kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de Open in urlscan Pro
91.215.85.230 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://tinyurl.com/2ypncqmt
Effective URL:
https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/
Submission: On August 25 via manual (August 25th 2023, 7:55:26 am UTC) from DE — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 91.215.85.230, located in Russian Federation and belongs to PROSPERO-AS, RU. The main domain is kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de.
TLS certificate: Issued by R3 on August 25th 2023. Valid for: 3 months.

This is the only time kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Commerzbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:10:... 2606:4700:10::ac43:1e1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	91.215.85.228 91.215.85.228	200593 (PROSPERO-AS) (PROSPERO-AS)
9	91.215.85.230 91.215.85.230	200593 (PROSPERO-AS) (PROSPERO-AS)
11	2

1 2606:4700:10::ac43:1e1 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tinyurl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 91.215.85.228 (Russian Federation) 1 redirects

ASN200593 (PROSPERO-AS, RU)

shell.mirfidecilik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 91.215.85.230 (Russian Federation)

ASN200593 (PROSPERO-AS, RU)

kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	com.de kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de	330 KB
3	mirfidecilik.com 1 redirects shell.mirfidecilik.com	3 KB
1	tinyurl.com 1 redirects tinyurl.com — Cisco Umbrella Rank: 17307	506 B
11	3

	Domain	Requested by
9	kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de	kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de
3	shell.mirfidecilik.com	1 redirects shell.mirfidecilik.com
1	tinyurl.com	1 redirects
11	3

This site contains no links.

Subject Issuer	Validity	Valid
de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de R3	`2023-08-25` - `2023-11-23`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/
Frame ID: 9F1E8DBFA433CDAC537907B16EEED004
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

comdirect Login - Ihr Online Banking & Brokerage

Page URL History Show full URLs

https://tinyurl.com/2ypncqmt HTTP 301
http://shell.mirfidecilik.com/comdirect/hq HTTP 301
http://shell.mirfidecilik.com/comdirect/hq/ Page URL
http://shell.mirfidecilik.com/comdirect/hq/ Page URL
https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

82 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

333 kB
Transfer

439 kB
Size

11
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tinyurl.com/2ypncqmt HTTP 301
http://shell.mirfidecilik.com/comdirect/hq HTTP 301
http://shell.mirfidecilik.com/comdirect/hq/ Page URL
http://shell.mirfidecilik.com/comdirect/hq/ Page URL
https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://tinyurl.com/2ypncqmt HTTP 301
http://shell.mirfidecilik.com/comdirect/hq HTTP 301
http://shell.mirfidecilik.com/comdirect/hq/

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/
shell.mirfidecilik.com/comdirect/hq/
Redirect Chain

https://tinyurl.com/2ypncqmt
http://shell.mirfidecilik.com/comdirect/hq
http://shell.mirfidecilik.com/comdirect/hq/

4 KB
2 KB

116ms
115ms

Document
text/html

91.215.85.228
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://shell.mirfidecilik.com/comdirect/hq/
Protocol: HTTP/1.1
Server: 91.215.85.228 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software: Apache/2.4.56 (Debian) /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1632
Content-Type: text/html; charset=UTF-8
Date: Fri, 25 Aug 2023 07:55:20 GMT
Keep-Alive: timeout=5, max=99
Server: Apache/2.4.56 (Debian)
Vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Content-Length: 339
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 25 Aug 2023 07:55:20 GMT
Keep-Alive: timeout=5, max=100
Location: http://shell.mirfidecilik.com/comdirect/hq/
Server: Apache/2.4.56 (Debian)

GET
H/1.1 200
OK /
shell.mirfidecilik.com/comdirect/hq/ 118 B
550 B 151ms
151ms Document
text/html 91.215.85.228
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://shell.mirfidecilik.com/comdirect/hq/
Requested by: Host: shell.mirfidecilik.com
URL: http://shell.mirfidecilik.com/comdirect/hq/
Protocol: HTTP/1.1
Server: 91.215.85.228 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software: Apache/2.4.56 (Debian) /
Resource Hash

