uwannulatieomgeving.xyz
Open in
urlscan Pro
198.54.126.78
Malicious Activity!
Public Scan
Effective URL: https://uwannulatieomgeving.xyz/x/
Submission: On July 27 via manual from NL
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 26th 2021. Valid for: a year.
This is the only time uwannulatieomgeving.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ING Group (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 35.244.149.249 35.244.149.249 | 15169 (GOOGLE) (GOOGLE) | |
1 2 | 198.54.126.78 198.54.126.78 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
4 | 145.221.181.241 145.221.181.241 | 15625 (ING-AS Am...) (ING-AS Amsterdam) | |
11 | 3 |
ASN15169 (GOOGLE, US)
PTR: 249.149.244.35.bc.googleusercontent.com
lihi1.cc |
ASN22612 (NAMECHEAP-NET, US)
PTR: server33-4.web-hosting.com
uwannulatieomgeving.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
ing.nl
mijn.ing.nl |
|
2 |
uwannulatieomgeving.xyz
1 redirects
uwannulatieomgeving.xyz |
101 KB |
1 |
lihi1.cc
1 redirects
lihi1.cc |
680 B |
11 | 3 |
Domain | Requested by | |
---|---|---|
4 | mijn.ing.nl |
uwannulatieomgeving.xyz
|
2 | uwannulatieomgeving.xyz | 1 redirects |
1 | lihi1.cc | 1 redirects |
11 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ing.nl |
ing.nl |
Subject Issuer | Validity | Valid | |
---|---|---|---|
uwannulatieomgeving.xyz Sectigo RSA Domain Validation Secure Server CA |
2021-07-26 - 2022-07-26 |
a year | crt.sh |
mijn.ing.nl Entrust Certification Authority - L1M |
2020-08-21 - 2021-09-20 |
a year | crt.sh |
This page contains 7 frames:
Primary Page:
https://uwannulatieomgeving.xyz/x/
Frame ID: 22D7B1D0255D1ADEC677D964AF858D4D
Requests: 11 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 8B076408478EA76C9242AA9847AB7C1A
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: C7189019A15FEC5AA3430035E581ADB2
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 6114F99ED1F37516C77DBD0DDB9DE134
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 9F7C64451259314711BC6675FCA0DAA0
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: B01383FFBA1D0BCE08CC495DA65784F5
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: D64AF6D534804D0E35550F6D869B4777
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://lihi1.cc/MaUVH
HTTP 302
https://uwannulatieomgeving.xyz/x HTTP 301
https://uwannulatieomgeving.xyz/x/ Page URL
Detected technologies
LiteSpeed (Web Servers) ExpandDetected patterns
- headers server /^LiteSpeed$/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Veilig bankieren
Search URL Search Domain Scan URL
Title: Privacy en cookies
Search URL Search Domain Scan URL
Title: Disclaimer
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://lihi1.cc/MaUVH
HTTP 302
https://uwannulatieomgeving.xyz/x HTTP 301
https://uwannulatieomgeving.xyz/x/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
uwannulatieomgeving.xyz/x/ Redirect Chain
|
231 KB 101 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
country-config-nl-NL.e240068ae7d6fd43f005.js
mijn.ing.nl/login/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header-nl-NL.e4ec00e6d2d72f93794c.js
mijn.ing.nl/login/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-nl-NL.a63df320e37a7c62ac0e.js
mijn.ing.nl/login/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ing-app-authentication-nl-NL.993c38d2f5aec29d3c59.js
mijn.ing.nl/login/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
11 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
25 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
30 KB 30 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
281 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
366 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 8B07 |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame C718 |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 6114 |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 9F7C |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame B013 |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame D64A |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ING Group (Banking)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| savepage_ShadowLoader0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
lihi1.cc
mijn.ing.nl
uwannulatieomgeving.xyz
145.221.181.241
198.54.126.78
35.244.149.249
07cfeb003e43a98abde655be20806ad17cd07902ba357547ebc5b3d3f76e9126
07d0c278271d932b096ced52241e4adb87ccf7427a59ed5f3db3ebfa01f371c5
2ed1d84773dc734ee42ebca48db6704a561a07acb6852f70a80c50cc81bdc7c8
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
3e321fd656c9f86b39ffb99bc5054912d65d19abce8886ef519144624c97a482
73631982420d832d6c978e527ae58ff765b91eeb1d9a16e30c44bc00a03e2e91
76d6635c579912dba7619c1ab635630ddd443fa1486a38bb05fece5c7797eca5
8f8c15b003dca2ad46a1399a95f3e265b7386699961e876539793ab54a7cb8a7
c40c32284db736cf15432a4da1684b391bb82d244589b2001f83a4cbd8e984bb
d28e2365b5940aaf52588c7167f79fc9970f2a9e6dd8f4df6b1b1c993d81b4c4
e86ba4f8dd6a82f423fbc44a456b3849eab753d9cee1057159093b9005ecb711
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155