web4776.cweb02.gamingweb.de Open in urlscan Pro
45.81.232.15 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://rplg.co/82df61b0
Effective URL:
https://web4776.cweb02.gamingweb.de/verificatiepagina1-2-2020/
Submission: On February 01 via api (February 1st 2020, 10:20:11 pm UTC) from US

Summary HTTP 65 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 10 IPs in 6 countries across 10 domains to perform 65 HTTP transactions. The main IP is 45.81.232.15, located in Germany and belongs to DE-FIRSTCOLO www.first-colo.net, DE. The main domain is web4776.cweb02.gamingweb.de.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 31st 2020. Valid for: 3 months.

This is the only time web4776.cweb02.gamingweb.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ABN Amro (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	35.238.70.19 35.238.70.19	15169 (GOOGLE) (GOOGLE)
48	45.81.232.15 45.81.232.15	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
1 4	52.49.234.3 52.49.234.3	16509 (AMAZON-02) (AMAZON-02)
2	104.108.40.76 104.108.40.76	16625 (AKAMAI-AS) (AKAMAI-AS)
2 4	172.217.22.102 172.217.22.102	15169 (GOOGLE) (GOOGLE)
1	52.30.78.155 52.30.78.155	16509 (AMAZON-02) (AMAZON-02)
3	15.188.105.205 15.188.105.205	16509 (AMAZON-02) (AMAZON-02)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE)
1	99.80.110.198 99.80.110.198	16509 (AMAZON-02) (AMAZON-02)
1	13.35.254.228 13.35.254.228	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00:194::6d2b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
65	10

1 35.238.70.19 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 19.70.238.35.bc.googleusercontent.com

rplg.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

48 45.81.232.15 (Germany)

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)
PTR: cweb02.gamingweb.de

web4776.cweb02.gamingweb.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.49.234.3 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-234-3.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.108.40.76 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-40-76.deploy.static.akamaitechnologies.com

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.22.102 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s18-in-f102.1e100.net

4368908.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.78.155 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-78-155.eu-west-1.compute.amazonaws.com

abnamro.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 15.188.105.205 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-105-205.eu-west-3.compute.amazonaws.com

abnamro.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.80.110.198 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-110-198.eu-west-1.compute.amazonaws.com

w.usabilla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.254.228 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-254-228.fra6.r.cloudfront.net

d6tizftlrpuof.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:194::6d2b (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

www.abnamro.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	gamingweb.de web4776.cweb02.gamingweb.de	2 MB
5	demdex.net 1 redirects dpm.demdex.net abnamro.demdex.net	3 KB
4	doubleclick.net 2 redirects 4368908.fls.doubleclick.net	2 KB
3	omtrdc.net abnamro.sc.omtrdc.net	680 B
2	tiqcdn.com tags.tiqcdn.com	57 KB
1	abnamro.nl www.abnamro.nl	1 KB
1	cloudfront.net d6tizftlrpuof.cloudfront.net	7 KB
1	usabilla.com w.usabilla.com	14 KB
1	everesttech.net 1 redirects cm.everesttech.net	554 B
1	rplg.co 1 redirects rplg.co	246 B
65	10

	Domain	Requested by
48	web4776.cweb02.gamingweb.de	web4776.cweb02.gamingweb.de
4	4368908.fls.doubleclick.net	2 redirects web4776.cweb02.gamingweb.de
4	dpm.demdex.net	1 redirects web4776.cweb02.gamingweb.de
3	abnamro.sc.omtrdc.net	web4776.cweb02.gamingweb.de
2	tags.tiqcdn.com	web4776.cweb02.gamingweb.de
1	www.abnamro.nl
1	d6tizftlrpuof.cloudfront.net	web4776.cweb02.gamingweb.de
1	w.usabilla.com	web4776.cweb02.gamingweb.de
1	cm.everesttech.net	1 redirects
1	abnamro.demdex.net	web4776.cweb02.gamingweb.de
1	rplg.co	1 redirects
65	11

This site contains links to these domains. Also see Links.

Domain
www.abnamro.nl

Subject Issuer	Validity	Valid
web4776.cweb02.gamingweb.de Let's Encrypt Authority X3	`2020-01-31` - `2020-04-30`	3 months	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
*.tiqcdn.com DigiCert SHA2 Secure Server CA	`2018-12-30` - `2020-03-30`	a year	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-01-14` - `2020-04-07`	3 months	crt.sh
*.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2019-04-23` - `2020-04-14`	a year	crt.sh
w.usabilla.com Amazon	`2019-05-08` - `2020-06-08`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2019-07-17` - `2020-07-05`	a year	crt.sh
www.abnamro.nl QuoVadis EV SSL ICA G1	`2020-01-14` - `2022-01-14`	2 years	crt.sh

