www.stanfordloanservicellc.autopremiumoptions.online Open in urlscan Pro
51.89.100.136 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.stanfordloanservicellc.autopremiumoptions.online/
Submission: On September 20 via api (September 20th 2021, 4:59:02 am UTC) from VN — Scanned from DE

Summary HTTP 74 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 7 domains to perform 74 HTTP transactions. The main IP is 51.89.100.136, located in London, United Kingdom and belongs to OVH, FR. The main domain is www.stanfordloanservicellc.autopremiumoptions.online.
TLS certificate: Issued by R3 on September 20th 2021. Valid for: 3 months.

This is the only time www.stanfordloanservicellc.autopremiumoptions.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

	IP Address	AS Autonomous System
38	51.89.100.136 51.89.100.136	16276 (OVH) (OVH)
8	35.173.25.61 35.173.25.61	14618 (AMAZON-AES) (AMAZON-AES)
11	3.214.85.19 3.214.85.19	14618 (AMAZON-AES) (AMAZON-AES)
1	142.250.186.170 142.250.186.170	15169 (GOOGLE) (GOOGLE)
6	104.18.28.91 104.18.28.91	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	142.250.184.195 142.250.184.195	15169 (GOOGLE) (GOOGLE)
1	104.210.42.105 104.210.42.105	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	18.66.112.68 18.66.112.68	16509 (AMAZON-02) (AMAZON-02)
74	9

38 51.89.100.136 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip136.ip-51-89-100.eu

www.stanfordloanservicellc.autopremiumoptions.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.173.25.61 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-25-61.compute-1.amazonaws.com

usmortgagecalculator.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 3.214.85.19 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-214-85-19.compute-1.amazonaws.com

app.spectoos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.app.spectoos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.170 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.18.28.91 (None, )

ASN13335 (CLOUDFLARENET, US)

client.crisp.chat	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.184.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.210.42.105 (San Jose, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.citywidehomeloans.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.66.112.68 (United States)

ASN16509 (AMAZON-02, US)

images.app.spectoos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
38	autopremiumoptions.online www.stanfordloanservicellc.autopremiumoptions.online	4 MB
14	spectoos.com app.spectoos.com api.app.spectoos.com images.app.spectoos.com	265 KB
8	usmortgagecalculator.org usmortgagecalculator.org	175 KB
6	gstatic.com fonts.gstatic.com	103 KB
6	crisp.chat client.crisp.chat	137 KB
1	citywidehomeloans.com www.citywidehomeloans.com	363 KB
1	googleapis.com fonts.googleapis.com	1 KB
74	7

	Domain	Requested by
38	www.stanfordloanservicellc.autopremiumoptions.online	www.stanfordloanservicellc.autopremiumoptions.online
8	app.spectoos.com	www.stanfordloanservicellc.autopremiumoptions.online app.spectoos.com
8	usmortgagecalculator.org	www.stanfordloanservicellc.autopremiumoptions.online usmortgagecalculator.org
6	fonts.gstatic.com	fonts.googleapis.com
6	client.crisp.chat	www.stanfordloanservicellc.autopremiumoptions.online client.crisp.chat
3	images.app.spectoos.com	www.stanfordloanservicellc.autopremiumoptions.online
3	api.app.spectoos.com	app.spectoos.com
1	www.citywidehomeloans.com	www.stanfordloanservicellc.autopremiumoptions.online
1	fonts.googleapis.com	www.stanfordloanservicellc.autopremiumoptions.online
74	9

This site contains links to these domains. Also see Links.

Domain
usmortgagecalculator.org
www.spectoos.com

Subject Issuer	Validity	Valid
*.autopremiumoptions.online R3	`2021-09-20` - `2021-12-19`	3 months	crt.sh
usmortgagecalculator.org R3	`2021-08-29` - `2021-11-27`	3 months	crt.sh
app.spectoos.com Amazon	`2020-12-16` - `2022-01-14`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-30` - `2021-11-22`	3 months	crt.sh
crisp.chat Cloudflare Inc ECC CA-3	`2021-07-08` - `2022-07-07`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.citywidehomeloans.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-06` - `2022-01-05`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.stanfordloanservicellc.autopremiumoptions.online/
Frame ID: 1BA39A17EEB644D35E7CBD71E8470B3D
Requests: 75 HTTP requests in this frame

Frame: https://usmortgagecalculator.org/widget/2.0/widget.html
Frame ID: 1229C93C18CD1F85C29D3CE21639069E
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Stanford Loan Service LLC

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

74
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

9
Subdomains

9
IPs

3
Countries

5028 kB
Transfer

6879 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://usmortgagecalculator.org/
Title: usmortgagecalculator.org

Search URL Search Domain Scan URL

URL: http://www.spectoos.com/?utm_source=faceboard&utm_medium=website&utm_campaign=testimonial-list
Title: Spectoos

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

74 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.stanfordloanservicellc.autopremiumoptions.online/ 31 KB
5 KB 63ms
14ms Document
text/html 51.89.100.136
OVH

General

www.stanfordloanservicellc.autopremiumoptions.online Open in urlscan Pro 51.89.100.136 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

74 Requests

100 %HTTPS

0 %IPv6

7 Domains

9 Subdomains

9 IPs

3 Countries

5028 kBTransfer

6879 kBSize

1 Cookies

2 Outgoing links

Redirected requests

74 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.stanfordloanservicellc.autopremiumoptions.online Open in urlscan Pro
51.89.100.136 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

74
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

9
Subdomains

9
IPs

3
Countries

5028 kB
Transfer

6879 kB
Size

1
Cookies

74 HTTP transactions
8 data transactions