urlscan.io logo urlscan.io
SecurityTrails logo

direct-zertifikat.com Open in urlscan Pro
2a06:98c1:3120::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://comdirect-sign.com/
Effective URL: https://direct-zertifikat.com/
Submission: On January 19 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 7 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is direct-zertifikat.com.
TLS certificate: Issued by GTS CA 1P5 on January 1st 2024. Valid for: 3 months.
This is the only time direct-zertifikat.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Commerzbank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
7 3
Apex Domain
Subdomains		 Transfer
2 comdirect-sign.com
comdirect-sign.com
2 KB
1 direct-zertifikat.com
direct-zertifikat.com
344 KB
0 Failed
function sub() { [native code] }. Failed
7 3
Domain Requested by
2 comdirect-sign.com 1 redirects
1 direct-zertifikat.com comdirect-sign.com
0 mdnleldcmiljblolnjhpnblkcekpdkpa Failed direct-zertifikat.com
7 3
Subject Issuer Validity Valid
comdirect-sign.com
E1		 2024-01-17 -
2024-04-16		 3 months crt.sh
direct-zertifikat.com
GTS CA 1P5		 2024-01-01 -
2024-03-31		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://direct-zertifikat.com/
Frame ID: 8CD09A2CD8F2D378FB0DF7322C1BE5A8
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

comdirect Login - Ihr Online Banking & Brokerage | comdirect.de

Page URL History Show full URLs

  1. http://comdirect-sign.com/ HTTP 301
    https://comdirect-sign.com/ Page URL
  2. https://direct-zertifikat.com/ Page URL

Page Statistics

7
Requests

29 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

374 kB
Transfer

1368 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://comdirect-sign.com/ HTTP 301
    https://comdirect-sign.com/ Page URL
  2. https://direct-zertifikat.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://comdirect-sign.com/ HTTP 301
  • https://comdirect-sign.com/

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
comdirect-sign.com/
Redirect Chain
  • http://comdirect-sign.com/
  • https://comdirect-sign.com/
132 B
735 B 		Document
General
Check archive.org
Download Go to
Full URL
https://comdirect-sign.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:dd69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
847e37c928d36f9f-CDG
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 19 Jan 2024 09:58:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
same-origin same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5PgRKLIbVhhGv9h5PKLSCQxlVG1EwHt65c8cFJPDJHQYnPjNrrWecxxE5JYbwkdGLXGYRf3OjJZEqw%2Fss404k%2FcwEjmXyA56zWbiZEeMEIzRm3CuH%2BakHLcdcSSEpkBZC3JloMx8Ktay7qe6A3hE%2Fpk%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding Accept-Encoding
x-content-type-options
nosniff nosniff
x-frame-options
SAMEORIGIN SAMEORIGIN
x-permitted-cross-domain-policies
master-only master-only
x-xss-protection
1; mode=block 1; mode=block

