1.bhdr.citroen-vertragspartner-mettmann.de Open in urlscan Pro
116.202.31.27 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://1.bhdr.citroen-vertragspartner-mettmann.de/ong/comerica-wiring-instructions.html
Submission: On October 01 via manual (October 1st 2019, 10:20:11 am UTC) from US

Summary HTTP 74 Redirects Behaviour Indicators

Summary

This website contacted 32 IPs in 8 countries across 32 domains to perform 74 HTTP transactions. The main IP is 116.202.31.27, located in Germany and belongs to HETZNER-AS, DE. The main domain is 1.bhdr.citroen-vertragspartner-mettmann.de.

This is the only time 1.bhdr.citroen-vertragspartner-mettmann.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Banking (Banking)

Domain & IP information

	IP Address	AS Autonomous System
11	116.202.31.27 116.202.31.27	24940 (HETZNER-AS) (HETZNER-AS)
2	2001:4de0:ac1... 2001:4de0:ac19::1:b:3b	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
3	192.99.3.130 192.99.3.130	16276 (OVH) (OVH)
3	2606:4700:30:... 2606:4700:30::681f:4c4e	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
7	198.54.121.142 198.54.121.142	22612 (NAMECHEAP...) (NAMECHEAP-NET - Namecheap)
3	198.54.115.237 198.54.115.237	22612 (NAMECHEAP...) (NAMECHEAP-NET - Namecheap)
1	2606:4700:30:... 2606:4700:30::6818:7cbc	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
1	104.109.54.84 104.109.54.84	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	162.144.200.37 162.144.200.37	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer)
1	159.253.23.250 159.253.23.250	198068 (PAGM-AS) (PAGM-AS)
2	176.114.1.150 176.114.1.150	56485 (THEHOST-AS) (THEHOST-AS)
1	2606:4700:20:... 2606:4700:20::6819:2965	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	151.101.14.2 151.101.14.2	54113 (FASTLY) (FASTLY - Fastly)
1	148.251.45.170 148.251.45.170	24940 (HETZNER-AS) (HETZNER-AS)
1	134.19.186.240 134.19.186.240	49453 (GLOBALLAYER) (GLOBALLAYER)
1	151.101.14.62 151.101.14.62	54113 (FASTLY) (FASTLY - Fastly)
3	2a00:1450:400... 2a00:1450:4001:819::2016	15169 (GOOGLE) (GOOGLE - Google LLC)
1	13.32.222.3 13.32.222.3	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	151.101.114.114 151.101.114.114	54113 (FASTLY) (FASTLY - Fastly)
1	2606:4700:30:... 2606:4700:30::6818:7111	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a02:26f0:6c0... 2a02:26f0:6c00:181::2374	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.218.237.168 52.218.237.168	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a02:26f0:6c0... 2a02:26f0:6c00:187::3c9a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:30:... 2606:4700:30::6818:772c	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2.18.232.150 2.18.232.150	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	130.211.45.45 130.211.45.45	15169 (GOOGLE) (GOOGLE - Google LLC)
8	2a00:1450:400... 2a00:1450:4001:81d::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	46.105.201.240 46.105.201.240	16276 (OVH) (OVH)
1	192.99.8.27 192.99.8.27	16276 (OVH) (OVH)
74	32

11 116.202.31.27 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.27.31.202.116.clients.your-server.de

1.bhdr.citroen-vertragspartner-mettmann.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
116.202.31.27	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac19::1:b:3b (Netherlands)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.99.3.130 (Toronto, Canada)

ASN16276 (OVH, FR)
PTR: ns559289.ip-192-99-3.net

online-banking.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:30::681f:4c4e (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

bankingonlinelogin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 198.54.121.142 (Los Angeles, United States)

ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
PTR: premium67-3.web-hosting.com

ulumgroup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.54.115.237 (Los Angeles, United States)

ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
PTR: premium36-3.web-hosting.com

usaroutingnumber.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::6818:7cbc (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

s2.studylib.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: i1.wp.com

i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.109.54.84 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-54-84.deploy.static.akamaitechnologies.com

media.heartlandtv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.144.200.37 (Provo, United States)

ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 162-144-200-37.unifiedlayer.com

howtobankonline.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.253.23.250 (Estonia)

ASN198068 (PAGM-AS, EE)
PTR: hardmandev.com

rtn.one	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 176.114.1.150 (Ukraine)

