urlscan.io logo urlscan.io
SecurityTrails logo

identifikationsservice.copa-web.com Open in urlscan Pro
2606:4700:3033::6815:4338  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://linkfuly.com/SHs2D
Effective URL: https://identifikationsservice.copa-web.com/cd/Vorgang
Submission: On September 19 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 4 domains to perform 8 HTTP transactions. The main IP is 2606:4700:3033::6815:4338, located in United States and belongs to CLOUDFLARENET, US. The main domain is identifikationsservice.copa-web.com.
TLS certificate: Issued by GTS CA 1P5 on September 19th 2023. Valid for: 3 months.
This is the only time identifikationsservice.copa-web.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Commerzbank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 18.223.205.12 16509 (AMAZON-02)
1 1 51.222.207.122 16276 (OVH)
7 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
8 2
Apex Domain
Subdomains		 Transfer
7 copa-web.com
identifikationsservice.copa-web.com
226 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 410
28 KB
1 z-link.bio
a.z-link.bio
879 B
1 linkfuly.com
linkfuly.com
553 B
8 4
Domain Requested by
7 identifikationsservice.copa-web.com identifikationsservice.copa-web.com
1 cdnjs.cloudflare.com identifikationsservice.copa-web.com
1 a.z-link.bio 1 redirects
1 linkfuly.com 1 redirects
8 4

This site contains no links.

Subject Issuer Validity Valid
copa-web.com
GTS CA 1P5		 2023-09-19 -
2023-12-18		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://identifikationsservice.copa-web.com/cd/Vorgang
Frame ID: AAE36AA28D12365C8B96CDD55B07ADF3
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

comdirect - Wir aktualisieren unsere AGBs!

Page URL History Show full URLs

  1. http://linkfuly.com/SHs2D HTTP 301
    https://a.z-link.bio/hflrq HTTP 301
    https://identifikationsservice.copa-web.com/cd/Vorgang Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

255 kB
Transfer

1475 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://linkfuly.com/SHs2D HTTP 301
    https://a.z-link.bio/hflrq HTTP 301
    https://identifikationsservice.copa-web.com/cd/Vorgang Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Vorgang
identifikationsservice.copa-web.com/cd/
Redirect Chain
  • http://linkfuly.com/SHs2D
  • https://a.z-link.bio/hflrq
  • https://identifikationsservice.copa-web.com/cd/Vorgang
39 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://identifikationsservice.copa-web.com/cd/Vorgang
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:4338 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7828b19604a6b4c10c0781c015e35cb246c9bd6bfe32342abfd9747bf436b399

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8092a41e5b8830e8-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 19 Sep 2023 14:50:27 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qCgS4vXXML4FnmSWgPYYn7I0wR%2BxI7oegUl9cZCwQzLrMGS9QXmzqDXOovQZTGTcfHjhtug9fqiv%2FGh1g2z9eHmjeCm%2BRE8EmW%2FXIAxtsOAzkuF8%2B2WS5EJHdo0JustzZBzlhvFbd8ZRSKLKdXHVupLePkZODut5vDI0cLXPvrHEpA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

cache-control
must-revalidate, no-cache, no-store, private
content-type
text/html; charset=UTF-8
date
Tue, 19 Sep 2023 14:50:26 GMT
location
https://identifikationsservice.copa-web.com/cd/Vorgang
server
nginx/1.22.1
x-powered-by
PHP/8.1.21
MarkWeb-latin-regular.woff2
identifikationsservice.copa-web.com/cd/assets/fonts/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://identifikationsservice.copa-web.com/cd/assets/fonts/MarkWeb-latin-regular.woff2?v=1673609518560
Requested by
Host: identifikationsservice.copa-web.com
URL: https://identifikationsservice.copa-web.com/cd/Vorgang
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:4338 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
21434445c408f9854cbec5c56ba5badf907aa3b6ccac4fca736b1322b8f4b347

Request headers

Referer
https://identifikationsservice.copa-web.com/cd/Vorgang
Origin
https://identifikationsservice.copa-web.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Tue, 19 Sep 2023 14:50:27 GMT
cf-cache-status
REVALIDATED
last-modified
Thu, 10 Aug 2023 20:33:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"3b64-60297819aff80"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B3TMsjTcsBwxCGrfbPZ2LmZoFnLpBJSoBDBsGI%2BWSJ0j1aVWzwnYQ8HX9QnS2rCs5ZYLklqBMtqUVA7pC6gcofNu%2BTimnXnuI8oimZHIrnuGDy%2BwcXONe%2BG2bSct%2FQYhnlliZx%2BRJN%2FACNz1E5TdXod%2Fjevu4xfx5MMMSulpxgNXTA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8092a420bec330e8-FRA
alt-svc
h3=":443"; ma=86400
content-length
15204
MarkWeb-latin-medium.woff2
identifikationsservice.copa-web.com/cd/assets/fonts/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://identifikationsservice.copa-web.com/cd/assets/fonts/MarkWeb-latin-medium.woff2?v=1673609518560
Requested by
Host: identifikationsservice.copa-web.com
URL: https://identifikationsservice.copa-web.com/cd/Vorgang
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:4338 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd1af2ed494662d6ac322cf1048707eac9fc53561d1c9b5e0e7074599eb65773

