kdna.ml Open in urlscan Pro
162.240.221.204 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://kdna.ml/anything/
Submission: On September 12 via api (September 12th 2022, 1:14:38 pm UTC) from US — Scanned from DE

Summary HTTP 20 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 20 HTTP transactions. The main IP is 162.240.221.204, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is kdna.ml.

This is the only time kdna.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Comerica (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 5	162.240.221.204 162.240.221.204	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
9	104.111.246.52 104.111.246.52	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6811:e14e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	4

5 162.240.221.204 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 6056271.qskxvs.ml

kdna.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.111.246.52 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-246-52.deploy.static.akamaitechnologies.com

webbanking.comerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e14e (United States)

ASN13335 (CLOUDFLARENET, US)

fast.fonts.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	comerica.com webbanking.comerica.com — Cisco Umbrella Rank: 435660	455 KB
5	kdna.ml 1 redirects kdna.ml	111 KB
1	fonts.net fast.fonts.net — Cisco Umbrella Rank: 5233	551 B
20	3

	Domain	Requested by
9	webbanking.comerica.com	kdna.ml webbanking.comerica.com
5	kdna.ml	1 redirects kdna.ml
1	fast.fonts.net	webbanking.comerica.com
20	3

This site contains links to these domains. Also see Links.

Domain
webbanking.comerica.com
www.comerica.com

Subject Issuer	Validity	Valid
www.comerica.com DigiCert SHA2 Extended Validation Server CA	`2022-07-20` - `2023-07-23`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-05` - `2023-06-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://kdna.ml/anything/
Frame ID: 345F59C9F2E42F14BA316561EC649EE4
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log In

Page URL History Show full URLs

http://kdna.ml/anything HTTP 301
http://kdna.ml/anything/ Page URL

Page Statistics

20
Requests

50 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

567 kB
Transfer

691 kB
Size

2
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://webbanking.comerica.com/Comerica/ForgottenPassword/ForgotYourPassword.aspx
Title: Forgot Your Password?

Search URL Search Domain Scan URL

URL: http://www.comerica.com/wbenroll
Title: Set Up Web Banking

Search URL Search Domain Scan URL

URL: https://webbanking.comerica.com//Comerica/Help.aspx
Title: FAQ

Search URL Search Domain Scan URL

URL: http://www.comerica.com/generalinquiry
Title: E-mail

Search URL Search Domain Scan URL

URL: http://www.comerica.com/mobile
Title: Learn more about mobile banking

Search URL Search Domain Scan URL

URL: http://www.comerica.com/legal
Title: Terms of Use

Search URL Search Domain Scan URL

URL: http://www.comerica.com/privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: http://www.comerica.com/security
Title: Security

Search URL Search Domain Scan URL

URL: http://www.comerica.com/consumercomplaint
Title: Consumer Complaint Notice

Search URL Search Domain Scan URL

URL: http://www.comerica.com/cprc
Title: Security Protection

Search URL Search Domain Scan URL

URL: http://www.comerica.com/branchatmlocator
Title: Locations

Search URL Search Domain Scan URL

URL: https://www.comerica.com/
Title: Comerica.com

Search URL Search Domain Scan URL

URL: http://www.comerica.com/contactus
Title: Contact Us

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://kdna.ml/anything HTTP 301
http://kdna.ml/anything/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
kdna.ml/anything/
Redirect Chain

http://kdna.ml/anything
http://kdna.ml/anything/

110 KB
111 KB

170ms
170ms

Document
text/html

162.240.221.204
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://kdna.ml/anything/
Protocol: HTTP/1.1
Server: 162.240.221.204 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 6056271.qskxvs.ml
Software: Apache /
Resource Hash: 858679aec5501d6f3fe4938ceb800c2d083795a6cf00bc22e3768b699068c82c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 112994
Content-Type: text/html
Date: Mon, 12 Sep 2022 13:14:31 GMT
Keep-Alive: timeout=5, max=99
Last-Modified: Mon, 15 Aug 2022 22:58:00 GMT
Server: Apache

Redirect headers

Connection: Keep-Alive
Content-Length: 232
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 12 Sep 2022 13:14:31 GMT
Keep-Alive: timeout=5, max=100
Location: http://kdna.ml/anything/
Server: Apache

