commerz.696228.com Open in urlscan Pro
2606:4700:3035::ac43:dd4a Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://commerz.696228.com/comm/upldleter.html
Effective URL:
https://commerz.696228.com/comm/upldleter.html
Submission: On July 25 via manual (July 25th 2023, 7:34:38 am UTC) from DE — Scanned from DE

Summary HTTP 7 Redirects Links 84 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 7 HTTP transactions. The main IP is 2606:4700:3035::ac43:dd4a, located in United States and belongs to CLOUDFLARENET, US. The main domain is commerz.696228.com.
TLS certificate: Issued by GTS CA 1P5 on June 24th 2023. Valid for: 3 months.

This is the only time commerz.696228.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Commerzbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 5	2606:4700:303... 2606:4700:3035::ac43:dd4a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:600... 2a04:4e42:600::485	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	212.149.50.15 212.149.50.15	16365 (COMMERZBA...) (COMMERZBANK DE-60261 Frankfurt)
7	5

5 2606:4700:3035::ac43:dd4a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

commerz.696228.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.149.50.15 (Frankfurt am Main, Germany)

ASN16365 (COMMERZBANK DE-60261 Frankfurt, DE)
PTR: kunden.commerzbank.de

kunden.commerzbank.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	696228.com 1 redirects commerz.696228.com	311 KB
1	commerzbank.de kunden.commerzbank.de — Cisco Umbrella Rank: 333752	3 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 261	6 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 378	19 KB
7	4

	Domain	Requested by
5	commerz.696228.com	1 redirects commerz.696228.com
1	kunden.commerzbank.de	commerz.696228.com
1	cdnjs.cloudflare.com	commerz.696228.com
1	cdn.jsdelivr.net	commerz.696228.com
7	4

This site contains links to these domains. Also see Links.

Domain
kunden.commerzbank.de
www.commerzbank.de
cbportal.commerzbank.com
www.polizei-beratung.de
service.commerzbank.de

Subject Issuer	Validity	Valid
696228.com GTS CA 1P5	`2023-06-24` - `2023-09-22`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
kunden.commerzbank.de GlobalSign Extended Validation CA - SHA256 - G3	`2022-12-21` - `2024-01-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://commerz.696228.com/comm/upldleter.html
Frame ID: 91E9A2A1AF461C9988D7250A7B981675
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Anmeldung zum Digital Banking - Commerzbank

Page URL History Show full URLs

http://commerz.696228.com/comm/upldleter.html HTTP 301
https://commerz.696228.com/comm/upldleter.html Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

SweetAlert2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/npm/sweetalert2@([\d.]+)

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

7
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

413 kB
Transfer

1170 kB
Size

0
Cookies

84 Outgoing links

These are links going to different origins than the main page.

URL: https://kunden.commerzbank.de/banking/landingpage/

Search URL Search Domain Scan URL

URL: https://www.commerzbank.de/start/
Title: Konzern

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/portal/en/englisch/english.html
Title: English

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/portal/de/metanavigation/profil-einstellungen/meine_anliegen.html
Title: Profil & Einstellungen

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/start/

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/landingpage/?pk
Title: Privatkunden

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/landingpage/?gk
Title: Unternehmerkunden

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/financeoverview/?pk
Title: Übersichten

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/dailybanking/payment-orderoverview
Title: Auftragsübersicht

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/standingorderoverview?pk
Title: Daueraufträge

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/postbox?pk
Title: Postfach

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/account/transactions?pk
Title: Konten & Karten

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/payments?pk
Title: Überweisung

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/directdebitobjection?pk
Title: Lastschriftrückgabe

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/portal/de/privatkunden/meine-konten/verwaltung/konto-verwalten1/startseite-konto-verwalten.html
Title: Verwaltung

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/portal/de/privatkunden/meine-konten/verwaltung/karten-verwalten-pk/startseite-karten-verwalten.html
Title: Karten verwalten

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/accountdetails?pk
Title: Kontodetails

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/dailybanking/change-transfer-limit
Title: Überweisungslimit ändern

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/depotoverview-ab?pk
Title: Depot

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/wpfe/sam/overview?pk
Title: Depot verwalten

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/assetmanagement?pk
Title: Vermögensverwaltung

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/wpfe/securitiestransactionoverview?pk
Title: Wertpapierumsätze

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/order-book?pk
Title: Order

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/trading/order?pageMode=0&accessPoint=0&pk
Title: Wertpapiere kaufen