Request headers

Referer: http://shell.mirfidecilik.com/comdirect/hq/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 126
Content-Type: text/html; charset=UTF-8
Date: Fri, 25 Aug 2023 07:55:20 GMT
Keep-Alive: timeout=5, max=98
Server: Apache/2.4.56 (Debian)
Vary: Accept-Encoding

GET
H/1.1 200
OK Primary Request / Show response
kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/ 21 KB
7 KB 386ms
294ms Document
text/html 91.215.85.230
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.215.85.230 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

e3a724f3febae9935a7d3708eb15578e25ea753a092f6814547e98780781e052

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://shell.mirfidecilik.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 6558
Content-Type: text/html; charset=UTF-8
Date: Fri, 25 Aug 2023 07:55:21 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx/1.14.2
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding

GET
H/1.1 200
OK style.css
kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/css/ 15 KB
3 KB 215ms
211ms Stylesheet
text/css 91.215.85.230
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/css/style.css

Requested by

Host: kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de
URL: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.215.85.230 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

4528130ea852bf2097a75ef6f93136a5a2434f51d7e5e1a5049cc2c9aeea97ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 07:55:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Last-Modified: Fri, 28 Jul 2023 20:03:52 GMT
Server: nginx/1.14.2
ETag: "3dce-6019194681a00-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2725

GET
H/1.1 200
OK row.svg
kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/img/ 235 B
545 B 290ms
209ms Image
image/svg+xml 91.215.85.230
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/img/row.svg

Requested by

Host: kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de
URL: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.215.85.230 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

388e491e4fcbdfefb0c437cf0d0f42f506ed878c8564e6b1817368fc6e49e970

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 07:55:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 27 Jul 2023 15:46:58 GMT
Server: nginx/1.14.2
ETag: "eb-60179dfd1c080"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 235

GET
H/1.1 200
OK mainimg.jpg
kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/img/ 18 KB
18 KB 383ms
305ms Image
image/jpeg 91.215.85.230
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/img/mainimg.jpg

Requested by

Host: kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de
URL: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.215.85.230 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

780c3db072081058eef9a112d20686bf1a1d322106432fed1a1f6d8daa600ea5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 07:55:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Fri, 28 Jul 2023 16:44:24 GMT
Server: nginx/1.14.2
ETag: "4735-6018ecb0eea00"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18229

GET
H/1.1 200
OK jquery-3.6.1.min.js Show response
kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/js/ 114 KB
34 KB 394ms
316ms Script
application/javascript 91.215.85.230
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/js/jquery-3.6.1.min.js

Requested by

Host: kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de
URL: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.215.85.230 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

a52691b705a3921c956651b3555b212307e63f18b45e86ab5126f889758763b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 07:55:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Last-Modified: Wed, 15 Feb 2023 00:25:18 GMT
Server: nginx/1.14.2
ETag: "1c995-5f4b21d63f780-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 34232

GET
H/1.1 200
OK svg-symbol.svg
kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/img/ 236 KB
237 KB 386ms
308ms Other
image/svg+xml 91.215.85.230
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/img/svg-symbol.svg

Requested by

Host: kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de
URL: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.215.85.230 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

f3b4f40ab4ae39f66dc00f49c75cf1d317b385b2bb29d8a008c57402f1be56bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 07:55:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 27 Jul 2023 15:03:30 GMT
Server: nginx/1.14.2
ETag: "3b125-60179445ed480"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 241957

GET
H/1.1 200
OK logo.svg
kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/img/ 486 B
797 B 212ms
212ms Image
image/svg+xml 91.215.85.230
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/img/logo.svg

Requested by

Host: kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de
URL: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/css/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.215.85.230 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

5f97323fcf36ab737a689fba9406d05a0fcc6cc17a232b9077176e2f3951f414

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/css/style.css
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 07:55:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Mon, 31 Jul 2023 12:03:42 GMT
Server: nginx/1.14.2
ETag: "1e6-601c738b88380"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 486

GET
H/1.1 200
OK MarkWeb-latin-regular.woff2
kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/fonts/ 15 KB
15 KB 320ms
251ms Font
application/octet-stream 91.215.85.230
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/fonts/MarkWeb-latin-regular.woff2?v=1688713441619

Requested by

Host: kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de
URL: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/css/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.215.85.230 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

