cli.careers
Open in
urlscan Pro
35.182.55.189
Malicious Activity!
Public Scan
Effective URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTT...
Submission: On July 07 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by R10 on June 14th 2024. Valid for: 3 months.
This is the only time cli.careers was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Commerzbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 209.17.116.165 209.17.116.165 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
1 8 | 35.182.55.189 35.182.55.189 | 16509 (AMAZON-02) (AMAZON-02) | |
6 | 2606:4700::68... 2606:4700::6812:bb1f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST) | |
3 | 193.41.133.18 193.41.133.18 | 16107 (COMMERZBANK) (COMMERZBANK) | |
1 | 2a04:4e42:600... 2a04:4e42:600::649 | 54113 (FASTLY) (FASTLY) | |
1 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:809::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 2 | 2606:4700::68... 2606:4700::6811:f8cb | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 193.41.132.20 193.41.132.20 | 16107 (COMMERZBANK) (COMMERZBANK) | |
1 | 172.67.134.82 172.67.134.82 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
29 | 12 |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-182-55-189.ca-central-1.compute.amazonaws.com
cli.careers |
ASN16107 (COMMERZBANK, DE)
PTR: kunde.comdirect.de
kunde.comdirect.de |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
cli.careers
1 redirects
cli.careers |
141 KB |
6 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 373 |
18 KB |
5 |
comdirect.de
kunde.comdirect.de — Cisco Umbrella Rank: 203033 Failed static.comdirect.de — Cisco Umbrella Rank: 212125 |
46 KB |
2 |
unpkg.com
1 redirects
unpkg.com — Cisco Umbrella Rank: 1085 |
23 KB |
2 |
aspnetcdn.com
ajax.aspnetcdn.com — Cisco Umbrella Rank: 3667 |
30 KB |
1 |
geoiplookup.io
json.geoiplookup.io — Cisco Umbrella Rank: 73692 |
875 B |
1 |
gstatic.com
www.gstatic.com |
114 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 277 |
27 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 847 |
30 KB |
1 |
service34.store
service34.store |
446 B |
29 | 10 |
Domain | Requested by | |
---|---|---|
8 | cli.careers |
1 redirects
service34.store
cli.careers |
6 | cdn.jsdelivr.net |
cli.careers
|
3 | static.comdirect.de |
cli.careers
|
2 | unpkg.com |
1 redirects
cli.careers
|
2 | kunde.comdirect.de |
cli.careers
|
2 | ajax.aspnetcdn.com |
cli.careers
|
1 | json.geoiplookup.io |
ajax.aspnetcdn.com
|
1 | www.gstatic.com |
cli.careers
|
1 | cdnjs.cloudflare.com |
cli.careers
|
1 | code.jquery.com |
cli.careers
|
1 | service34.store | |
29 | 11 |
This site contains links to these domains. Also see Links.
Domain |
---|
magazin.comdirect.de |
jobs.commerzbank.com |
community.comdirect.de |
www.facebook.com |
twitter.com |
www.youtube.com |
www.instagram.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cli.careers R10 |
2024-06-14 - 2024-09-12 |
3 months | crt.sh |
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA |
2024-05-04 - 2025-05-04 |
a year | crt.sh |
*.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2024-06-06 - 2025-06-06 |
a year | crt.sh |
static.comdirect.de GlobalSign Extended Validation CA - SHA256 - G3 |
2023-11-27 - 2024-12-28 |
a year | crt.sh |
*.jquery.com Sectigo ECC Domain Validation Secure Server CA |
2024-06-25 - 2025-06-25 |
a year | crt.sh |
cdnjs.cloudflare.com E1 |
2024-06-02 - 2024-08-31 |
3 months | crt.sh |
*.gstatic.com WR2 |
2024-06-13 - 2024-09-05 |
3 months | crt.sh |
kunde.comdirect.de GlobalSign Extended Validation CA - SHA256 - G3 |
2023-11-27 - 2024-12-28 |
a year | crt.sh |
geoiplookup.io WE1 |
2024-06-22 - 2024-09-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Frame ID: E0A3E8E45BBEF7B2A60A7FAC6DE6D40B
Requests: 31 HTTP requests in this frame
Screenshot
Page Title
comdirect Login - Ihr Online Banking & Brokerage | comdirect.dePage URL History Show full URLs
-
http://service34.store/redi/redi.php
HTTP 307
https://service34.store/redi/redi.php HTTP 307
http://service34.store/redi/redi.php Page URL
-
https://cli.careers/css/comm
HTTP 301
https://cli.careers/css/comm/ Page URL
- https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl... Page URL
Detected technologies
Firebase (Databases) ExpandDetected patterns
- /(?:([\d.]+)/)?firebase(?:\.min)?\.js
- /firebasejs/([\d.]+)/firebase
Axios (JavaScript libraries) Expand
Detected patterns
- /axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Title: Magazin
Search URL Search Domain Scan URL
Title: Karriere
Search URL Search Domain Scan URL
Title: Community
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://service34.store/redi/redi.php
HTTP 307
https://service34.store/redi/redi.php HTTP 307
http://service34.store/redi/redi.php Page URL
-
https://cli.careers/css/comm
HTTP 301
https://cli.careers/css/comm/ Page URL
- https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://service34.store/redi/redi.php HTTP 307
- https://service34.store/redi/redi.php HTTP 307
- http://service34.store/redi/redi.php
- https://cli.careers/css/comm HTTP 301
- https://cli.careers/css/comm/
- https://unpkg.com/axios/dist/axios.min.js HTTP 302
- https://unpkg.com/axios@1.7.2/dist/axios.min.js