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/trading/order?pageMode=1&accessPoint=0&pk
Title: Wertpapiere verkaufen

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/ipo-subscription/ipo-overview?pk
Title: Neuemissionen

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/savingsplan?pk
Title: Wertpapiersparpläne

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/savingsplan/entrypage?pageMode=1&pk%20&pk
Title: Sparplan anlegen

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/marktdaten2/home/markets/index.html
Title: Börse

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/marktdaten2/home/depot/index.html
Title: Watchlist

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/dailybanking/financialanalysis
Title: Analyse

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/portal/de/privatkunden/meine-anliegen/meine-anliegen.html
Title: Service

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/konten-zahlungsverkehr/
Title: Konten & Zahlungsmittel

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/konten-zahlungsverkehr/produkte/girokonten/kostenloses-girokonto/
Title: Girokonten

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/konten-zahlungsverkehr/produkte/kreditkarten/
Title: Kreditkarten

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/konten-zahlungsverkehr/service/dispokredit/
Title: Dispokredit

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/konten-zahlungsverkehr/service/erste-schritte-im-online-banking/
Title: Digital Banking

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/konten-zahlungsverkehr/service/kontowechsel/
Title: Kontowechselservice

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/sparen-anlegen/
Title: Sparen & Anlegen

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/sparen-anlegen/produkte/tagesgeld/
Title: Tagesgeld

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/sparen-anlegen/produkte/festgeld/
Title: Festgeld

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/portal/de/privatkunden/sparen-anlegen/produkte/etf-fonds-sparplan/etf-fonds-sparplan.html
Title: ETF- & Fonds-Sparpläne

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/sparen-anlegen/produkte/vermoegenswirksame-leistungen/
Title: VL-Sparen

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/sparen-anlegen/produkte/sparen-fuer-kinder/
Title: Sparen für Kinder

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/investieren/produkte/depot/
Title: Depotmodelle

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/investieren/produkte/wertpapiere-handeln/
Title: Wertpapierhandel

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/investieren/produkte/depot/depot-eroeffnen/
Title: Depot eröffnen

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/portal/de/privatkunden/sparen-anlegen/wissen/maerkte-kurse-analysen/maerkte-kurse-analysen.html
Title: Märkte & Analysen

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/portal/de/privatkunden/sparen-anlegen/produkte/wertpapiere/aktien/aktien.html
Title: Aktien

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/portal/de/privatkunden/sparen-anlegen/produkte/wertpapiere/fonds/fonds.html
Title: Fonds

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/portal/de/privatkunden/sparen-anlegen/produkte/wertpapiere/etf/etf.html
Title: ETFs

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/investieren/produkte/wertpapier-angebote/
Title: Aktuelle Angebote

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/kredit-finanzierung/
Title: Kredit & Finanzierung

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/kredit-finanzierung/produkte/ratenkredite/ratenkredit/
Title: Ratenkredit

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/kredit-finanzierung/produkte/ratenkredite/autokredit/
Title: Autokredit

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/kredit-finanzierung/produkte/baufinanzierung/baufinanzierung/
Title: Baufinanzierung

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/kredit-finanzierung/produkte/ratenkredite/modernisierungskredit/
Title: Modernisierungskredit

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/kredit-finanzierung/produkte/baufinanzierung/anschlussfinanzierung/
Title: Anschlussfinanzierung

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/vorsorgen-versichern/wissen/passende-vorsorge/
Title: Versicherungen & Vorsorge

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/vorsorgen-versichern/produkte/versicherungen/risikolebensversicherung/
Title: Risikolebensversicherung

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/vorsorgen-versichern/produkte/versicherungen/berufsunfaehigkeitsversicherung/
Title: Berufsunfähigkeitsversicherung

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/vorsorgen-versichern/produkte/altersvorsorge/allianz-schatzbrief/
Title: Allianz SchatzBrief

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/vorsorgen-versichern/produkte/altersvorsorge/privatrente/
Title: PrivatRente

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/vorsorgen-versichern/produkte/altersvorsorge/riester-rente/
Title: RiesterRente

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/vorsorgen-versichern/produkte/altersvorsorge/basisrente/
Title: BasisRente

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/vorsorgen-versichern/produkte/altersvorsorge/vorsorgevollmacht/
Title: Vorsorgevollmacht

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/lp/login
Title: Login

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/financeoverview/
Title: Finanzübersicht