ASN56485 (THEHOST-AS, UA)
PTR: s17.thehost.com.ua

banksonlinelogin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::6819:2965 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

bank-code.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.2 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

s3-media4.fl.yelpcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 148.251.45.170 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: urlscan.io

urlscan.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 134.19.186.240 (Netherlands)

ASN49453 (GLOBALLAYER, NL)

bank-online.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.62 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

www.gannett-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:819::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.222.3 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-222-3.fra56.r.cloudfront.net

media.liveauctiongroup.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.114 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

www.thebalance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::6818:7111 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

reader012.staticloud.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:181::2374 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

www.sec.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.218.237.168 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-us-west-2.amazonaws.com

s3-us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:187::3c9a (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

www.pdffiller.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::6818:772c (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

img.dokumen.tips	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.232.150 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-150.deploy.static.akamaitechnologies.com

m.wsj.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.45.45 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 45.45.211.130.bc.googleusercontent.com

krebsonsecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:81d::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.201.240 (France)

ASN16276 (OVH, FR)

s10.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.99.8.27 (Richmond Hill, Canada)

ASN16276 (OVH, FR)
PTR: ns500876.ip-192-99-8.net

s4.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	gstatic.com encrypted-tbn0.gstatic.com	53 KB
7	ulumgroup.com ulumgroup.com	972 KB
3	ytimg.com i.ytimg.com	332 KB
3	usaroutingnumber.com usaroutingnumber.com	476 KB
3	bankingonlinelogin.com bankingonlinelogin.com	198 KB
3	online-banking.org online-banking.org	237 KB
2	histats.com s10.histats.com s4.histats.com	5 KB
2	pdffiller.com www.pdffiller.com	38 KB
2	banksonlinelogin.com banksonlinelogin.com	120 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com	29 KB
1	krebsonsecurity.com krebsonsecurity.com	75 KB
1	wsj.net m.wsj.net	82 KB
1	dokumen.tips img.dokumen.tips	169 KB
1	amazonaws.com s3-us-west-2.amazonaws.com	25 KB
1	sec.gov www.sec.gov	41 KB
1	staticloud.net reader012.staticloud.net	14 KB
1	thebalance.com www.thebalance.com	390 B
1	liveauctiongroup.net media.liveauctiongroup.net	90 KB
1	gannett-cdn.com www.gannett-cdn.com
1	bank-online.com bank-online.com	143 KB
1	urlscan.io urlscan.io	135 KB
1	yelpcdn.com s3-media4.fl.yelpcdn.com	26 KB
1	bank-code.net bank-code.net
1	rtn.one rtn.one	97 KB
1	howtobankonline.org howtobankonline.org	18 KB
1	heartlandtv.com media.heartlandtv.com	1 MB
1	wp.com i2.wp.com	6 KB
1	studylib.net s2.studylib.net	103 KB
1	googleapis.com ajax.googleapis.com	30 KB
1	citroen-vertragspartner-mettmann.de 1.bhdr.citroen-vertragspartner-mettmann.de	10 KB
0	Failed function sub() { [native code] }. Failed
0	comerica.com Failed www.comerica.com Failed
74	32

