wg1308252.virtualuser.de
Open in
urlscan Pro
46.20.34.168
Malicious Activity!
Public Scan
Effective URL: http://wg1308252.virtualuser.de/
Submission: On February 12 via manual from NL
Summary
This is the only time wg1308252.virtualuser.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ING Group (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 2606:4700:30:... 2606:4700:30::681b:9574 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
3 | 205.185.208.52 205.185.208.52 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
4 | 2a00:1450:400... 2a00:1450:4001:820::2002 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 2a00:1450:400... 2a00:1450:4001:81e::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2606:4700:30:... 2606:4700:30::681b:9474 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
2 | 2a00:1450:400... 2a00:1450:4001:821::2002 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:809::2002 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
13 | 46.20.34.168 46.20.34.168 | 24961 (MYLOC-AS) (MYLOC-AS) | |
32 | 9 |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net
code.jquery.com |
ASN15169 (GOOGLE - Google LLC, US)
pagead2.googlesyndication.com | |
googleads.g.doubleclick.net |
ASN15169 (GOOGLE - Google LLC, US)
adservice.google.de | |
pagead2.googlesyndication.com |
ASN24961 (MYLOC-AS, DE)
PTR: files-win.gameserver.myloc.de
wg1308252.virtualuser.de |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
virtualuser.de
wg1308252.virtualuser.de |
240 KB |
5 |
ip6.si
ip6.si |
116 KB |
4 |
googlesyndication.com
pagead2.googlesyndication.com |
174 KB |
3 |
jquery.com
code.jquery.com |
104 KB |
2 |
google-analytics.com
www.google-analytics.com |
17 KB |
1 |
doubleclick.net
googleads.g.doubleclick.net |
|
1 |
google.com
adservice.google.com |
171 B |
1 |
google.de
adservice.google.de |
171 B |
0 |
googletagservices.com
Failed
www.googletagservices.com Failed |
|
32 | 9 |
Domain | Requested by | |
---|---|---|
13 | wg1308252.virtualuser.de |
ip6.si
wg1308252.virtualuser.de |
5 | ip6.si |
ip6.si
code.jquery.com |
4 | pagead2.googlesyndication.com |
ip6.si
pagead2.googlesyndication.com |
3 | code.jquery.com |
ip6.si
|
2 | www.google-analytics.com |
ip6.si
|
1 | googleads.g.doubleclick.net |
pagead2.googlesyndication.com
|
1 | adservice.google.com |
pagead2.googlesyndication.com
|
1 | adservice.google.de |
pagead2.googlesyndication.com
|
0 | www.googletagservices.com Failed |
pagead2.googlesyndication.com
|
32 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ing.nl |
inlogcodes.mijn.ing.nl |
aanvragen.ing.nl |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.google-analytics.com Google Internet Authority G3 |
2019-01-23 - 2019-04-17 |
3 months | crt.sh |
*.google.com Google Internet Authority G3 |
2019-01-23 - 2019-04-17 |
3 months | crt.sh |
*.g.doubleclick.net Google Internet Authority G3 |
2019-01-23 - 2019-04-17 |
3 months | crt.sh |
This page contains 4 frames:
Primary Page:
http://wg1308252.virtualuser.de/
Frame ID: 77EB9E6F8D8A6142834792CCC15F7BFB
Requests: 29 HTTP requests in this frame
Frame:
http://pagead2.googlesyndication.com/pagead/js/r20190206/r20190131/show_ads_impl.js
Frame ID: 3D67A770AC3012694F088ABAF18C7665
Requests: 1 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/html/r20190206/r20190131/zrt_lookup.html
Frame ID: 7B8C3952F634D5A989D8FFA7E2DF683F
Requests: 1 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8467549867037034&output=html&h=90&slotname=2513313356&adk=3764880598&adf=2469204067&w=970&lmt=1550001982&guci=1.2.0.0.2.2.0.0&format=970x90&url=http%3A%2F%2Fip6.si%2F%23NhxbLa&flash=0&wgl=1&adsid=NT&dt=1550001982748&bpp=23&bdt=1153&fdt=131&idt=129&shv=r20190206&cbv=r20190131&saldr=aa&abxe=1&correlator=1005201833534&frm=20&pv=2&ga_vid=523345183.1550001983&ga_sid=1550001983&ga_hid=1477553800&ga_fc=0&iag=0&icsg=8234&dssz=9&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=313&ady=360&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21060853%2C410075101&oid=3&rx=0&eae=0&fc=656&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CpeE%7C&abl=NS&ppjl=u&pfx=0&fu=16&bc=7&ifi=1&uci=1.8l12i58k2hif&fsb=1&xpc=BDaTPnOBMk&p=http%3A//ip6.si&dtd=154
Frame ID: C3378BBA5AAA83D70D3AD4E8C881F954
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://ip6.si/ Page URL
- http://wg1308252.virtualuser.de/ Page URL
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: Meer over de nieuwe inlogpagina
Search URL Search Domain Scan URL
Title: Gebruikersnaam of wachtwoord vergeten?
