revalidate cf-cache-status DYNAMIC cf-ray 8303cdbf0ad85d39-FRA content-type text/html; charset=utf-8 date Mon, 04 Dec 2023 11:45:32 GMT expires Mon, 04 Dec 2023 11:45:32 GMT location https://vertrag.commerzbank.de.dsv-information.ru/433285743214 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qEhZOTboFb3O3v7cMKVyxnTBbbSbYu4iCtDLzqS5jVZBLACS4C1pSgPoitxXRKB8HfXwA1XVZlQkbP5tvfWeTUZQOnIkFpyA%2BXLvMHRAF30AX7QnhdsunJHdtyBmeq1Npx%2FcE%2FOnJiUKBvTtcw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H/1.1	200 OK	index-183d9296.js Show response vertrag.commerzbank.de.dsv-information.ru/assets/	195 KB 195 KB	186ms 186ms	Script application/javascript	62.133.61.213 GIR-AS
General Check archive.org Show headers Download Go to Full URL https://vertrag.commerzbank.de.dsv-information.ru/assets/index-183d9296.js Requested by Host: vertrag.commerzbank.de.dsv-information.ru URL: https://vertrag.commerzbank.de.dsv-information.ru/433285743214 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 62.133.61.213 , Netherlands, ASN207713 (GIR-AS, RU), Reverse DNS revomeno.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `1d3abe14a2def2a82c889d934ed89eecaf252fe5eb716ef2ff3022a5a3b67c62` Request headers Referer https://vertrag.commerzbank.de.dsv-information.ru/433285743214 Origin https://vertrag.commerzbank.de.dsv-information.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Mon, 04 Dec 2023 11:45:32 GMT Last-Modified Sun, 26 Nov 2023 02:46:34 GMT Server nginx/1.18.0 (Ubuntu) ETag "6562b18a-30b41" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 199489
GET H/1.1	200 OK	index-8416c297.css vertrag.commerzbank.de.dsv-information.ru/assets/	492 KB 492 KB	279ms 188ms	Stylesheet text/css	62.133.61.213 GIR-AS
General Check archive.org Show headers Download Go to Full URL https://vertrag.commerzbank.de.dsv-information.ru/assets/index-8416c297.css Requested by Host: vertrag.commerzbank.de.dsv-information.ru URL: https://vertrag.commerzbank.de.dsv-information.ru/433285743214 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 62.133.61.213 , Netherlands, ASN207713 (GIR-AS, RU), Reverse DNS revomeno.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `8416c2978ae5d6351d949bd4d3544b6dfab54396f54db6b17e285441dcd6899c` Request headers accept-language de-DE,de;q=0.9 Referer https://vertrag.commerzbank.de.dsv-information.ru/433285743214 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Mon, 04 Dec 2023 11:45:32 GMT Last-Modified Sun, 26 Nov 2023 02:46:34 GMT Server nginx/1.18.0 (Ubuntu) ETag "6562b18a-7ae36" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 503350
GET H/1.1	200 OK	runtime-configuration.json Show response vertrag.commerzbank.de.dsv-information.ru/	139 B 392 B	109ms 109ms	Fetch application/json	62.133.61.213 GIR-AS
General Check archive.org Show headers Download Go to Full URL https://vertrag.commerzbank.de.dsv-information.ru/runtime-configuration.json Requested by Host: vertrag.commerzbank.de.dsv-information.ru URL: https://vertrag.commerzbank.de.dsv-information.ru/assets/index-183d9296.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 62.133.61.213 , Netherlands, ASN207713 (GIR-AS, RU), Reverse DNS revomeno.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `4da4ce7e39cdd03c05d539a2256468a6cd2c92074c64d70c039bee10a1d80a5f` Request headers accept-language de-DE,de;q=0.9 Referer https://vertrag.commerzbank.de.dsv-information.ru/433285743214 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Mon, 04 Dec 2023 11:45:33 GMT Last-Modified Fri, 10 Nov 2023 13:16:06 GMT Server nginx/1.18.0 (Ubuntu) ETag "654e2d16-8b" Content-Type application/json Connection keep-alive Accept-Ranges bytes Content-Length 139
GET H/1.1	200 OK	runtime-configuration.json Show response vertrag.commerzbank.de.dsv-information.ru/	139 B 392 B	109ms 109ms	Fetch application/json	62.133.61.213 GIR-AS
General Check archive.org Show headers Download Go to Full URL https://vertrag.commerzbank.de.dsv-information.ru/runtime-configuration.json Requested by Host: vertrag.commerzbank.de.dsv-information.ru URL: https://vertrag.commerzbank.de.dsv-information.ru/assets/index-183d9296.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 62.133.61.213 , Netherlands, ASN207713 (GIR-AS, RU), Reverse DNS revomeno.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `4da4ce7e39cdd03c05d539a2256468a6cd2c92074c64d70c039bee10a1d80a5f` Request headers accept-language de-DE,de;q=0.9 Referer https://vertrag.commerzbank.de.dsv-information.ru/433285743214 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Mon, 04 Dec 2023 11:45:33 GMT Last-Modified Fri, 10 Nov 2023 13:16:06 GMT Server nginx/1.18.0 (Ubuntu) ETag "654e2d16-8b" Content-Type application/json Connection keep-alive Accept-Ranges bytes Content-Length 139
GET H/1.1	200 OK	main_log-825432bc.svg vertrag.commerzbank.de.dsv-information.ru/assets/	10 KB 10 KB	201ms 110ms	Image image/svg+xml	62.133.61.213 GIR-AS
General Check archive.org Show headers Download Go to Show image Full URL https://vertrag.commerzbank.de.dsv-information.ru/assets/main_log-825432bc.svg Requested by Host: vertrag.commerzbank.de.dsv-information.ru URL: https://vertrag.commerzbank.de.dsv-information.ru/session/ce43d69d-3ee3-44cd-b08d-bc0113c59d88/login Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 62.133.61.213 , Netherlands, ASN207713 (GIR-AS, RU), Reverse DNS revomeno.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `825432bc83a9447de06f59db08ea3ab7e384270e6e2c27009e4574c904f9c497` Request headers accept-language de-DE,de;q=0.9 Referer https://vertrag.commerzbank.de.dsv-information.ru/session/ce43d69d-3ee3-44cd-b08d-bc0113c59d88/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Mon, 04 Dec 2023 11:45:33 GMT Last-Modified Sun, 26 Nov 2023 02:46:34 GMT Server nginx/1.18.0 (Ubuntu) ETag "6562b18a-2658" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 9816
GET DATA	200 OK	truncated /	375 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5b5d21b0827309c6beddfb341703d4007d7fa6e18332a994ccfe82dee3c60674` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	17 KB 17 KB		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8e0cac4821c935482392023f91f3c6814b9c2337ec4dabadf995b5fb95f61a75` Request headers Referer Origin https://vertrag.commerzbank.de.dsv-information.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Content-Type application/x-font-woff
GET DATA	200 OK	truncated /	17 KB 17 KB		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `88f9247ef9ead1e10ed09369827fb9a34242c5bf454713ac1831ab3c732192e0` Request headers Referer Origin https://vertrag.commerzbank.de.dsv-information.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Content-Type application/x-font-woff
GET DATA	200 OK	truncated /	3 KB 3 KB		Font font/woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b767317191cd67285ff9b462c75b56a56701431f4264a2fc348555e95fd038e8` Request headers Referer Origin https://vertrag.commerzbank.de.dsv-information.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Content-Type font/woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Commerzbank (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture boolean| __VUE__