21434445c408f9854cbec5c56ba5badf907aa3b6ccac4fca736b1322b8f4b347

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/css/style.css
Origin: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 07:55:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 27 Jul 2023 15:09:00 GMT
Server: nginx/1.14.2
ETag: "3b64-60179580a3b00"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15204

GET
H/1.1 200
OK MarkWeb-latin-medium.woff2
kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/fonts/ 15 KB
15 KB 325ms
254ms Font
application/octet-stream 91.215.85.230
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/fonts/MarkWeb-latin-medium.woff2?v=1688713441619

Requested by

Host: kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de
URL: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/css/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.215.85.230 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

cd1af2ed494662d6ac322cf1048707eac9fc53561d1c9b5e0e7074599eb65773

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/start/css/style.css
Origin: https://kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 07:55:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 27 Jul 2023 15:09:00 GMT
Server: nginx/1.14.2
ETag: "3a60-60179580a3b00"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14944

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Commerzbank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
shell.mirfidecilik.com/	1970-01-20 23:01:26	Name: HFUwLs Value: cDiIMGFZHlWyfmYgjQApvSoCuEBwxh
shell.mirfidecilik.com/	1970-01-20 14:30:14	Name: antibot_cDiIMGFZHlWyfmYgjQApvSoCuEBwxh Value: 64781387df0755417d4673d37ba2daa4-1692950120
shell.mirfidecilik.com/	1970-01-20 14:15:50	Name: d Value: 120
shell.mirfidecilik.com/	1970-01-20 14:15:50	Name: n Value: Europe/Berlin
shell.mirfidecilik.com/	1970-01-20 14:15:50	Name: sp Value: Linux%20x86_64
shell.mirfidecilik.com/	1970-01-20 14:15:50	Name: su Value: Mozilla/5.0%20%28Linux%3B%20Android%2011%3B%20SM-G960U%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/92.0.4515.131%20Mobile%20Safari/537.36
shell.mirfidecilik.com/	1970-01-20 14:15:50	Name: iu Value: Mozilla/5.0%20%28Linux%3B%20Android%2011%3B%20SM-G960U%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/92.0.4515.131%20Mobile%20Safari/537.36
shell.mirfidecilik.com/	1970-01-20 14:15:50	Name: wd Value: false
kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/	1970-01-20 23:01:26	Name: gYEkyM Value: VvesfYzbTFkgPipLAERCNOojtalGBS
kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/	1970-01-20 14:30:14	Name: antibot_VvesfYzbTFkgPipLAERCNOojtalGBS Value: d4b90eabcb10ab5d68169843b96e141c-1692950121
kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de/	1969-12-31 23:59:59	Name: PHPSESSID Value: bptvl9gmn8hrcm0ul04lakajbi

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de
shell.mirfidecilik.com
tinyurl.com
2606:4700:10::ac43:1e1
91.215.85.228
91.215.85.230
21434445c408f9854cbec5c56ba5badf907aa3b6ccac4fca736b1322b8f4b347
388e491e4fcbdfefb0c437cf0d0f42f506ed878c8564e6b1817368fc6e49e970
4528130ea852bf2097a75ef6f93136a5a2434f51d7e5e1a5049cc2c9aeea97ed
5f97323fcf36ab737a689fba9406d05a0fcc6cc17a232b9077176e2f3951f414
780c3db072081058eef9a112d20686bf1a1d322106432fed1a1f6d8daa600ea5
a52691b705a3921c956651b3555b212307e63f18b45e86ab5126f889758763b4
cd1af2ed494662d6ac322cf1048707eac9fc53561d1c9b5e0e7074599eb65773
e3a724f3febae9935a7d3708eb15578e25ea753a092f6814547e98780781e052
f3b4f40ab4ae39f66dc00f49c75cf1d317b385b2bb29d8a008c57402f1be56bc

kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de Open in urlscan Pro 91.215.85.230 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

82 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

333 kBTransfer

439 kBSize

11 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

11 Cookies

Indicators

kunde-comdirect.de-id1874gafdg12g9ghf12rbzaf12g87g1.com.de Open in urlscan Pro
91.215.85.230 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

82 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

333 kB
Transfer

439 kB
Size

11
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!