This page contains 7 frames:

Primary Page: https://web4776.cweb02.gamingweb.de/verificatiepagina1-2-2020/
Frame ID: 669556E4F1C33FB1A9A91F733391BFD8
Requests: 58 HTTP requests in this frame

Frame: https://web4776.cweb02.gamingweb.de/verificatiepagina1-2-2020/bestanden/index_002.htm
Frame ID: AABD941302765E5655B972FCBAC7B7DA
Requests: 2 HTTP requests in this frame

Frame: https://4368908.fls.doubleclick.net/activityi;dc_pre=CNTB47exsecCFVXGuwgd3CoMjA;src=4368908;type=tosy10;cat=2019_0;ord=4555899697492;gtm=2od9p0;auiddc=1533169593.1570036182;u15=b1d3d8a2-83bb-4f3f-ba0a-06c1b603af58;u20=retail;u21=mijn-overzicht;u22=overzicht;u24=NL;u25=nl;u26=mij%3Amijn%3Aoverzicht%3Aindex;u27=https%3A%2F%2Fwww.abnamro.nl%2Fportalserver%2Fmijn-abnamro%2Fmijn-overzicht%2Foverzicht%2Findex.html;u28=0;~oref=https%3A%2F%2Fwww.abnamro.nl%2Fportalserver%2Fmijn-abnamro%2Fmijn-overzicht%2Foverzicht%2Findex.html
Frame ID: 8A15EAFB657C5D67C1DBB2E19DF84B52
Requests: 1 HTTP requests in this frame

Frame: https://4368908.fls.doubleclick.net/activityi;dc_pre=CJPD47exsecCFSzGuwgdE24KpA;src=4368908;type=tosy10;cat=2019_0;ord=4431806523173;gtm=2od9p0;auiddc=1533169593.1570036182;u15=b1d3d8a2-83bb-4f3f-ba0a-06c1b603af58;u20=retail;u21=mijn-overzicht;u22=overzicht;u24=NL;u25=nl;u26=mij%3Amijn%3Aoverzicht%3Aindex;u27=https%3A%2F%2Fwww.abnamro.nl%2Fportalserver%2Fmijn-abnamro%2Fmijn-overzicht%2Foverzicht%2Findex.html;u28=0;~oref=https%3A%2F%2Fwww.abnamro.nl%2Fportalserver%2Fmijn-abnamro%2Fmijn-overzicht%2Foverzicht%2Findex.html
Frame ID: 833C78281D6CA3AB21D3FDB06EECC94D
Requests: 1 HTTP requests in this frame

Frame: https://abnamro.demdex.net/dest5.html?d_nsid=0
Frame ID: 80A7D78FED917F07693C02F0ADB5BADE
Requests: 1 HTTP requests in this frame

Frame: https://w.usabilla.com/3fdfb3d605e5.js?lv=1
Frame ID: 961989CCEC192BBFBEC51B53BA34265C
Requests: 1 HTTP requests in this frame

Frame: https://d6tizftlrpuof.cloudfront.net/themes/production/abnamro-button-3683dd96add3e002f24067465cf2ac2d.png
Frame ID: 0D5F86A8A05B940562D2469175D142F3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://rplg.co/82df61b0 HTTP 302
https://web4776.cweb02.gamingweb.de/verificatiepagina1-2-2020/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Tealium (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /^(?:https?:)?\/\/tags\.tiqcdn\.com\//i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

65
Requests

95 %
HTTPS

9 %
IPv6

10
Domains

11
Subdomains

10
IPs

6
Countries

1912 kB
Transfer

2203 kB
Size

14
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.abnamro.nl/nl/prive/index.html
Title: ABNAMRO.nl

Search URL Search Domain Scan URL

URL: https://www.abnamro.nl/portalserver/mijn-abnamro/instellingen/identificatiecode/aanmaken.html
Title: Een (nieuwe) Identificatiecode aanvragen (html, )

Search URL Search Domain Scan URL

URL: https://www.abnamro.nl/nl/prive/betalen/geld-overmaken/periodieke-overboekingen.html
Title: Periodieke overboekingen

Search URL Search Domain Scan URL

URL: https://www.abnamro.nl/nl/prive/internet-en-mobiel/internet-bankieren/problemen-oplossen/index.html?pos=ib_link1_inloggen
Title: Problemen met Internet Bankieren oplossen

Search URL Search Domain Scan URL

URL: https://www.abnamro.nl/nl/prive/betalen/geld-overmaken/geld-overmaken-naar-het-buitenland.html
Title: Geld overboeken naar het buitenland

Search URL Search Domain Scan URL

URL: https://www.abnamro.nl/portalserver/mijn-abnamro/mijn-overzicht/overzicht/index.html
Title: NL