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
app.numasa.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: 6032e94fa6281d9b1dccfdbd77b7e7bc
app.numasa.net/	1970-01-20 16:41:31	Name: short_9141 Value: 1
defaulter.site/	1970-01-20 17:26:08	Name: _subid Value: ao8d5gujv
defaulter.site/	1970-01-21 02:17:30	Name: 7347c Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjIxXCI6MTcwMTY5MDMzMn0sXCJjYW1wYWlnbnNcIjp7XCI0XCI6MTcwMTY5MDMzMn0sXCJ0aW1lXCI6MTcwMTY5MDMzMn0ifQ.wLieZNkII74muyAqe2jLkdaaYG1-6chxX54zS6Su-EA

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.numasa.net
defaulter.site
vertrag.commerzbank.de.dsv-information.ru
174.138.188.6
2606:4700:3033::6815:4b62
62.133.61.213
1d3abe14a2def2a82c889d934ed89eecaf252fe5eb716ef2ff3022a5a3b67c62
2f6a1a26f7693389f1e818719e7bdf03d6e7073595742455d5bd6ca7796096cb
4da4ce7e39cdd03c05d539a2256468a6cd2c92074c64d70c039bee10a1d80a5f
5b5d21b0827309c6beddfb341703d4007d7fa6e18332a994ccfe82dee3c60674
825432bc83a9447de06f59db08ea3ab7e384270e6e2c27009e4574c904f9c497
8416c2978ae5d6351d949bd4d3544b6dfab54396f54db6b17e285441dcd6899c
88f9247ef9ead1e10ed09369827fb9a34242c5bf454713ac1831ab3c732192e0
8e0cac4821c935482392023f91f3c6814b9c2337ec4dabadf995b5fb95f61a75
b767317191cd67285ff9b462c75b56a56701431f4264a2fc348555e95fd038e8

vertrag.commerzbank.de.dsv-information.ru Open in urlscan Pro 62.133.61.213 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

736 kBTransfer

735 kBSize

4 Cookies

1 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

4 Cookies

Indicators

vertrag.commerzbank.de.dsv-information.ru Open in urlscan Pro
62.133.61.213 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

736 kB
Transfer

735 kB
Size

4
Cookies

6 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!