urlscan.io logo urlscan.io
SecurityTrails logo

nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de Open in urlscan Pro
144.76.162.245  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/
Submission: On October 28 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 5 HTTP transactions. The main IP is 144.76.162.245, located in Germany and belongs to HETZNER-AS, DE. The main domain is nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de.
This is the only time nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

IP Address AS Autonomous System
1 144.76.162.245 24940 (HETZNER-AS)
1 2a00:1450:400... 15169 (GOOGLE)
3 4 176.9.51.136 24940 (HETZNER-AS)
1 167.99.181.1 14061 (DIGITALOC...)
1 2a00:1450:400... 15169 (GOOGLE)
5 6
1    144.76.162.245 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: master2.subdomain.com
nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de
1    2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    176.9.51.136 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: www1.qualigo.com
view.binlayer.com
qualigo.com
1    167.99.181.1 (Toronto, Canada)

ASN14061 (DIGITALOCEAN-ASN, US)
computerservicestoronto.com
1    2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
Domain Requested by
3 qualigo.com 2 redirects nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de
1 ajax.googleapis.com computerservicestoronto.com
1 computerservicestoronto.com nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de
1 view.binlayer.com 1 redirects
1 www.google-analytics.com nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de
1 nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de
5 6

This site contains no links.

Subject Issuer Validity Valid
upload.video.google.com
GTS CA 1C3		 2021-10-04 -
2021-12-27		 3 months crt.sh

This page contains 2 frames:

Primary Page: http://nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/
Frame ID: C45BB3F36E038630BC25FB4A5B6C391D
Requests: 8 HTTP requests in this frame

Frame: http://computerservicestoronto.com/assets/12/
Frame ID: 3F7BDA5BD1A18E2B6270B0AA5F13B233
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

5
Requests

20 %
HTTPS

40 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

503 kB
Transfer

1897 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://www.google-analytics.com/ga.js HTTP 307
  • https://www.google-analytics.com/ga.js
Request Chain 1
  • http://view.binlayer.com/view-9209-abgebogende.js HTTP 301
  • http://qualigo.com/view-9209-abgebogende.js HTTP 301
  • https://qualigo.com/view-9209-abgebogende.js HTTP 302
  • https://qualigo.com/doks/view.php?wm=9209-abgebogende

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/ 		32 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/
Protocol
HTTP/1.0
Server
144.76.162.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
master2.subdomain.com
Software
Apache/2.4.10 (Debian) /
Resource Hash
3ec72aaad63c176e13a9980e635a1d81baa6e4b132448c4753735ff2cc7cd84f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Thu, 28 Oct 2021 12:22:34 GMT
Server
Apache/2.4.10 (Debian)
Content-Encoding
gzip
Content-Length
9439
Connection
close
Content-Type
text/html; charset=UTF-8
ga.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/ga.js
  • https://www.google-analytics.com/ga.js
45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/ga.js
Requested by
Host: nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de
URL: http://nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/
Protocol
H2
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 26 Oct 2021 23:24:02 GMT
server
Golfe2
age
3478
date
Thu, 28 Oct 2021 11:24:36 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17168
expires
Thu, 28 Oct 2021 13:24:36 GMT

Redirect headers

Location
https://www.google-analytics.com/ga.js
Non-Authoritative-Reason
HSTS
view.php
qualigo.com/doks/
Redirect Chain
  • http://view.binlayer.com/view-9209-abgebogende.js
  • http://qualigo.com/view-9209-abgebogende.js
  • https://qualigo.com/view-9209-abgebogende.js
  • https://qualigo.com/doks/view.php?wm=9209-abgebogende
0
256 B 		Script
General
Check archive.org
Download Go to
Full URL
https://qualigo.com/doks/view.php?wm=9209-abgebogende
Requested by
Host: nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de
URL: http://nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/
Protocol
HTTP/1.1
Server
176.9.51.136 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
www1.qualigo.com
Software
Apache/2.4.10 (Debian) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 28 Oct 2021 12:22:34 GMT
Server
Apache/2.4.10 (Debian)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
0
Strict-Transport-Security
max-age=15552000; preload
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Thu, 28 Oct 2021 12:22:34 GMT
Server
Apache/2.4.10 (Debian)
Strict-Transport-Security
max-age=15552000; preload
Content-Type
text/html; charset=iso-8859-1
Location
https://qualigo.com/doks/view.php?wm=9209-abgebogende
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
315
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
487134547939d7e4874909f045b67b8232cb0a445ebce71aa85aaa5db4744f0e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8e05fce5f98ca525ed88502ec94c43763661ea74e0f84e5625a7ed161c28447f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d92fb73d4422ab97f4c170639dde5d2f11a3ebdb601a44ce2ab9de104b2da103

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
717cc576a1098d7bc9cfc06b4f908024e6f07009879a6e1f55ccc04f4a833437

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		889 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f9b1f894802acbe8d4916a787d0c221e8826ddb9db42ec09380b2f3489092c8f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
/
computerservicestoronto.com/assets/12/ Frame 3F7B 		1 MB
388 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://computerservicestoronto.com/assets/12/
Requested by
Host: nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de
URL: http://nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/
Protocol
HTTP/1.1
Server
167.99.181.1 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
2cfae87f39b4f071904ae5077bcce7565bc1b90e638731741ffc08070edd15f3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/

Response headers

Etag
"1701dd-61754fa9-570bee;gz"
Last-Modified
Sun, 24 Oct 2021 12:20:57 GMT
Content-Type
text/html
Content-Length
397027
Accept-Ranges
bytes
Content-Encoding
gzip
Vary
Accept-Encoding
Date
Thu, 28 Oct 2021 12:22:34 GMT
Server
LiteSpeed
Connection
Keep-Alive
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ Frame 3F7B 		87 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: computerservicestoronto.com
URL: http://computerservicestoronto.com/assets/12/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://computerservicestoronto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:28:20 GMT
x-content-type-options
nosniff
age
71655
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
89476
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="hosted-libraries-pushers"
expires
Thu, 27 Oct 2022 16:28:20 GMT
truncated
/ Frame 3F7B 		246 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aadfcaf72b321bcc9e5d2c61c9df681ad625e0383093108174a11fe4014c5dac

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://computerservicestoronto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ Frame 3F7B 		356 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bbb22484b6ac90a9bcddc4158e5b530c078c475b78ceab0a9873719ec7e87eb9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://computerservicestoronto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 3F7B 		267 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://computerservicestoronto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
.abgebogen.de/ Name: 1c4291b4ae135d3f7a873440d72deaca_Ad
Value: visit%3D1%3Bip%3D168.119.25.197%3B

2 Console Messages

Source Level URL
Text
javascript warning URL: http://nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/(Line 200)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, http://view.binlayer.com/view-9209-abgebogende.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: http://nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/(Line 200)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, http://view.binlayer.com/view-9209-abgebogende.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.