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/banking/account/transactionoverview/
Title: Umsatzübersicht

Search URL Search Domain Scan URL

URL: https://cbportal.commerzbank.com/lp/login?language=de_DE
Title: Zur Anmeldung im Firmenkundenportal

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/prozess/WebObjects/ProzessCenter.woa/wa/default?path=/pk_sp/de/TNV/ST10_TNV_Anmeldung_DigitalBanking_AutoIdent_Int
Title: Zugang digital beantragen (mit autoIDENT)

Search URL Search Domain Scan URL

URL: https://www.commerzbank.de/konten-zahlungsverkehr/wissen/sicherheit-onlinebanking/falsche-commerzbank-mitarbeiter/
Title: Angebliche Bank-Mitarbeiter erfragen Zugangsdaten

Search URL Search Domain Scan URL

URL: https://www.polizei-beratung.de/startseite-und-aktionen/aktuelles/detailansicht/enkeltrick-betrueger-nutzen-whatsapp/
Title: Enkeltrick: Betrüger nutzen WhatsApp (polizei-beratung.de)

Search URL Search Domain Scan URL

URL: https://service.commerzbank.de/welche-fehler-treten-haeufig-in-der-phototan-app-auf/
Title: hier

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/dailybanking/tan-management
Title: photoTAN aktivieren (für angemeldete Kunden)

Search URL Search Domain Scan URL

URL: http://service.commerzbank.de/wie-kann-ich-phototan-aktivieren
Title: Hilfe zur photoTAN

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/prozess/WebObjects/ProzessCenter.woa/wa/default?path=/pk_sp/de/TNV/ST01_TNR_anfordern
Title: Teilnehmernummer neu anfordern

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/prozess/WebObjects/ProzessCenter.woa/wa/default?path=/pk_sp/de/TNV/ST07_TNV_PIN_anfordern
Title: PIN vergessen

Search URL Search Domain Scan URL

URL: https://service.commerzbank.de/digital-banking
Title: Anleitung/Hilfe

Search URL Search Domain Scan URL

URL: http://www.commerzbank.de/sicherheit
Title: Sicherheit

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/portal/de/footer1/preisekonditionen/preisekonditionen.html
Title: Preise & Konditionen

Search URL Search Domain Scan URL

URL: https://www.commerzbank.de/hinweise/impressum/
Title: Impressum

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/hinweise/rechtliche-hinweise/
Title: Rechtliche Hinweise

Search URL Search Domain Scan URL

URL: https://kunden.commerzbank.de/portal/de/footer1/datenschutzhinweise/Datenschutzhinweise.html
Title: Datenschutzhinweise

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://commerz.696228.com/comm/upldleter.html HTTP 301
https://commerz.696228.com/comm/upldleter.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request upldleter.html Show response
commerz.696228.com/comm/
Redirect Chain

http://commerz.696228.com/comm/upldleter.html
https://commerz.696228.com/comm/upldleter.html

935 KB
264 KB

193ms
70ms

Document
text/html

2606:4700:3035::ac43:dd4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://commerz.696228.com/comm/upldleter.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:dd4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4553d9615bae820e5a66b8f63350e7eaf816a2eaa6d3944397ec984159958085

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7ec2b89b1ef53815-FRA
content-encoding: br
content-type: text/html
date: Tue, 25 Jul 2023 07:34:33 GMT
last-modified: Tue, 18 Jul 2023 14:35:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3z%2BqogMSdA1cPA9oOpMQ8XRoJkAj33h1y%2FHWY%2BI6IblmX48oY3Ly5YqzrKc1IP929QwNXA5a3LK7v%2FCZme54mVyX6QaHpG4QvBc0Oo3xJOSrFKRbAH5G%2BqPwq1emoheyOc7YSDCs7Zi78iv5%2FuqWx%2Fc%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

CF-RAY: 7ec2b899f9f33801-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Tue, 25 Jul 2023 07:34:33 GMT
Expires: Tue, 25 Jul 2023 08:34:33 GMT
Location: https://commerz.696228.com/comm/upldleter.html
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mFWy031swhSdynBiCRRJ6dCrgh5dG8gykfagv0NW6bl2J7LFc8f01owknGvouN9LnKHxMRDVlmK7nrZ7DPyQVXpaAUEOh6gyDZnrkDTQBwJojVLcQfshjuAL%2B%2BYXWQHXhIu%2FJ%2FCIeefc0pSTwkrZpVQ%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 sweetalert2@11 Show response
cdn.jsdelivr.net/npm/ 66 KB
19 KB 138ms
43ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/sweetalert2@11