Search URL Search Domain Scan URL

URL: https://www.abnamro.nl/portalserver/my-abnamro/my-overview/overview/index.html
Title: EN

Search URL Search Domain Scan URL

URL: https://www.abnamro.nl/nl/prive/abnamro/index.html
Title: Over ABN AMRO

Search URL Search Domain Scan URL

URL: https://www.abnamro.nl/nl/prive/abnamro/toegankelijkheid.html
Title: Toegankelijkheid

Search URL Search Domain Scan URL

URL: https://www.abnamro.nl/nl/prive/abnamro/duurzaamheid/index.html
Title: Duurzaamheid

Search URL Search Domain Scan URL

URL: https://www.abnamro.nl/nl/prive/abnamro/veiligheid.html
Title: Veiligheid

Search URL Search Domain Scan URL

URL: https://www.abnamro.nl/nl/prive/abnamro/privacy/index.html
Title: Privacy en cookies

Search URL Search Domain Scan URL

URL: https://www.abnamro.nl/nl/prive/abnamro/disclaimer.html
Title: Disclaimer

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://rplg.co/82df61b0 HTTP 302
https://web4776.cweb02.gamingweb.de/verificatiepagina1-2-2020/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

https://dpm.demdex.net/id?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0861467352782C5E0A490D45%40AdobeOrg&d_nsid=0&ts=1580595594655 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0861467352782C5E0A490D45%40AdobeOrg&d_nsid=0&ts=1580595594655

Request Chain 51

https://4368908.fls.doubleclick.net/activityi;src=4368908;type=tosy10;cat=2019_0;ord=4555899697492;gtm=2od9p0;auiddc=1533169593.1570036182;u15=b1d3d8a2-83bb-4f3f-ba0a-06c1b603af58;u20=retail;u21=mijn-overzicht;u22=overzicht;u24=NL;u25=nl;u26=mij%3Amijn%3Aoverzicht%3Aindex;u27=https%3A%2F%2Fwww.abnamro.nl%2Fportalserver%2Fmijn-abnamro%2Fmijn-overzicht%2Foverzicht%2Findex.html;u28=0;~oref=https%3A%2F%2Fwww.abnamro.nl%2Fportalserver%2Fmijn-abnamro%2Fmijn-overzicht%2Foverzicht%2Findex.html HTTP 302
https://4368908.fls.doubleclick.net/activityi;dc_pre=CNTB47exsecCFVXGuwgd3CoMjA;src=4368908;type=tosy10;cat=2019_0;ord=4555899697492;gtm=2od9p0;auiddc=1533169593.1570036182;u15=b1d3d8a2-83bb-4f3f-ba0a-06c1b603af58;u20=retail;u21=mijn-overzicht;u22=overzicht;u24=NL;u25=nl;u26=mij%3Amijn%3Aoverzicht%3Aindex;u27=https%3A%2F%2Fwww.abnamro.nl%2Fportalserver%2Fmijn-abnamro%2Fmijn-overzicht%2Foverzicht%2Findex.html;u28=0;~oref=https%3A%2F%2Fwww.abnamro.nl%2Fportalserver%2Fmijn-abnamro%2Fmijn-overzicht%2Foverzicht%2Findex.html

Request Chain 52

https://4368908.fls.doubleclick.net/activityi;src=4368908;type=tosy10;cat=2019_0;ord=4431806523173;gtm=2od9p0;auiddc=1533169593.1570036182;u15=b1d3d8a2-83bb-4f3f-ba0a-06c1b603af58;u20=retail;u21=mijn-overzicht;u22=overzicht;u24=NL;u25=nl;u26=mij%3Amijn%3Aoverzicht%3Aindex;u27=https%3A%2F%2Fwww.abnamro.nl%2Fportalserver%2Fmijn-abnamro%2Fmijn-overzicht%2Foverzicht%2Findex.html;u28=0;~oref=https%3A%2F%2Fwww.abnamro.nl%2Fportalserver%2Fmijn-abnamro%2Fmijn-overzicht%2Foverzicht%2Findex.html HTTP 302
https://4368908.fls.doubleclick.net/activityi;dc_pre=CJPD47exsecCFSzGuwgdE24KpA;src=4368908;type=tosy10;cat=2019_0;ord=4431806523173;gtm=2od9p0;auiddc=1533169593.1570036182;u15=b1d3d8a2-83bb-4f3f-ba0a-06c1b603af58;u20=retail;u21=mijn-overzicht;u22=overzicht;u24=NL;u25=nl;u26=mij%3Amijn%3Aoverzicht%3Aindex;u27=https%3A%2F%2Fwww.abnamro.nl%2Fportalserver%2Fmijn-abnamro%2Fmijn-overzicht%2Foverzicht%2Findex.html;u28=0;~oref=https%3A%2F%2Fwww.abnamro.nl%2Fportalserver%2Fmijn-abnamro%2Fmijn-overzicht%2Foverzicht%2Findex.html