GET
H/1.1 200
OK NewUIstandard.css
webbanking.comerica.com/Comerica/Themes/NewUI/CSS/ 106 KB
21 KB 522ms
59ms Stylesheet
text/css 104.111.246.52
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://webbanking.comerica.com/Comerica/Themes/NewUI/CSS/NewUIstandard.css?v=4.5.62406.72

Requested by

Host: kdna.ml
URL: http://kdna.ml/anything/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.246.52 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-246-52.deploy.static.akamaitechnologies.com

Software

Resource Hash

8708a3a08100537d107ccbf9932726dfbf378ef64d6a75c8832672f5e4ee2714

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://kdna.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Last-Modified: Tue, 28 Jun 2022 20:39:30 GMT
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "02d7d2a2f8bd81:0"
Vary: Accept-Encoding
Content-Type: text/css
Date: Mon, 12 Sep 2022 13:14:33 GMT
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1580383498"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20998
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK global_print.css
webbanking.comerica.com/Comerica/Themes/NewUI/CSS/ 13 KB
3 KB 349ms
54ms Stylesheet
text/css 104.111.246.52
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://webbanking.comerica.com/Comerica/Themes/NewUI/CSS/global_print.css?v=4.5.62406.72

Requested by

Host: kdna.ml
URL: http://kdna.ml/anything/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.246.52 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-246-52.deploy.static.akamaitechnologies.com

Software

Resource Hash

895a197339576f01389985edc50247d8e7d55226e13efc85def087738fbffa2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://kdna.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Last-Modified: Tue, 28 Jun 2022 20:39:30 GMT
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "02d7d2a2f8bd81:0"
Vary: Accept-Encoding
Content-Type: text/css
Date: Mon, 12 Sep 2022 13:14:33 GMT
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1476608814"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2991
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK standard_print.css
webbanking.comerica.com/Comerica/Themes/NewUI/CSS/ 18 KB
4 KB 367ms
72ms Stylesheet
text/css 104.111.246.52
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://webbanking.comerica.com/Comerica/Themes/NewUI/CSS/standard_print.css?v=4.5.62406.72

Requested by

Host: kdna.ml
URL: http://kdna.ml/anything/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.246.52 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-246-52.deploy.static.akamaitechnologies.com

Software

Resource Hash

f66dfd2a219a4130f66a6d9dac7a6b30724f15d917f67ef559d20f62b23c2db0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://kdna.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Last-Modified: Tue, 28 Jun 2022 20:39:30 GMT
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "02d7d2a2f8bd81:0"
Vary: Accept-Encoding
Content-Type: text/css
Date: Mon, 12 Sep 2022 13:14:33 GMT
Server-Timing: dtSInfo;desc="0", dtRpid;desc="594867511"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3850
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found DESGetFiles.aspx
kdna.ml/Comerica/ 0
0 335ms
169ms Stylesheet
text/html 162.240.221.204
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://kdna.ml/Comerica/DESGetFiles.aspx?type=styles&version=63792031164&files=13
Requested by: Host: kdna.ml
URL: http://kdna.ml/anything/
Protocol: HTTP/1.1
Server: 162.240.221.204 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 6056271.qskxvs.ml
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://kdna.ml/anything/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Mon, 12 Sep 2022 13:14:32 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
DATA 200
OK truncated
/ 19 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d512d74290b7d4c96348719c747086028c03f05c6041fd440d16cdabefdd9a3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://kdna.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 404
Not Found blank.gif
kdna.ml/anything/Images/ 315 B
315 B 171ms
169ms Image
text/html 162.240.221.204
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://kdna.ml/anything/Images/blank.gif
Requested by: Host: kdna.ml
URL: http://kdna.ml/anything/
Protocol: HTTP/1.1
Server: 162.240.221.204 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 6056271.qskxvs.ml
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://kdna.ml/anything/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Mon, 12 Sep 2022 13:14:32 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found comerica-logout-message.png
kdna.ml/anything/Themes/NewUI/Images/ 315 B
315 B 337ms
169ms Image
text/html 162.240.221.204
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://kdna.ml/anything/Themes/NewUI/Images/comerica-logout-message.png
Requested by: Host: kdna.ml
URL: http://kdna.ml/anything/
Protocol: HTTP/1.1
Server: 162.240.221.204 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 6056271.qskxvs.ml
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://kdna.ml/anything/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Mon, 12 Sep 2022 13:14:32 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK icon-error-x.png
webbanking.comerica.com/Comerica/Themes/NewUI/Images/ 1 KB
2 KB 306ms
181ms Image
image/png 104.111.246.52
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webbanking.comerica.com/Comerica/Themes/NewUI/Images/icon-error-x.png