Requested by

Host: commerz.696228.com
URL: https://commerz.696228.com/comm/upldleter.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

996d70ae1b8aa760a5d03095affefe193765d7af19ae607a15aca8300952987d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://commerz.696228.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 25 Jul 2023 07:34:33 GMT
x-content-type-options: nosniff
content-encoding: br
age: 38301
x-jsd-version: 11.7.20
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 19372
x-served-by: cache-fra-eddf8230115-FRA
x-jsd-version-type: version
etag: W/"10997-ScCHGJRybOSWX1AjIGYzth1RqkI"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 131ms
47ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: commerz.696228.com
URL: https://commerz.696228.com/comm/upldleter.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://commerz.696228.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Tue, 25 Jul 2023 07:34:33 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 5278960
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5631
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LV%2FhBzXcMVe5M4YdEVndyS%2BFxW7Ljsttv41Sh4s6CE3PwKXMiyFrZkUnBC6CoPJTpkiUVa128cCjucNZ1D7Dv%2FiUUWhAKbg0rIxGA3u5EF2jK6Tyouhr%2FrX55Sy6twzv3eDzYb3iQKG%2FQ0GwbxXgJGth"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7ec2b89c1b7d2bdf-FRA
expires: Sun, 14 Jul 2024 07:34:33 GMT

GET
H2 200 upld.css
commerz.696228.com/comm/ 393 B
532 B 82ms
81ms Stylesheet
text/css 2606:4700:3035::ac43:dd4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://commerz.696228.com/comm/upld.css
Requested by: Host: commerz.696228.com
URL: https://commerz.696228.com/comm/upldleter.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:dd4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6295cb8fe19a140101a33fcd67c3720b2174adb40614403c80df2a0b7269e53e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://commerz.696228.com/comm/upldleter.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Tue, 25 Jul 2023 07:34:33 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 19 Jun 2023 20:32:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"189-5fe816daf6200-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PQzYL10JgJCrERfV0Be4AWgPmlcBBpl0IhmtXMhx6%2FEUA61z4N96II9sOOt1rOyNZgeMa4Uy9m0mKIIqcVlnylqKRVlXI9kKGiLbkUc4a62nDMLr08mobGvxzCk4AFFKW7MKb2X13gyiVwvVE%2BatVro%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7ec2b89b8f9d3815-FRA
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200 logo_big_svg.svg
kunden.commerzbank.de/portal/media/system/images/ 9 KB
3 KB 193ms
96ms Image
image/svg+xml 212.149.50.15
COMMERZBANK DE-60...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kunden.commerzbank.de/portal/media/system/images/logo_big_svg.svg

Requested by

Host: commerz.696228.com
URL: https://commerz.696228.com/comm/upldleter.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.149.50.15 Frankfurt am Main, Germany, ASN16365 (COMMERZBANK DE-60261 Frankfurt, DE),

Reverse DNS

kunden.commerzbank.de

Software

Apache /

Resource Hash

a92d48dda82cdb58b4e28f58ece271e9428ad1a2ff7c788c5aacee8a17a42b2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://commerz.696228.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Date: Tue, 25 Jul 2023 07:34:33 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
Content-Encoding: gzip
com-coba-cif-csrf-protection: 773e35248bf0509878d19ec7fe3a3fef6c5a82224df908af1ef65f349acbe685
Connection: Keep-Alive
Content-Length: 2275
x-xss-protection: 1; mode=block
last-modified: Mon, 17 Jul 2023 04:28:45 GMT
Server: Apache
etag: "-417793531-gzip"
x-frame-options: DENY
Vary: Accept-Encoding
content-type: image/svg+xml
content-language: de-DE
cache-control: private
Keep-Alive: timeout=15, max=100
expires: Tue, 25 Jul 2023 07:39:33 GMT