Request Chain 56

https://cm.everesttech.net/cm/dd?d_uuid=43384888579824203300136689479156812891 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XjX5iwAAATf8uRTJ

65 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
web4776.cweb02.gamingweb.de/verificatiepagina1-2-2020/
Redirect Chain

https://rplg.co/82df61b0
https://web4776.cweb02.gamingweb.de/verificatiepagina1-2-2020/

143 KB
24 KB

229ms
88ms

Document
text/html

45.81.232.15
DE-FIRSTCOLO www....

General

Domain/Path	Expires	Name / Value
.demdex.net/	1970-01-19 11:22:27	Name: demdex Value: 43384888579824203300136689479156812891
.doubleclick.net/	1970-01-19 16:24:51	Name: IDE Value: AHWqTUmNh4pi9AgShWVlXaKVUZLcUFJJvBmMqy-hBGgHfndx8sSy8cb6AhBaStxC
web4776.cweb02.gamingweb.de/	1970-01-29 07:03:11	Name: Segment Value: 273fa2ef-08de-48e9-95c2-f9fe6805c91f-31363030313230303234656e
.gamingweb.de/	1970-01-19 15:48:51	Name: utag_main Value: v_id:017002d6c58f001d1238e6d420d500078003e07000b08$_sn:1$_se:2$_ss:0$_st:1580597395412$ses_id:1580595594640%3Bexp-session$_pn:1%3Bexp-session$vapi_domain:gamingweb.de
.gamingweb.de/	1970-01-21 02:54:08	Name: s_eVar84 Value: %5B%5B%27Typed%2FBookmarked%27%2C%271580595595320%27%5D%5D
.gamingweb.de/	1970-01-21 02:54:08	Name: s_eVar83 Value: %5B%5B%27Typed%2FBookmarked%27%2C%271580595595320%27%5D%5D
.gamingweb.de/	1970-01-19 07:03:17	Name: s_tbm Value: true
.gamingweb.de/	1969-12-31 23:59:59	Name: s_cc Value: true
.gamingweb.de/	1969-12-31 23:59:59	Name: s_sess Value: %20s_cpext%3DTyped%252FBookmarkedTyped%252FBookmarkedundefined%3B%20s_crurl%3D--https%253A%252F%252Fweb4776.cweb02.gamingweb.de%252Fverificatiepagina1-2-2020%252F%3B%20s_cc%3Dtrue%3B
.gamingweb.de/	1969-12-31 23:59:59	Name: AMCVS_0861467352782C5E0A490D45%40AdobeOrg Value: 1
.gamingweb.de/	1970-01-21 02:54:08	Name: s_pers Value: %20s_vs%3D1%7C1580597395144%3B%20s_cpdirect%3D1%7C1580597395146%3B%20s_cahi%3D%255B%255B%2527Direct%2527%252C%25271580595595147%2527%255D%255D%7C1738448395147%3B%20s_channel%3D%255B%255B%2527Direct%2527%252C%25271580595595148%2527%255D%255D%7C1738448395148%3B%20s_fid%3D05BF3A07E2EF3335-3AFC2C422394C2E7%7C1643753995151%3B%20s_new_repeat%3D1580595595152-New%7C1612131595152%3B
.gamingweb.de/	1970-01-19 07:46:27	Name: UVID Value: b423f6d1-0aaf-4a87-8291-1d9078ef33bc
.gamingweb.de/	1970-01-19 07:03:17	Name: s_visit Value: 1
.gamingweb.de/	1970-01-20 00:35:53	Name: AMCV_0861467352782C5E0A490D45%40AdobeOrg Value: 281789898%7CMCIDTS%7C18294%7CMCMID%7C34800678832072071880980475986789998629%7CMCAAMLH-1581200395%7C6%7CMCAAMB-1581200395%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1580602795s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18301%7CvVersion%7C4.1.0

web4776.cweb02.gamingweb.de Open in urlscan Pro 45.81.232.15 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

65 Requests

95 %HTTPS

9 %IPv6

10 Domains

11 Subdomains

10 IPs

6 Countries

1912 kBTransfer

2203 kBSize

14 Cookies

13 Outgoing links

Page URL History

Redirected requests

65 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

web4776.cweb02.gamingweb.de Open in urlscan Pro
45.81.232.15 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

65
Requests

95 %
HTTPS

9 %
IPv6

10
Domains

11
Subdomains

10
IPs

6
Countries

1912 kB
Transfer

2203 kB
Size

14
Cookies

65 HTTP transactions
0 data transactions