Requested by

Host: kdna.ml
URL: http://kdna.ml/anything/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.246.52 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-246-52.deploy.static.akamaitechnologies.com

Software

Resource Hash

523c55ffe58d944645046f295bf69e694c734ae5779f011aea22e885b7fc91d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://kdna.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Tue, 28 Jun 2022 20:39:30 GMT
ETag: "02d7d2a2f8bd81:0"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=604800
Date: Mon, 12 Sep 2022 13:14:33 GMT
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-953491611"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1433
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK icon-error-x.png
webbanking.comerica.com//Comerica/Themes/NewUI/Images/ 1 KB
2 KB 311ms
186ms Image
image/png 104.111.246.52
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webbanking.comerica.com//Comerica/Themes/NewUI/Images/icon-error-x.png

Requested by

Host: kdna.ml
URL: http://kdna.ml/anything/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.246.52 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-246-52.deploy.static.akamaitechnologies.com

Software

Resource Hash

523c55ffe58d944645046f295bf69e694c734ae5779f011aea22e885b7fc91d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://kdna.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Tue, 28 Jun 2022 20:39:30 GMT
ETag: "02d7d2a2f8bd81:0"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=604800
Date: Mon, 12 Sep 2022 13:14:33 GMT
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-953491611"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1433
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK footerImg.png
webbanking.comerica.com/Comerica/App_Themes/NewUI/Images/ 56 KB
56 KB 291ms
166ms Image
image/png 104.111.246.52
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webbanking.comerica.com/Comerica/App_Themes/NewUI/Images/footerImg.png

Requested by

Host: kdna.ml
URL: http://kdna.ml/anything/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.246.52 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-246-52.deploy.static.akamaitechnologies.com

Software

Resource Hash

5d2b6389f468a404d4b960bc98e2f046cd7c81413bb625b95b54eb96ecdec680

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://kdna.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Tue, 28 Jun 2022 20:39:22 GMT
ETag: "079b8252f8bd81:0"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
Date: Mon, 12 Sep 2022 13:14:33 GMT
Server-Timing: dtSInfo;desc="0", dtRpid;desc="595437149"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 57225
X-XSS-Protection: 1; mode=block

GET
H2 200 1.css
fast.fonts.net/lt/ 0
551 B 93ms
35ms Stylesheet
text/css 2606:4700::6811:e14e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/lt/1.css?apiType=css&c=e98374a9-8b08-43a3-bd05-1b62d9c40f2b&fontids=675355,675364,675361,675331,675349,675334
Requested by: Host: webbanking.comerica.com
URL: https://webbanking.comerica.com/Comerica/Themes/NewUI/CSS/global_print.css?v=4.5.62406.72
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e14e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://webbanking.comerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 13:14:33 GMT
cf-cache-status: HIT
age: 87185
cf-ray: 7498e826aca99a33-FRA
content-length: 0
x-amz-id-2: sDYjEwDo3g8Iy2aZ9vpu1exZyZymE1wwsyySe2SGJ2e+dpqg+s3lehmNQfLSerAFy6OsZDrgOBw=
last-modified: Tue, 23 Mar 2021 12:59:56 GMT
server: cloudflare
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Accept-Encoding
x-amz-request-id: EQPWRAJVH719GXCA
cache-control: public, max-age=0, s-maxage=604800
x-amz-version-id: null
accept-ranges: bytes
content-type: text/css; charset=utf-8
x-amz-meta-mtime: 1361983047

GET
H/1.1 200
OK background-login.png
webbanking.comerica.com/Comerica/Themes/NewUI/images/ 349 KB
350 KB 175ms
174ms Image
image/png 104.111.246.52
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webbanking.comerica.com/Comerica/Themes/NewUI/images/background-login.png

