kranskotaren.se Open in urlscan Pro
212.91.156.51 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://kranskotaren.se/wordpress/wp-includes/pomo/driver/driver/secure%20Login.htm
Submission: On August 25 via api (August 25th 2018, 5:33:34 am UTC) from CA

Summary HTTP 30 Redirects Behaviour Indicators

Summary

This website contacted 14 IPs in 5 countries across 11 domains to perform 30 HTTP transactions. The main IP is 212.91.156.51, located in Göteborg, Sweden and belongs to INFRACOM, SE. The main domain is kranskotaren.se.

This is the only time kranskotaren.se was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

	IP Address	AS Autonomous System
8	212.91.156.51 212.91.156.51	29468 (INFRACOM) (INFRACOM)
1	104.200.141.21 104.200.141.21	46562 (TOTAL-SER...) (TOTAL-SERVER-SOLUTIONS - Total Server Solutions L.L.C.)
1	13.32.158.82 13.32.158.82	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
6	2.16.186.58 2.16.186.58	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2.16.186.49 2.16.186.49	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:815::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	54.243.207.186 54.243.207.186	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2400:cb00:204... 2400:cb00:2048:1::6813:c597	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2.16.186.107 2.16.186.107	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:818::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a00:1450:400... 2a00:1450:4001:821::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:81d::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a01:4a0:1338... 2a01:4a0:1338:28::c38a:ff0a	201011 (NETZBETRI...) (NETZBETRIEB-GMBH)
30	14

8 212.91.156.51 (Göteborg, Sweden)

ASN29468 (INFRACOM, SE)
PTR: cpanel05.pin.se

kranskotaren.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.200.141.21 (Atlanta, United States)

ASN46562 (TOTAL-SERVER-SOLUTIONS - Total Server Solutions L.L.C., US)
PTR: lake15.banahosting.com

mejoresalternativas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.158.82 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-158-82.fra56.r.cloudfront.net

d3lvr7yuk4uaui.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.16.186.58 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-58.deploy.static.akamaitechnologies.com

cdncache2-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
canvaspl-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.49 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-49.deploy.static.akamaitechnologies.com

cdncache-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.243.207.186 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-243-207-186.compute-1.amazonaws.com

s.dcbap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6813:c597 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.107 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-107.deploy.static.akamaitechnologies.com

canvasdp-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:821::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4a0:1338:28::c38a:ff0a (Germany)

ASN201011 (NETZBETRIEB-GMBH, DE)

pnt-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	akamaihd.net cdncache2-a.akamaihd.net cdncache-a.akamaihd.net canvasdp-a.akamaihd.net pnt-a.akamaihd.net canvaspl-a.akamaihd.net	19 KB
8	kranskotaren.se kranskotaren.se	26 KB
4	googlesyndication.com pagead2.googlesyndication.com	117 KB
2	doubleclick.net googleads.g.doubleclick.net
1	google.com adservice.google.com	171 B
1	google.de adservice.google.de	171 B
1	cloudflare.com cdnjs.cloudflare.com	10 KB
1	dcbap.com s.dcbap.com	240 B
1	googleapis.com ajax.googleapis.com	30 KB
1	cloudfront.net d3lvr7yuk4uaui.cloudfront.net	2 KB
1	mejoresalternativas.com mejoresalternativas.com	109 KB
30	11

	Domain	Requested by
8	kranskotaren.se	kranskotaren.se
5	cdncache2-a.akamaihd.net	d3lvr7yuk4uaui.cloudfront.net cdncache2-a.akamaihd.net
4	pagead2.googlesyndication.com	kranskotaren.se pagead2.googlesyndication.com
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
1	canvaspl-a.akamaihd.net
1	pnt-a.akamaihd.net	kranskotaren.se
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	canvasdp-a.akamaihd.net	kranskotaren.se
1	cdnjs.cloudflare.com	cdncache2-a.akamaihd.net
1	s.dcbap.com	cdncache2-a.akamaihd.net
1	ajax.googleapis.com	cdncache2-a.akamaihd.net
1	cdncache-a.akamaihd.net	kranskotaren.se
1	d3lvr7yuk4uaui.cloudfront.net	kranskotaren.se
1	mejoresalternativas.com	kranskotaren.se
30	15

This site contains no links.