	Domain	Requested by
8	encrypted-tbn0.gstatic.com	1.bhdr.citroen-vertragspartner-mettmann.de
7	ulumgroup.com	1.bhdr.citroen-vertragspartner-mettmann.de
3	i.ytimg.com	1.bhdr.citroen-vertragspartner-mettmann.de
3	usaroutingnumber.com	1.bhdr.citroen-vertragspartner-mettmann.de
3	bankingonlinelogin.com	1.bhdr.citroen-vertragspartner-mettmann.de
3	online-banking.org	1.bhdr.citroen-vertragspartner-mettmann.de
2	www.pdffiller.com	1.bhdr.citroen-vertragspartner-mettmann.de
2	banksonlinelogin.com	1.bhdr.citroen-vertragspartner-mettmann.de
2	maxcdn.bootstrapcdn.com	1.bhdr.citroen-vertragspartner-mettmann.de
1	s4.histats.com	s10.histats.com
1	s10.histats.com	1.bhdr.citroen-vertragspartner-mettmann.de
1	krebsonsecurity.com	1.bhdr.citroen-vertragspartner-mettmann.de
1	m.wsj.net	1.bhdr.citroen-vertragspartner-mettmann.de
1	img.dokumen.tips	1.bhdr.citroen-vertragspartner-mettmann.de
1	s3-us-west-2.amazonaws.com	1.bhdr.citroen-vertragspartner-mettmann.de
1	www.sec.gov	1.bhdr.citroen-vertragspartner-mettmann.de
1	reader012.staticloud.net	1.bhdr.citroen-vertragspartner-mettmann.de
1	www.thebalance.com	1.bhdr.citroen-vertragspartner-mettmann.de
1	media.liveauctiongroup.net	1.bhdr.citroen-vertragspartner-mettmann.de
1	www.gannett-cdn.com	1.bhdr.citroen-vertragspartner-mettmann.de
1	bank-online.com	1.bhdr.citroen-vertragspartner-mettmann.de
1	urlscan.io	1.bhdr.citroen-vertragspartner-mettmann.de
1	s3-media4.fl.yelpcdn.com	1.bhdr.citroen-vertragspartner-mettmann.de
1	bank-code.net	1.bhdr.citroen-vertragspartner-mettmann.de
1	rtn.one	1.bhdr.citroen-vertragspartner-mettmann.de
1	howtobankonline.org	1.bhdr.citroen-vertragspartner-mettmann.de
1	media.heartlandtv.com	1.bhdr.citroen-vertragspartner-mettmann.de
1	i2.wp.com	1.bhdr.citroen-vertragspartner-mettmann.de
1	s2.studylib.net	1.bhdr.citroen-vertragspartner-mettmann.de
1	ajax.googleapis.com	1.bhdr.citroen-vertragspartner-mettmann.de
1	1.bhdr.citroen-vertragspartner-mettmann.de
0	Failed	1.bhdr.citroen-vertragspartner-mettmann.de
0	www.comerica.com Failed	1.bhdr.citroen-vertragspartner-mettmann.de
74	33

This site contains no links.

Subject Issuer	Validity	Valid
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-09-14` - `2020-10-13`	a year	crt.sh
*.googleapis.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
online-banking.org Let's Encrypt Authority X3	`2019-09-28` - `2019-12-27`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-06-17` - `2020-06-16`	a year	crt.sh
usaroutingnumber.com Let's Encrypt Authority X3	`2019-03-04` - `2019-06-02`	3 months	crt.sh
sni139399.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-09-05` - `2020-03-13`	6 months	crt.sh
*.wp.com Go Daddy Secure Certificate Authority - G2	`2018-04-10` - `2020-05-11`	2 years	crt.sh
howtobankonline.org Let's Encrypt Authority X3	`2019-08-06` - `2019-11-04`	3 months	crt.sh
rtn.one Let's Encrypt Authority X3	`2019-07-30` - `2019-10-28`	3 months	crt.sh
banksonlinelogin.com Let's Encrypt Authority X3	`2019-09-01` - `2019-11-30`	3 months	crt.sh
bank-code.net CloudFlare Inc ECC CA-2	`2019-06-08` - `2020-06-07`	a year	crt.sh
f2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-07-30` - `2020-07-25`	a year	crt.sh
urlscan.io Let's Encrypt Authority X3	`2019-08-18` - `2019-11-16`	3 months	crt.sh
bank-online.com cPanel, Inc. Certification Authority	`2019-08-13` - `2019-11-11`	3 months	crt.sh
*.gannett.com DigiCert SHA2 High Assurance Server CA	`2019-09-03` - `2020-05-17`	8 months	crt.sh
edgestatic.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
dotdash.map.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-09-11` - `2020-04-17`	7 months	crt.sh
sni223950.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-09-19` - `2020-03-27`	6 months	crt.sh
www.sec.gov GeoTrust RSA CA 2018	`2018-12-28` - `2020-03-28`	a year	crt.sh
*.s3-us-west-2.amazonaws.com DigiCert Baltimore CA-2 G2	`2019-09-06` - `2020-12-10`	a year	crt.sh
*.pdffiller.com DigiCert SHA2 Secure Server CA	`2019-09-11` - `2020-12-10`	a year	crt.sh
sni159009.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-09-23` - `2020-03-31`	6 months	crt.sh
ssl.wsj.com GeoTrust RSA CA 2018	`2019-05-25` - `2020-08-23`	a year	crt.sh
krebsonsecurity.com COMODO RSA Domain Validation Secure Server CA	`2018-10-23` - `2020-11-17`	2 years	crt.sh
*.google.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://1.bhdr.citroen-vertragspartner-mettmann.de/ong/comerica-wiring-instructions.html
Frame ID: 05853C0D52D8A8CB4925060F111E02D7
Requests: 74 HTTP requests in this frame