Requested by

Host: webbanking.comerica.com
URL: https://webbanking.comerica.com/Comerica/Themes/NewUI/CSS/NewUIstandard.css?v=4.5.62406.72

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.246.52 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-246-52.deploy.static.akamaitechnologies.com

Software

Resource Hash

3c2b8c10b9fc0ae5387cdd7f6194ed1d2616911ea1387dbab4670748407c654d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://webbanking.comerica.com/Comerica/Themes/NewUI/CSS/NewUIstandard.css?v=4.5.62406.72
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Tue, 28 Jun 2022 20:39:30 GMT
ETag: "02d7d2a2f8bd81:0"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=604800
Date: Mon, 12 Sep 2022 13:14:33 GMT
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1673221845"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 357300
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK icon-sprite.png
webbanking.comerica.com/Comerica/Themes/NewUI/images/ 16 KB
16 KB 185ms
184ms Image
image/png 104.111.246.52
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webbanking.comerica.com/Comerica/Themes/NewUI/images/icon-sprite.png

Requested by

Host: webbanking.comerica.com
URL: https://webbanking.comerica.com/Comerica/Themes/NewUI/CSS/NewUIstandard.css?v=4.5.62406.72

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.246.52 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-246-52.deploy.static.akamaitechnologies.com

Software

Resource Hash

c886bbaacfaa7c75a4e1079c4fbaea532b5f03d69c5664fea5b077f37b230999

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://webbanking.comerica.com/Comerica/Themes/NewUI/CSS/NewUIstandard.css?v=4.5.62406.72
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Tue, 28 Jun 2022 20:39:30 GMT
ETag: "02d7d2a2f8bd81:0"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=604800
Date: Mon, 12 Sep 2022 13:14:33 GMT
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-2142237938"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16283
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK ehl.png
webbanking.comerica.com/Comerica/Themes/NewUI/images/ 619 B
1 KB 169ms
168ms Image
image/png 104.111.246.52
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webbanking.comerica.com/Comerica/Themes/NewUI/images/ehl.png

Requested by

Host: webbanking.comerica.com
URL: https://webbanking.comerica.com/Comerica/Themes/NewUI/CSS/NewUIstandard.css?v=4.5.62406.72

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.246.52 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-246-52.deploy.static.akamaitechnologies.com

Software

Resource Hash

ff94747dac73e59df08492f29990d5a05c607b0bba2c74f370eb06f15af96af4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://webbanking.comerica.com/Comerica/Themes/NewUI/CSS/NewUIstandard.css?v=4.5.62406.72
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Tue, 28 Jun 2022 20:39:30 GMT
ETag: "02d7d2a2f8bd81:0"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=604800
Date: Mon, 12 Sep 2022 13:14:33 GMT
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1686613966"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 619
X-XSS-Protection: 1; mode=block

GET f51d24dd-8256-43c6-ba1a-6aeae9d3f262.woff
webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675331/ 0
0

GET 537b145a-6a7d-4787-81d9-7228d3a42458.woff
webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675355/ 0
0

GET c4aef0d4-bfcf-4790-acf5-909881f411e8.woff
webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675364/ 0
0

GET 8e50278c-45cd-4808-b774-24767d958f17.ttf
webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675355/ 0
0

GET e741f29c-bc18-4343-bff3-db2465a0be3e.ttf
webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675364/ 0
0

GET 955ee494-66b2-4eb2-8f19-bc3a088df16d.ttf
webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675331/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: webbanking.comerica.com
URL: https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675331/f51d24dd-8256-43c6-ba1a-6aeae9d3f262.woff

Domain: webbanking.comerica.com
URL: https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675355/537b145a-6a7d-4787-81d9-7228d3a42458.woff

Domain: webbanking.comerica.com
URL: https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675364/c4aef0d4-bfcf-4790-acf5-909881f411e8.woff

Domain: webbanking.comerica.com
URL: https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675355/8e50278c-45cd-4808-b774-24767d958f17.ttf

Domain: webbanking.comerica.com
URL: https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675364/e741f29c-bc18-4343-bff3-db2465a0be3e.ttf