Request headers

Referer
https://identifikationsservice.copa-web.com/cd/Vorgang
Origin
https://identifikationsservice.copa-web.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Tue, 19 Sep 2023 14:50:27 GMT
cf-cache-status
REVALIDATED
last-modified
Thu, 10 Aug 2023 20:33:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"3a60-60297817c7b00"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ml9I52v2Pbz5s7kK81y7T1THZefmuVC48dBR0%2B5CAj4YzjPiy0xsid4%2FVMIGaajGLkkjg%2FYIS89swiKxUrX0JDz9e1AYyHlUfqC%2FDwt9tGNMPZ%2Bjr4axfGYgCOAnZW6cQeyNPcnOV6uLJD7PrqHxTVA50hUIw8tO1p%2BLLSY85vsXZw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8092a420becb30e8-FRA
alt-svc
h3=":443"; ma=86400
content-length
14944
MarkWeb-latin-bold.woff2
identifikationsservice.copa-web.com/cd/assets/fonts/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://identifikationsservice.copa-web.com/cd/assets/fonts/MarkWeb-latin-bold.woff2?v=1673609518560
Requested by
Host: identifikationsservice.copa-web.com
URL: https://identifikationsservice.copa-web.com/cd/Vorgang
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:4338 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
88f151f26d7582598781390eed26f60abfb543395da97d88c168e1f73a23b2f3

Request headers

Referer
https://identifikationsservice.copa-web.com/cd/Vorgang
Origin
https://identifikationsservice.copa-web.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Tue, 19 Sep 2023 14:50:27 GMT
cf-cache-status
REVALIDATED
last-modified
Thu, 10 Aug 2023 20:33:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"3c5c-60297819aff80"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uHdCsoAoT7XHbdR20aYzdjs3fJgkrSzEXwdsLGMFaE91L7wYEHB%2FmJU4naXnvDD8MLWvZp5NksmHKGqAtvwe6UYcNpA6fF4hJA7%2FhrhjFp5yAJ1cRGTAn3rmr9MvXySWgwcspQskP5ogEnQ6TNa7qY2JTbruHYiVGVP8CTFTeaMLGg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8092a420becc30e8-FRA
alt-svc
h3=":443"; ma=86400
content-length
15452
styleguide-comdirect.css
identifikationsservice.copa-web.com/cd/assets/css/ 		1 MB
116 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://identifikationsservice.copa-web.com/cd/assets/css/styleguide-comdirect.css?v=1673609518560
Requested by
Host: identifikationsservice.copa-web.com
URL: https://identifikationsservice.copa-web.com/cd/Vorgang
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:4338 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7d7d47140cbe5632390dde0ea2f5352369f1fa31f066b986aef83f8cd44727c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://identifikationsservice.copa-web.com/cd/Vorgang
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Tue, 19 Sep 2023 14:50:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 10 Aug 2023 20:33:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
3985
etag
W/"10b4e7-60297817c7b00-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ghCsMxea8sf1ko2A1WqYhEvbte9yELQM0bWvVsGnQ%2BDI21h8vVNboJ7iYnylDAJiTIjBLa3iaqhu0evG1Lpv4h9WqAPsWcLODtTTuOcb1FMu6WoYnRdJxtKXJNakC0pSHlhr4xOA5BPhKw6A2CJqFo8CyqRSOBpO5I9DFcVNuNdmfg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8092a420bec730e8-FRA
alt-svc
h3=":443"; ma=86400
forms.css
identifikationsservice.copa-web.com/cd/assets/css/ 		14 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://identifikationsservice.copa-web.com/cd/assets/css/forms.css
Requested by
Host: identifikationsservice.copa-web.com
URL: https://identifikationsservice.copa-web.com/cd/Vorgang
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:4338 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a68ac341c0429d1021a01c05e413a59c57b2fa629aa32215d20c51d9340433c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://identifikationsservice.copa-web.com/cd/Vorgang
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Tue, 19 Sep 2023 14:50:27 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Thu, 10 Aug 2023 20:33:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"38ee-60297817c7b00-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0JI7%2B7CR0tZ3XYjYH98D%2BJ91tVEBaue%2FtMmBcleEiWrAffpc%2B6KFxXzDc9gYgOUr28beael7fm%2BGkZUPnY1qttmzkPf%2FtKK4I8K6R4wEhZta%2BBwCi058S%2B%2FHdem4%2BWGwIV4hjJBqlTRoljcaaK4o%2FXqcJ3%2FuNLvxL6E%2BW9nYugboog%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8092a420beca30e8-FRA
alt-svc
h3=":443"; ma=86400
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.3/ 		88 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.3/jquery.min.js
Requested by
Host: identifikationsservice.copa-web.com
URL: https://identifikationsservice.copa-web.com/cd/Vorgang
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://identifikationsservice.copa-web.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Tue, 19 Sep 2023 14:50:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1015840
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
28112
last-modified
Thu, 22 Jun 2023 11:06:06 GMT
server
cloudflare
cf-cdnjs-via
cfworker/r2
etag
"64942b1e-6dd0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yNzbRuU1bTGxYHBofTmFkj%2FgpjFDDp0cLukojyBUlNRN4b1vfB8F8OuTkS3BRmFGMf7OpFG648A2gIiqsAzOTruCIlBvTZYQMNg50RSnU%2BG7uiFgNSGNrlT7BjJEOdZEx7y3wLhoez4cZUTbhYYgdKm5"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8092a4213f232c7b-FRA
expires
Sun, 08 Sep 2024 14:50:27 GMT
svg-symbol.svg
identifikationsservice.copa-web.com/cd/assets/fonts/ 		220 KB
52 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://identifikationsservice.copa-web.com/cd/assets/fonts/svg-symbol.svg
Requested by
Host: identifikationsservice.copa-web.com
URL: https://identifikationsservice.copa-web.com/cd/Vorgang
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:4338 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92678f37c302748b47f4b34dfb341d184f21f5c74a0db3b19d072151325baf27