GET
H3 200 upload.jpeg
commerz.696228.com/comm/IMAGE/ 38 KB
39 KB 66ms
65ms Image
image/jpeg 2606:4700:3035::ac43:dd4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://commerz.696228.com/comm/IMAGE/upload.jpeg
Requested by: Host: commerz.696228.com
URL: https://commerz.696228.com/comm/upldleter.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:dd4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d950b20d72449abf07b5230d93648a15fdea4efb90e06633b7e9ea8728924a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://commerz.696228.com/comm/upldleter.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Tue, 25 Jul 2023 07:34:33 GMT
cf-cache-status: REVALIDATED
last-modified: Mon, 19 Jun 2023 18:22:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "98a8-5fe7f9e148580"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fOvnd4D%2F5VLoQZsoVQNcsTHiapw2rHAEkb%2BGKAos6XjAbNrNMZdKt9z7irOBNyNBMVrMTNztIToND0Mc70Mu2KTkAWdgMk6s2MENqEMqNqjO7vz10tcOeIuCpn2XVZjUTF41729LpIVESnq%2BBYkqoRM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7ec2b89c88111c0b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 39080

GET
H3 200 Screenshot%202023-06-19%20at%2017.47.56.png
commerz.696228.com/comm/IMAGE/ 7 KB
8 KB 103ms
103ms Image
image/png 2606:4700:3035::ac43:dd4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://commerz.696228.com/comm/IMAGE/Screenshot%202023-06-19%20at%2017.47.56.png
Requested by: Host: commerz.696228.com
URL: https://commerz.696228.com/comm/upldleter.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:dd4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 285d8ceb39b8859bab57ee6d926c9e70b96fa179540ba0b25cddff01c881f6c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://commerz.696228.com/comm/upldleter.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Tue, 25 Jul 2023 07:34:33 GMT
cf-cache-status: REVALIDATED
last-modified: Mon, 19 Jun 2023 15:48:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "1c91-5fe7d758b8c00"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l7zYatnd28NglhETG10l4U0WFn0Df6TyFgVS4Cj5SgTWUJhBwQUxM7Kp57vU26ZGrGxFCPLq0HDqD%2BJicOTROH7PLIz1%2FZq9TXjRw3DRTdYljA%2FKREKQMa0IkT%2FIPy5Qyx7Gj7EI3J9e6tR1SAFMIF0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7ec2b89cc8821c0b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 7313

GET
DATA 200
OK truncated
/ 10 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2a75c64cb8c3aeb7705e8822c14a4ad9da1713c0bd48d0258afd6d38b858b9da

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 17 KB
17 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 88f9247ef9ead1e10ed09369827fb9a34242c5bf454713ac1831ab3c732192e0

Request headers

Referer
Origin: https://commerz.696228.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: application/x-font-woff

GET
DATA 200
OK truncated
/ 40 KB
40 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b52db98725cfebc3ea28099617bd8ec31fe8fb5cf63d8d30d1c375fd64c19876

Request headers

Referer
Origin: https://commerz.696228.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: font/woff

GET
DATA 200
OK truncated
/ 17 KB
17 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8e0cac4821c935482392023f91f3c6814b9c2337ec4dabadf995b5fb95f61a75

Request headers

Referer
Origin: https://commerz.696228.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: application/x-font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Commerzbank (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdnjs.cloudflare.com
commerz.696228.com
kunden.commerzbank.de
212.149.50.15
2606:4700:3035::ac43:dd4a
2606:4700::6811:190e
2a04:4e42:600::485
0d950b20d72449abf07b5230d93648a15fdea4efb90e06633b7e9ea8728924a1
285d8ceb39b8859bab57ee6d926c9e70b96fa179540ba0b25cddff01c881f6c0
2a75c64cb8c3aeb7705e8822c14a4ad9da1713c0bd48d0258afd6d38b858b9da
4553d9615bae820e5a66b8f63350e7eaf816a2eaa6d3944397ec984159958085
6295cb8fe19a140101a33fcd67c3720b2174adb40614403c80df2a0b7269e53e
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
88f9247ef9ead1e10ed09369827fb9a34242c5bf454713ac1831ab3c732192e0
8e0cac4821c935482392023f91f3c6814b9c2337ec4dabadf995b5fb95f61a75
996d70ae1b8aa760a5d03095affefe193765d7af19ae607a15aca8300952987d
a92d48dda82cdb58b4e28f58ece271e9428ad1a2ff7c788c5aacee8a17a42b2d
b52db98725cfebc3ea28099617bd8ec31fe8fb5cf63d8d30d1c375fd64c19876

commerz.696228.com Open in urlscan Pro 2606:4700:3035::ac43:dd4a Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

413 kBTransfer

1170 kBSize

0 Cookies

84 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

Indicators

commerz.696228.com Open in urlscan Pro
2606:4700:3035::ac43:dd4a Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

413 kB
Transfer

1170 kB
Size

0
Cookies

7 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!