bnp-agb.de
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Quttera Web Malware Removal is a paid subscription service. Pricing, plans, and trial availability are set by Quttera. Quttera is operated by Quttera Ltd, an independent third-party company unrelated to RCS LT. PCRisk.com may earn a referral commission when users sign up through this link.
Description of bnp-agb.de
The website appears to present general contractual terms and financing conditions for BNP Paribas Leasing Solutions in German. Its page title and on-page text indicate that it is intended as a document-access page where customers can retrieve Allgemeine Geschäftsbedingungen (general terms and conditions), possibly via a QR code or direct URL referenced in contract paperwork.
The branding, wording, and outbound links suggest the site is presenting itself as related to BNP Paribas Leasing Solutions and BNP Paribas Lease Group S.A., a financial-services and equipment-finance business. The page is minimal and informational rather than interactive, with links to privacy, disclaimer, and legal notice pages hosted on a bnpparibas.de subdomain, which may be intended to reinforce an association with the BNP Paribas brand.
Safety Assessment for bnp-agb.de
Multiple independent security signals raise concern about this domain at the time of the scan. It was flagged by 18 out of 91 security engines, with many of those detections classifying it as phishing or fraud-related. In addition, several web-classification providers categorized the site as phishing or financial fraud, while the page itself presents branding associated with a major financial institution. That combination can be consistent with a site that may be attempting to appear affiliated with a trusted brand.
The malware scan result was only a generic suspicious finding on the index page and did not identify a named malware family, which by itself would be a weak signal. However, that lower-confidence result is outweighed here by the broader multi-engine phishing consensus. Blacklist checks for major content-malice databases were otherwise clean at the time of the scan, but the domain's IP address was listed on one mail-reputation blocklist, which is a minor cautionary signal rather than direct proof of harmful web content.
The domain is several years old, which slightly reduces the likelihood of a throwaway campaign site, but age alone does not offset the volume of phishing-related detections and the financial-brand presentation. Based on these findings, this website may pose potential risks to visitors.
Technical Description
The site was using a valid Let's Encrypt SSL certificate at the time of the scan, expiring on 2026-09-17, and was served over HTTPS from an nginx web server. It resolved to IP address 79.142.46.46 and appeared to be hosted by KUES DATA GmbH in Losheim, Germany.
DNSSEC was not enabled (unsigned), which is common but means DNS responses do not benefit from that additional authenticity check. No iframe-related issues were reported, and only one page-level suspicious heuristic was noted in the malware scan. Even so, valid TLS and ordinary hosting characteristics should not be treated as proof of legitimacy, especially when broader phishing-related detections are present.
Share your experience with this website. Was it safe? Did you encounter any issues?