Search URL Search Domain Scan URL
Title: Mijn ING aanvragen
Search URL Search Domain Scan URL
Title: Contact met ING
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://ip6.si/ Page URL
- http://wg1308252.virtualuser.de/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
32 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
/
ip6.si/ |
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.10.2.min.js
code.jquery.com/ |
91 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui.min.js
code.jquery.com/ui/1.10.4/ |
223 KB 60 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui.min.css
code.jquery.com/ui/1.10.4/themes/redmond/ |
27 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ |
79 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ip6.gif
ip6.si/images/ |
16 KB 16 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
short_url.php
ip6.si/ |
37 B 400 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
43 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
bg.jpg
ip6.si/images/ |
69 KB 69 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
footer.png
ip6.si/images/ |
26 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
integrator.js
adservice.google.de/adsid/ |
109 B 171 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
integrator.js
adservice.google.com/adsid/ |
109 B 171 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
show_ads_impl.js
pagead2.googlesyndication.com/pagead/js/r20190206/r20190131/ |
193 KB 72 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
show_ads_impl.js
pagead2.googlesyndication.com/pagead/js/r20190206/r20190131/ Frame 3D67 |
193 KB 72 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ca-pub-8467549867037034.js
pagead2.googlesyndication.com/pub-config/r20160913/ |
68 B 179 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20190206/r20190131/ Frame 7B8C |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/r/ |
35 B 101 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
wg1308252.virtualuser.de/ |
11 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ads
googleads.g.doubleclick.net/pagead/ Frame C337 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
osd.js
www.googletagservices.com/activeview/js/current/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jsq.js
wg1308252.virtualuser.de/ |
111 KB 112 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ing-logo.svg
wg1308252.virtualuser.de/css/img/ |
11 KB 12 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
alert-info.svg
wg1308252.virtualuser.de/css/img/ |
590 B 877 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
menu-close.svg
wg1308252.virtualuser.de/css/img/ |
348 B 635 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
alert-error.svg
wg1308252.virtualuser.de/css/img/ |
623 B 910 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
checkbox.svg
wg1308252.virtualuser.de/css/img/ |
281 B 568 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow-chevron-open-right.svg
wg1308252.virtualuser.de/css/img/ |
366 B 653 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
illustratie_algemenestoring.png
wg1308252.virtualuser.de/css/img/ |
14 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base.css
wg1308252.virtualuser.de/ |
15 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
811383197.svg
wg1308252.virtualuser.de/css/img/ |
21 KB 21 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1224525800.woff2
wg1308252.virtualuser.de/css/fonts/ |
30 KB 30 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_388920554.woff2
wg1308252.virtualuser.de/css/fonts/ |
29 KB 29 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- googleads.g.doubleclick.net
- URL
- https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8467549867037034&output=html&h=90&slotname=2513313356&adk=3764880598&adf=2469204067&w=970&lmt=1550001982&guci=1.2.0.0.2.2.0.0&format=970x90&url=http%3A%2F%2Fip6.si%2F%23NhxbLa&flash=0&wgl=1&adsid=NT&dt=1550001982748&bpp=23&bdt=1153&fdt=131&idt=129&shv=r20190206&cbv=r20190131&saldr=aa&abxe=1&correlator=1005201833534&frm=20&pv=2&ga_vid=523345183.1550001983&ga_sid=1550001983&ga_hid=1477553800&ga_fc=0&iag=0&icsg=8234&dssz=9&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=313&ady=360&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21060853%2C410075101&oid=3&rx=0&eae=0&fc=656&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CpeE%7C&abl=NS&ppjl=u&pfx=0&fu=16&bc=7&ifi=1&uci=1.8l12i58k2hif&fsb=1&xpc=BDaTPnOBMk&p=http%3A//ip6.si&dtd=154
- Domain
- www.googletagservices.com
- URL
- https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ING Group (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
adservice.google.com
adservice.google.de
code.jquery.com
googleads.g.doubleclick.net
ip6.si
pagead2.googlesyndication.com
wg1308252.virtualuser.de
www.google-analytics.com
www.googletagservices.com
googleads.g.doubleclick.net
www.googletagservices.com
205.185.208.52
2606:4700:30::681b:9474
2606:4700:30::681b:9574
2a00:1450:4001:809::2002
2a00:1450:4001:81e::200e
2a00:1450:4001:820::2002
2a00:1450:4001:821::2002
46.20.34.168
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
1e932fd1c21334067f030f29d277be08c51604c49d3dffe1600b891fceae4e3f
2ddb7a10120e6cf6838cfef37adbb7ee18b81083500ca715e30f890636627e64
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
3e5c9215408174cff78c491ad0cd933f2cf7c21bdaf61d71abac85e49f901fd2
403237e689dc78baa222a8d6cb6e3455d49c6dcef78391657e52f4161ee3da36
43f7069e4439fe03b9342b17d31a8a61fa4022af11f9dee8194261f65ab0876d
528a895d8e12415bdb9a5adc043a7acfa1fb9a76022cc445a4c32702473e41d1
71345e7c99ee0f1cadbc1d9c778e97195c6859d5ba04ef931f306b06aa2ba683
83fd226ddbc6ab7a502849918dc525f5cd4a2c3d63711ffe9c08570d535bead9
84a60ca3b0ec180e3295696847244027db35fc8bd6f3c4919efcb0bdfa01d87a
8ecb0c2532918a5d766040a25fb50db80a31525949aa22f3da19d9235144a8cb
9030f83b22e9a96c2aafff1a3abfdd4ffd0cffa31e1748df717d84282fba82b5
a13c96acd88fe907edbb8becda0d113c22abde0d5ae904e5213360a1e6f145ce
c40c32284db736cf15432a4da1684b391bb82d244589b2001f83a4cbd8e984bb
c622f9704a79e3194eb565250143e8eb50abb9e752fe09cddbe32f68db3af923
ddc940750da907becde977e7932a30d68cce47c8648e57b81532d2ba8f1ca346
e86ba4f8dd6a82f423fbc44a456b3849eab753d9cee1057159093b9005ecb711
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155
ff2d1cd0d4b8adafd6a681e4520bd66d57f8b3a8b740da2e23686685f5ca33ea