Subject Issuer	Validity	Valid
*.cloudfront.net DigiCert Global CA G2	`2017-11-22` - `2018-11-21`	a year	crt.sh
a248.e.akamai.net DigiCert ECC Secure Server CA	`2018-01-23` - `2019-01-19`	a year	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-04-14` - `2018-10-21`	6 months	crt.sh
*.google.com Google Internet Authority G3	`2018-08-07` - `2018-10-16`	2 months	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2018-08-07` - `2018-10-16`	2 months	crt.sh

This page contains 6 frames:

Primary Page: http://kranskotaren.se/wordpress/wp-includes/pomo/driver/driver/secure%20Login.htm
Frame ID: CC27528A8A727A6EFF3DC1B9A6696806
Requests: 20 HTTP requests in this frame

Frame: http://kranskotaren.se/wordpress/wp-includes/pomo/driver/driver/index_files/google.htm
Frame ID: 161B033F0BEB754F022D02272B7C337C
Requests: 6 HTTP requests in this frame

Frame: https://cdncache-a.akamaihd.net/store/
Frame ID: 5908BBA8C2D324C8ED7826B2CBA85830
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20180820/r20180604/zrt_lookup.html
Frame ID: D3AF4CC9D8F2FE7FB471ACB28239FA55
Requests: 1 HTTP requests in this frame

Frame: http://pagead2.googlesyndication.com/pagead/js/r20180820/r20180604/show_ads_impl.js
Frame ID: 6C32B84EF2E126C6375457282331BF06
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1543179062127440&output=html&h=280&slotname=6265725991&adk=364244134&adf=2291256694&w=336&guci=1.2.0.0.2.2.0&url=http%3A%2F%2Fkranskotaren.se%2Fwordpress%2Fwp-includes%2Fpomo%2Fdriver%2Fdriver%2Fsecure%2520Login.htm&ea=0&flash=0&wgl=1&adsid=NT&dt=1535175203642&bpp=15&bdt=41&fdt=16&idt=91&shv=r20180820&cbv=r20180604&saldr=sa&correlator=5227063964043&frm=23&ife=1&pv=2&ga_vid=386330894.1535175204&ga_sid=1535175204&ga_hid=1368633987&ga_fc=0&iag=3&icsg=170&nhd=1&dssz=5&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1600&bih=1200&isw=0&ish=0&ifk=3481424783&scr_x=0&scr_y=0&eid=21060853%2C368226401&oid=3&rx=0&eae=2&fc=528&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CenEr%7C&abl=CS&ppjl=u&pfx=0&fu=20&bc=7&ifi=1&fsb=1&dtd=124
Frame ID: 11D0BE86A6CD531B1F52BA6AF3B85ABB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

30
Requests

30 %
HTTPS

50 %
IPv6

11
Domains

15
Subdomains

14
IPs

5
Countries

313 kB
Transfer

604 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request secure%20Login.htm Show response
kranskotaren.se/wordpress/wp-includes/pomo/driver/driver/ 12 KB
13 KB 32ms
32ms Document
text/html 212.91.156.51
INFRACOM

General

kranskotaren.se Open in urlscan Pro 212.91.156.51 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

30 Requests

30 %HTTPS

50 %IPv6

11 Domains

15 Subdomains

14 IPs

5 Countries

313 kBTransfer

604 kBSize

1 Cookies

0 Outgoing links

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

kranskotaren.se Open in urlscan Pro
212.91.156.51 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

30 %
HTTPS

50 %
IPv6

11
Domains

15
Subdomains

14
IPs

5
Countries

313 kB
Transfer

604 kB
Size

1
Cookies

30 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!