Redirect headers

CF-Cache-Status
DYNAMIC
CF-RAY
847e37c75dc96337-LHR
Connection
keep-alive
Content-Type
text/html
Date
Fri, 19 Jan 2024 09:58:12 GMT
Location
https://comdirect-sign.com/
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Referrer-Policy
same-origin
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZDDLmu1ZW0GvjWlwEzgBeI%2Bxw3i6c3c4m4WmxBdFgGOY2y1KJEXVLUVmaipYgV%2BEB19Z%2FTK%2B1ZnGKFqFI8OJIAeG0WBzfaqILXf6%2B6GLawisBDV9am5ehIf03XbcMZLHXMpPjXjZkWia53i%2FUmKc%2FFM%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
master-only
X-XSS-Protection
1; mode=block
alt-svc
h3=":443"; ma=86400
Primary Request /
direct-zertifikat.com/ 		1 MB
344 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://direct-zertifikat.com/
Requested by
Host: comdirect-sign.com
URL: https://comdirect-sign.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
094fca23bebf2b5e153fed30206f18c64984233ff6782970cb27e11124160c3e
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
847e37cb888cb95a-AMS
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 19 Jan 2024 09:58:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
same-origin same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NKd5i9v9QVbVQCtVykVY8T48dfbWCZ5BuUvbxL1hip5XltPJiwYNjrzWplMxLEaBvFxerE7ahnG8UCUf24qUXvxmTFbknWGt3i0Zd2m0wLSX1pXSJUrSR4l4xcLWRSUA3z4JO%2FswWYgNzyBdV2MFF2SjkqQ%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding Accept-Encoding
x-content-type-options
nosniff nosniff
x-frame-options
SAMEORIGIN SAMEORIGIN
x-permitted-cross-domain-policies
master-only master-only
x-xss-protection
1; mode=block 1; mode=block
customElements.js
mdnleldcmiljblolnjhpnblkcekpdkpa/libs/ 		0
0
customElements.js
mdnleldcmiljblolnjhpnblkcekpdkpa/libs/ 		0
0
customElements.js
mdnleldcmiljblolnjhpnblkcekpdkpa/libs/ 		0
0
customElements.js
mdnleldcmiljblolnjhpnblkcekpdkpa/libs/ 		0
0
customElements.js
mdnleldcmiljblolnjhpnblkcekpdkpa/libs/ 		0
0
truncated
/ 		868 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9ecbcec6986ce5142305b30f9f8301b000cc9dd06f09aa598a3be665f5a4a183

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a1f3315968385dcd208818a830f1cb7e95bf869bf126ef5751979781dbf86cf1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
21434445c408f9854cbec5c56ba5badf907aa3b6ccac4fca736b1322b8f4b347

Request headers

Referer
Origin
https://direct-zertifikat.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		235 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
388e491e4fcbdfefb0c437cf0d0f42f506ed878c8564e6b1817368fc6e49e970

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=UTF-8
truncated
/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cd1af2ed494662d6ac322cf1048707eac9fc53561d1c9b5e0e7074599eb65773

Request headers

Referer
Origin
https://direct-zertifikat.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
font/woff2

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
mdnleldcmiljblolnjhpnblkcekpdkpa
URL
chrome-extension://mdnleldcmiljblolnjhpnblkcekpdkpa/libs/customElements.js
Domain
mdnleldcmiljblolnjhpnblkcekpdkpa
URL
chrome-extension://mdnleldcmiljblolnjhpnblkcekpdkpa/libs/customElements.js
Domain
mdnleldcmiljblolnjhpnblkcekpdkpa
URL
chrome-extension://mdnleldcmiljblolnjhpnblkcekpdkpa/libs/customElements.js
Domain
mdnleldcmiljblolnjhpnblkcekpdkpa
URL
chrome-extension://mdnleldcmiljblolnjhpnblkcekpdkpa/libs/customElements.js
Domain
mdnleldcmiljblolnjhpnblkcekpdkpa
URL
chrome-extension://mdnleldcmiljblolnjhpnblkcekpdkpa/libs/customElements.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Commerzbank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

0 Cookies

9 Console Messages

Source Level URL
Text
network error URL: chrome-extension://mdnleldcmiljblolnjhpnblkcekpdkpa/libs/customElements.js
Message:
Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network error URL: chrome-extension://mdnleldcmiljblolnjhpnblkcekpdkpa/libs/customElements.js
Message:
Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network error URL: chrome-extension://mdnleldcmiljblolnjhpnblkcekpdkpa/libs/customElements.js
Message:
Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network error URL: chrome-extension://mdnleldcmiljblolnjhpnblkcekpdkpa/libs/customElements.js
Message:
Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network error URL: chrome-extension://mdnleldcmiljblolnjhpnblkcekpdkpa/libs/customElements.js
Message:
Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
other warning URL: https://direct-zertifikat.com/(Line 76)
Message:
<link rel=preload> has an invalid `href` value
other warning URL: https://direct-zertifikat.com/(Line 77)
Message:
<link rel=preload> has an invalid `href` value
other warning URL: https://direct-zertifikat.com/(Line 78)
Message:
<link rel=preload> has an invalid `href` value
security warning URL: about:srcdoc
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block