Domain: webbanking.comerica.com
URL: https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675331/955ee494-66b2-4eb2-8f19-bc3a088df16d.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Comerica (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.fonts.net/	1970-01-20 05:56:30	Name: __cf_bm Value: cxGpTyU0.VfPnoc4fcdEigBXwqiO.bi.BGpEflbpJE4-1662988473-0-AZXCZbRPUMpWLp0kIT3TG2fSGW281ihNlEP6UDLSzhW1BD3pLoKvJxz44AbrsqoqUKjnQE6+TQGNQe+H6xzT6Y8=
			.comerica.com/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_1_sn_E991A454BFCBEE84C116439EBE968E7A_perc_100000_ol_0_mul_1_app-3A7305bc05c8d1d8e1_1_rcs-3Acss_0

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://kdna.ml/Comerica/DESGetFiles.aspx?type=styles&version=63792031164&files=13 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://kdna.ml/anything/Images/blank.gif Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://kdna.ml/anything/Themes/NewUI/Images/comerica-logout-message.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: http://kdna.ml/anything/ Message: Access to font at 'https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675355/537b145a-6a7d-4787-81d9-7228d3a42458.woff' from origin 'http://kdna.ml' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675355/537b145a-6a7d-4787-81d9-7228d3a42458.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://kdna.ml/anything/ Message: Access to font at 'https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675355/8e50278c-45cd-4808-b774-24767d958f17.ttf' from origin 'http://kdna.ml' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675355/8e50278c-45cd-4808-b774-24767d958f17.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://kdna.ml/anything/ Message: Access to font at 'https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675364/c4aef0d4-bfcf-4790-acf5-909881f411e8.woff' from origin 'http://kdna.ml' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675364/c4aef0d4-bfcf-4790-acf5-909881f411e8.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://kdna.ml/anything/ Message: Access to font at 'https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675331/f51d24dd-8256-43c6-ba1a-6aeae9d3f262.woff' from origin 'http://kdna.ml' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675331/f51d24dd-8256-43c6-ba1a-6aeae9d3f262.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://kdna.ml/anything/ Message: Access to font at 'https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675364/e741f29c-bc18-4343-bff3-db2465a0be3e.ttf' from origin 'http://kdna.ml' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675364/e741f29c-bc18-4343-bff3-db2465a0be3e.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://kdna.ml/anything/ Message: Access to font at 'https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675331/955ee494-66b2-4eb2-8f19-bc3a088df16d.ttf' from origin 'http://kdna.ml' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://webbanking.comerica.com/Comerica/Themes/NewUI/Fonts/675331/955ee494-66b2-4eb2-8f19-bc3a088df16d.ttf Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fast.fonts.net
kdna.ml
webbanking.comerica.com
webbanking.comerica.com
104.111.246.52
162.240.221.204
2606:4700::6811:e14e
3c2b8c10b9fc0ae5387cdd7f6194ed1d2616911ea1387dbab4670748407c654d
523c55ffe58d944645046f295bf69e694c734ae5779f011aea22e885b7fc91d3
5d2b6389f468a404d4b960bc98e2f046cd7c81413bb625b95b54eb96ecdec680
858679aec5501d6f3fe4938ceb800c2d083795a6cf00bc22e3768b699068c82c
8708a3a08100537d107ccbf9932726dfbf378ef64d6a75c8832672f5e4ee2714
895a197339576f01389985edc50247d8e7d55226e13efc85def087738fbffa2a
c886bbaacfaa7c75a4e1079c4fbaea532b5f03d69c5664fea5b077f37b230999
d512d74290b7d4c96348719c747086028c03f05c6041fd440d16cdabefdd9a3c
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f66dfd2a219a4130f66a6d9dac7a6b30724f15d917f67ef559d20f62b23c2db0
ff94747dac73e59df08492f29990d5a05c607b0bba2c74f370eb06f15af96af4

kdna.ml Open in urlscan Pro 162.240.221.204 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

20 Requests

50 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

567 kBTransfer

691 kBSize

2 Cookies

13 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

2 Cookies

15 Console Messages

Indicators

kdna.ml Open in urlscan Pro
162.240.221.204 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

50 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

567 kB
Transfer

691 kB
Size

2
Cookies

20 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!