commerzbank-tan.com - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 2606:4700:3033::ac43:8b6e, located in United States and belongs to CLOUDFLARENET, US. The main domain is commerzbank-tan.com.
TLS certificate: Issued by WE1 on July 18th 2024. Valid for: 3 months.

This is the only time commerzbank-tan.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Commerzbank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1	2606:4700:303... 2606:4700:3033::ac43:8b6e		13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2

1 2606:4700:3033::ac43:8b6e (United States)

ASN13335 (CLOUDFLARENET, US)

commerzbank-tan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	commerzbank-tan.com commerzbank-tan.com	2 MB
1	1

	Domain	Requested by
1	commerzbank-tan.com
1	1

This site contains no links.

Subject Issuer	Validity	Valid
commerzbank-tan.com WE1	`2024-07-18` - `2024-10-16`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://commerzbank-tan.com/banks/Coba/login.php
Frame ID: D6FA0AEFB7E8C7387D27577EAF5445DE
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Anmeldung zum Digital Banking - Commerzbank

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

1
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

2539 kB
Transfer

3891 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request login.php Show response
commerzbank-tan.com/banks/Coba/ 4 MB
2 MB 1019ms
736ms Document
text/html 2606:4700:3033::ac43:8b6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://commerzbank-tan.com/banks/Coba/login.php

Protocol

H3

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:8b6e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46d2bc1bd19debbd30b78036eaa02705feb65982249ccc10ea806a6d66b0c9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8a591fab4b7a9bac-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 19 Jul 2024 07:50:59 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
referrer-policy: same-origin same-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VVRqiTKc7tRX4buP7034W1NFkqSbbzkCYE5I6OsDopNYdHhKxml%2FKAUFuiwwa9vE3X7SnpAKJ1DdVBkXNFXcsmHe4L%2BQ5JTX1yyygBQ5nRZVuqd3ektj120Ce9vWm%2Bwb8N%2Fph0dDDtYWINGp5W%2BRFGGc"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff nosniff
x-frame-options: SAMEORIGIN SAMEORIGIN
x-permitted-cross-domain-policies: master-only master-only
x-xss-protection: 1; mode=block 1; mode=block

GET
DATA 200
OK truncated
/ 21 KB
21 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 16dfde22ffe3833943a9fcb6cd5ca478bac0c5b073ca7185509ed33ef5793364

Request headers

Referer
Origin: https://commerzbank-tan.com
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1

Response headers

Content-Type: font/woff

GET
DATA 200
OK truncated
/ 21 KB
21 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c9a77742b6fb0e1318b17477acffc3f6f4f1dc3567e2494d2b4c4f0d5e86db61

Request headers

Referer
Origin: https://commerzbank-tan.com
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1

Response headers

Content-Type: font/woff

GET
DATA 200
OK truncated
/ 24 KB
24 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c59e1022f69ee556bf55a08fa922d768c35ba553101263ddeb41dbe030076c6

Request headers

Referer
Origin: https://commerzbank-tan.com
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1

Response headers

Content-Type: font/woff

GET
DATA 200
OK truncated
/ 234 B
234 B Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 732d56181c3ee203b12cd03010312216e6444ce4b6062703716f2cb7ab140be7

Request headers

Referer
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 10 KB
10 KB Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2a75c64cb8c3aeb7705e8822c14a4ad9da1713c0bd48d0258afd6d38b858b9da

Request headers

Referer
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1

Response headers

Content-Type: image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Commerzbank (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			commerzbank-tan.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 13oi2iko7fnpmsiakivav291qq

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

commerzbank-tan.com
2606:4700:3033::ac43:8b6e
16dfde22ffe3833943a9fcb6cd5ca478bac0c5b073ca7185509ed33ef5793364
1c59e1022f69ee556bf55a08fa922d768c35ba553101263ddeb41dbe030076c6
2a75c64cb8c3aeb7705e8822c14a4ad9da1713c0bd48d0258afd6d38b858b9da
46d2bc1bd19debbd30b78036eaa02705feb65982249ccc10ea806a6d66b0c9d9
732d56181c3ee203b12cd03010312216e6444ce4b6062703716f2cb7ab140be7
c9a77742b6fb0e1318b17477acffc3f6f4f1dc3567e2494d2b4c4f0d5e86db61

commerzbank-tan.com Open in urlscan Pro 2606:4700:3033::ac43:8b6e Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

1 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

2539 kBTransfer

3891 kBSize

1 Cookies

0 Outgoing links

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

commerzbank-tan.com Open in urlscan Pro
2606:4700:3033::ac43:8b6e Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

2539 kB
Transfer

3891 kB
Size

1
Cookies

1 HTTP transactions
5 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!