urlscan.io logo urlscan.io
SecurityTrails logo

uwannulatieomgeving.xyz Open in urlscan Pro
198.54.126.78  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://lihi1.cc/MaUVH
Effective URL: https://uwannulatieomgeving.xyz/x/
Submission: On July 27 via manual from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 198.54.126.78, located in United States and belongs to NAMECHEAP-NET, US. The main domain is uwannulatieomgeving.xyz.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 26th 2021. Valid for: a year.
This is the only time uwannulatieomgeving.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 35.244.149.249 15169 (GOOGLE)
1 2 198.54.126.78 22612 (NAMECHEAP...)
4 145.221.181.241 15625 (ING-AS Am...)
11 3
Apex Domain
Subdomains		 Transfer
4 ing.nl
mijn.ing.nl
2 uwannulatieomgeving.xyz
uwannulatieomgeving.xyz
101 KB
1 lihi1.cc
lihi1.cc
680 B
11 3
Domain Requested by
4 mijn.ing.nl uwannulatieomgeving.xyz
2 uwannulatieomgeving.xyz 1 redirects
1 lihi1.cc 1 redirects
11 3

This site contains links to these domains. Also see Links.

Domain
www.ing.nl
ing.nl
Subject Issuer Validity Valid
uwannulatieomgeving.xyz
Sectigo RSA Domain Validation Secure Server CA		 2021-07-26 -
2022-07-26		 a year crt.sh
mijn.ing.nl
Entrust Certification Authority - L1M		 2020-08-21 -
2021-09-20		 a year crt.sh

This page contains 7 frames:

Primary Page: https://uwannulatieomgeving.xyz/x/
Frame ID: 22D7B1D0255D1ADEC677D964AF858D4D
Requests: 11 HTTP requests in this frame

Frame: data://truncated
Frame ID: 8B076408478EA76C9242AA9847AB7C1A
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: C7189019A15FEC5AA3430035E581ADB2
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 6114F99ED1F37516C77DBD0DDB9DE134
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 9F7C64451259314711BC6675FCA0DAA0
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: B01383FFBA1D0BCE08CC495DA65784F5
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: D64AF6D534804D0E35550F6D869B4777
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://lihi1.cc/MaUVH HTTP 302
    https://uwannulatieomgeving.xyz/x HTTP 301
    https://uwannulatieomgeving.xyz/x/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i

Page Statistics

11
Requests

45 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

163 kB
Transfer

331 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://lihi1.cc/MaUVH HTTP 302
    https://uwannulatieomgeving.xyz/x HTTP 301
    https://uwannulatieomgeving.xyz/x/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
uwannulatieomgeving.xyz/x/
Redirect Chain
  • https://lihi1.cc/MaUVH
  • https://uwannulatieomgeving.xyz/x
  • https://uwannulatieomgeving.xyz/x/
231 KB
101 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://uwannulatieomgeving.xyz/x/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.54.126.78 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server33-4.web-hosting.com
Software
LiteSpeed / PHP/7.2.34
Resource Hash
d28e2365b5940aaf52588c7167f79fc9970f2a9e6dd8f4df6b1b1c993d81b4c4

Request headers

:method
GET
:authority
uwannulatieomgeving.xyz
:scheme
https
:path
/x/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-powered-by
PHP/7.2.34
content-type
text/html; charset=UTF-8
content-encoding
br
vary
Accept-Encoding
date
Tue, 27 Jul 2021 08:31:43 GMT
server
LiteSpeed
x-turbo-charged-by
LiteSpeed

Redirect headers

content-type
text/html
content-length
707
date
Tue, 27 Jul 2021 08:31:43 GMT
server
LiteSpeed
location
https://uwannulatieomgeving.xyz/x/
x-turbo-charged-by
LiteSpeed
country-config-nl-NL.e240068ae7d6fd43f005.js
mijn.ing.nl/login/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://mijn.ing.nl/login/country-config-nl-NL.e240068ae7d6fd43f005.js
Requested by
Host: uwannulatieomgeving.xyz
URL: https://uwannulatieomgeving.xyz/x/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.221.181.241 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://uwannulatieomgeving.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
header-nl-NL.e4ec00e6d2d72f93794c.js
mijn.ing.nl/login/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://mijn.ing.nl/login/header-nl-NL.e4ec00e6d2d72f93794c.js
Requested by
Host: uwannulatieomgeving.xyz
URL: https://uwannulatieomgeving.xyz/x/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.221.181.241 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://uwannulatieomgeving.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
main-nl-NL.a63df320e37a7c62ac0e.js
mijn.ing.nl/login/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://mijn.ing.nl/login/main-nl-NL.a63df320e37a7c62ac0e.js
Requested by
Host: uwannulatieomgeving.xyz
URL: https://uwannulatieomgeving.xyz/x/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.221.181.241 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://uwannulatieomgeving.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
ing-app-authentication-nl-NL.993c38d2f5aec29d3c59.js
mijn.ing.nl/login/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://mijn.ing.nl/login/ing-app-authentication-nl-NL.993c38d2f5aec29d3c59.js
Requested by
Host: uwannulatieomgeving.xyz
URL: https://uwannulatieomgeving.xyz/x/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.221.181.241 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://uwannulatieomgeving.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
truncated
/ 		11 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
07cfeb003e43a98abde655be20806ad17cd07902ba357547ebc5b3d3f76e9126

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		25 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
73631982420d832d6c978e527ae58ff765b91eeb1d9a16e30c44bc00a03e2e91

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		30 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e

Request headers

Origin
https://uwannulatieomgeving.xyz
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155

Request headers

Origin
https://uwannulatieomgeving.xyz
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		281 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e86ba4f8dd6a82f423fbc44a456b3849eab753d9cee1057159093b9005ecb711

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		366 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c40c32284db736cf15432a4da1684b391bb82d244589b2001f83a4cbd8e984bb

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 8B07 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ Frame C718 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ Frame 6114 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ Frame 9F7C 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ Frame B013 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ Frame D64A 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| savepage_ShadowLoader

0 Cookies