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://identifikationsservice.copa-web.com/cd/Vorgang
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Tue, 19 Sep 2023 14:50:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 10 Aug 2023 20:33:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4152
etag
W/"37064-60297817c7b00"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zCZG8VDr4TEkldcYVziBt8zKz4ulFU0w5%2Bwyy4D8H%2BPXOXL%2BcFxbeb%2BCYGJpqb3%2FO%2BhNJr9h4329mu5NPQUiELAP12ib8BCrGPfhQy67il5OwSpi%2Bac3MRH7GAaThhWfI2OBhU%2BS8TzFvaPi5FiSnyvrhkBgplO8uA6Ri8BR%2BeV2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
8092a420becd30e8-FRA
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Commerzbank (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery number| timeLeft number| setTimer function| c number| dots function| type function| formatCardNumber number| timer

5 Cookies

Domain/Path Name / Value
linkfuly.com/ Name: PHPSESSID
Value: tp2b98cqe1fk889eovfol4cnn5
linkfuly.com/ Name: short_SHs2D
Value: 1
a.z-link.bio/ Name: XSRF-TOKEN
Value: eyJpdiI6IkozVXRWTWt1REFJcDl1M21OYm9laFE9PSIsInZhbHVlIjoiR2lJaS9waDk3VWdyYmxyTkYwQmVyaVFzWDQ1a2JGQ1RCOW11NEsvelBwWkduVnlLQi9oOTRpNlN4ZHNOUjhsaUhLNjB4RlZoV0RNTnE5azI0UXAwUWF5emR5c3U1WU9QWE5ybjBiSktKM1hEb3ZlSkE3cXQ3cWhLbkFJVk4vV28iLCJtYWMiOiJlODM3Njk1MjBjNzlhZTU4NWNiNTY5ZjdhYWFmMmFkOGY1N2EwZGRjOTAwMzhmZmU1YmUzMjhkYmYwY2VhMWViIiwidGFnIjoiIn0%3D
a.z-link.bio/ Name: phpshort_session
Value: eyJpdiI6ImJ6UVVtdGc2WlNpKzdwc3FNNWhKRnc9PSIsInZhbHVlIjoiaHBpUjlCVG5lUzRVcVhSWlpYdnVKemJ6MGFtMEdvVExGak56RWpiTFVrWGdPbDhDdGo0a3hWVWZiTFI5ZnB6NkZhaGVUbFR1bzE1WkZyd0pOWHRXbFlGZko2REovZENRZm01bEVuZHZsRDJpOU9paFBDeHBQKzNMSWxEOVgxdWgiLCJtYWMiOiIyM2M5NDM2MTFhZWFkMjJjMGEwMzk3NTdjODM4MzE4ODBlM2NjNjAwNDYzYWRmYThiMTVkOTViZmU0M2YxZjE3IiwidGFnIjoiIn0%3D
identifikationsservice.copa-web.com/ Name: PHPSESSID
Value: m6clgeii0ehu2ropguieudjub6