nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de
Open in
urlscan Pro
144.76.162.245
Malicious Activity!
Public Scan
Submission: On October 28 via manual from US — Scanned from DE
Summary
This is the only time nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 144.76.162.245 144.76.162.245 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::200e | 15169 (GOOGLE) (GOOGLE) | |
3 4 | 176.9.51.136 176.9.51.136 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 167.99.181.1 167.99.181.1 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 | 2a00:1450:400... 2a00:1450:4001:813::200a | 15169 (GOOGLE) (GOOGLE) | |
5 | 6 |
ASN24940 (HETZNER-AS, DE)
PTR: master2.subdomain.com
nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN24940 (HETZNER-AS, DE)
PTR: www1.qualigo.com
view.binlayer.com | |
qualigo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
qualigo.com
2 redirects
qualigo.com |
869 B |
1 |
googleapis.com
ajax.googleapis.com |
88 KB |
1 |
computerservicestoronto.com
computerservicestoronto.com |
388 KB |
1 |
binlayer.com
1 redirects
view.binlayer.com |
280 B |
1 |
google-analytics.com
www.google-analytics.com |
17 KB |
1 |
abgebogen.de
nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de |
10 KB |
5 | 6 |
Domain | Requested by | |
---|---|---|
3 | qualigo.com |
2 redirects
nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de
|
1 | ajax.googleapis.com |
computerservicestoronto.com
|
1 | computerservicestoronto.com |
nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de
|
1 | view.binlayer.com | 1 redirects |
1 | www.google-analytics.com |
nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de
|
1 | nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de | |
5 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
upload.video.google.com GTS CA 1C3 |
2021-10-04 - 2021-12-27 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/
Frame ID: C45BB3F36E038630BC25FB4A5B6C391D
Requests: 8 HTTP requests in this frame
Frame:
http://computerservicestoronto.com/assets/12/
Frame ID: 3F7BDA5BD1A18E2B6270B0AA5F13B233
Requests: 5 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://www.google-analytics.com/ga.js HTTP 307
- https://www.google-analytics.com/ga.js
- http://view.binlayer.com/view-9209-abgebogende.js HTTP 301
- http://qualigo.com/view-9209-abgebogende.js HTTP 301
- https://qualigo.com/view-9209-abgebogende.js HTTP 302
- https://qualigo.com/doks/view.php?wm=9209-abgebogende
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.0 |
Primary Request
/
nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de/ |
32 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga.js
www.google-analytics.com/ Redirect Chain
|
45 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
view.php
qualigo.com/doks/ Redirect Chain
|
0 256 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
889 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
computerservicestoronto.com/assets/12/ Frame 3F7B |
1 MB 388 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ Frame 3F7B |
87 KB 88 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 3F7B |
246 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 3F7B |
356 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 3F7B |
267 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.abgebogen.de/ | Name: 1c4291b4ae135d3f7a873440d72deaca_Ad Value: visit%3D1%3Bip%3D168.119.25.197%3B |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
computerservicestoronto.com
nuurrg0n7m5t3l12nxh4on6kumjcmztlkbo.abgebogen.de
qualigo.com
view.binlayer.com
www.google-analytics.com
144.76.162.245
167.99.181.1
176.9.51.136
2a00:1450:4001:813::200a
2a00:1450:4001:828::200e
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
2cfae87f39b4f071904ae5077bcce7565bc1b90e638731741ffc08070edd15f3
3ec72aaad63c176e13a9980e635a1d81baa6e4b132448c4753735ff2cc7cd84f
487134547939d7e4874909f045b67b8232cb0a445ebce71aa85aaa5db4744f0e
717cc576a1098d7bc9cfc06b4f908024e6f07009879a6e1f55ccc04f4a833437
8e05fce5f98ca525ed88502ec94c43763661ea74e0f84e5625a7ed161c28447f
aadfcaf72b321bcc9e5d2c61c9df681ad625e0383093108174a11fe4014c5dac
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548
bbb22484b6ac90a9bcddc4158e5b530c078c475b78ceab0a9873719ec7e87eb9
d92fb73d4422ab97f4c170639dde5d2f11a3ebdb601a44ce2ab9de104b2da103
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f9b1f894802acbe8d4916a787d0c221e8826ddb9db42ec09380b2f3489092c8f