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
redi.php
service34.store/redi/ Redirect Chain
|
177 B 446 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
cli.careers/css/comm/ Redirect Chain
|
2 KB 986 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cdn.min.js
cdn.jsdelivr.net/npm/@alpinejs/mask@3.x.x/dist/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cdn.min.js
cdn.jsdelivr.net/npm/alpinejs@3.x.x/dist/ |
44 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uuidv4.min.js
cdn.jsdelivr.net/npm/uuid@latest/dist/umd/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login.html
cli.careers/css/comm/ |
83 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon_196px.png
kunde.comdirect.de/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MarkWeb-latin-regular.woff2
static.comdirect.de/ccf2/lsg/assets/fonts/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MarkWeb-latin-medium.woff2
static.comdirect.de/ccf2/lsg/assets/fonts/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MarkWeb-latin-bold.woff2
static.comdirect.de/ccf2/lsg/assets/fonts/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styleguide-comdirect.css
cli.careers/css/comm/assets/ |
855 KB 88 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cdn.min.js
cdn.jsdelivr.net/npm/@alpinejs/mask@3.x.x/dist/ |
2 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cdn.min.js
cdn.jsdelivr.net/npm/alpinejs@3.x.x/dist/ |
44 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/ |
84 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
85 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
firebase.js
www.gstatic.com/firebasejs/4.7.0/ |
386 KB 114 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uuidv4.min.js
cdn.jsdelivr.net/npm/uuid@latest/dist/umd/ |
1 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
axios.min.js
unpkg.com/axios@1.7.2/dist/ Redirect Chain
|
51 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
allformdata.js
cli.careers/css/comm/assets/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
comdirect_fav_1005.svg
kunde.comdirect.de/ |
520 B 1 KB |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
808 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MarkWeb-latin-regular.woff2
cli.careers/css/comm/assets/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
235 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MarkWeb-latin-medium.woff2
cli.careers/css/comm/assets/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Trading_special_sigma-lang_lg-1x.jpg
cli.careers/css/comm/assets/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
json.geoiplookup.io/ |
579 B 875 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon_196px.png
kunde.comdirect.de/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
comdirect_fav_1005.svg
kunde.comdirect.de/ |
520 B 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon_196px.png
kunde.comdirect.de/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- kunde.comdirect.de
- URL
- https://kunde.comdirect.de/favicon_196px.png?v=1694095058082
- Domain
- kunde.comdirect.de
- URL
- https://kunde.comdirect.de/favicon_196px.png?v=1694095058082
- Domain
- kunde.comdirect.de
- URL
- https://kunde.comdirect.de/favicon_196px.png?v=1694095058082
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Commerzbank (Banking)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage function| $ function| jQuery object| firebase function| webpackJsonpFirebase function| uuidv4 function| axios string| AuthTokens function| sleep function| getFormData function| makeid object| Alpine0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.aspnetcdn.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
cli.careers
code.jquery.com
json.geoiplookup.io
kunde.comdirect.de
service34.store
static.comdirect.de
unpkg.com
www.gstatic.com
kunde.comdirect.de
104.17.24.14
152.199.19.160
172.67.134.82
193.41.132.20
193.41.133.18
209.17.116.165
2606:4700::6811:f8cb
2606:4700::6812:bb1f
2a00:1450:4001:809::2003
2a04:4e42:600::649
35.182.55.189
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
21434445c408f9854cbec5c56ba5badf907aa3b6ccac4fca736b1322b8f4b347
2f7002451d78511fa76aaea453e83b29e339b93a533c238fd0de4f3be367c24f
31e01fbf49c11b15973961abac847d8bffdd22e3b2663df22a18da88876c3973
358d9afbb1ab5befa2f48061a30776e5bcd7707f410a606ba985f98bc3b1c034
388e491e4fcbdfefb0c437cf0d0f42f506ed878c8564e6b1817368fc6e49e970
423767983a6400d05704c2dc21b33d91e6526705a27c84adc142f30f44f02f0f
4bbb806e743e21bc9f97b62fc0564e0889b7f31ee9d48c3f2b85d4e00fe629cc
6f7352a49a8f1181a380b0b131adbaacd4fb117c7b5547be29c8b01cda0b22c1
6fdca4199bd6e48e8b52d4e48df50a2c1aa94dcbe721e81eec42920e85916294
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
88f151f26d7582598781390eed26f60abfb543395da97d88c168e1f73a23b2f3
8ad11c4cb079bba93156727270f510292eedcc0716c6f21725074a59ec8b9b96
c449626c54608700314eeb287ee8621d3918a4a1d0a9245bbd45565922066866
c54773e4f8716a484b784d6ae8446b61799112c777df1e21afc9c3e86f2ebc09
cd1af2ed494662d6ac322cf1048707eac9fc53561d1c9b5e0e7074599eb65773
d083435d32e0c97c48e05dd4f75a736b9cc5618d97c3c27072579b5139918caf
d356a2f1370d58ce3fd546f5fbce0845d5663d43ec0a23dadae85ebb1bcb404e
f069e5e757b967ef2a948ccd9078ab97c7ff8e1762c721e3793a6b7bdc150f45