lnglncasoherstel.xyz
Open in
urlscan Pro
68.65.122.53
Malicious Activity!
Public Scan
Effective URL: https://lnglncasoherstel.xyz/Nml/
Submission: On April 12 via manual from NL
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 11th 2021. Valid for: a year.
This is the only time lnglncasoherstel.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ING Group (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 45.126.59.196 45.126.59.196 | 132647 (IDNIC-PAN...) (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia) | |
1 2 | 68.65.122.53 68.65.122.53 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
4 | 145.221.181.241 145.221.181.241 | 15625 (ING-AS Am...) (ING-AS Amsterdam) | |
5 | 3 |
ASN132647 (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia, ID)
s.id |
ASN22612 (NAMECHEAP-NET, US)
PTR: server165-5.web-hosting.com
lnglncasoherstel.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
ing.nl
mijn.ing.nl |
|
2 |
lnglncasoherstel.xyz
1 redirects
lnglncasoherstel.xyz |
101 KB |
1 |
s.id
1 redirects
s.id |
745 B |
5 | 3 |
Domain | Requested by | |
---|---|---|
4 | mijn.ing.nl |
lnglncasoherstel.xyz
|
2 | lnglncasoherstel.xyz | 1 redirects |
1 | s.id | 1 redirects |
5 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ing.nl |
ing.nl |
Subject Issuer | Validity | Valid | |
---|---|---|---|
lnglncasoherstel.xyz Sectigo RSA Domain Validation Secure Server CA |
2021-04-11 - 2022-04-11 |
a year | crt.sh |
mijn.ing.nl Entrust Certification Authority - L1M |
2020-08-21 - 2021-09-20 |
a year | crt.sh |
This page contains 7 frames:
Primary Page:
https://lnglncasoherstel.xyz/Nml/
Frame ID: 17E6454100E80091A08202AB7E88A945
Requests: 11 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 14646A31534C778F3A068A4802BC3E7E
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 29F0AF647612075CD1C3027F9F0C30A1
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 9DA7EF0F0DB35B8AF3452FF070CE1206
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: C1FB39ED0CE6A13A05E69D7801D1F049
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: E98158496FD1140145D3E70DA3CC5F26
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 45C71ACD58BD67BB73854F931E3A6759
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://s.id/ingIncasso
HTTP 301
https://lnglncasoherstel.xyz/Nml HTTP 301
https://lnglncasoherstel.xyz/Nml/ Page URL
Detected technologies
LiteSpeed (Web Servers) ExpandDetected patterns
- headers server /^LiteSpeed$/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Veilig bankieren
Search URL Search Domain Scan URL
Title: Privacy en cookies
Search URL Search Domain Scan URL
Title: Disclaimer
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://s.id/ingIncasso
HTTP 301
https://lnglncasoherstel.xyz/Nml HTTP 301
https://lnglncasoherstel.xyz/Nml/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
lnglncasoherstel.xyz/Nml/ Redirect Chain
|
231 KB 101 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
country-config-nl-NL.e240068ae7d6fd43f005.js
mijn.ing.nl/login/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header-nl-NL.e4ec00e6d2d72f93794c.js
mijn.ing.nl/login/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-nl-NL.a63df320e37a7c62ac0e.js
mijn.ing.nl/login/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ing-app-authentication-nl-NL.993c38d2f5aec29d3c59.js
mijn.ing.nl/login/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
11 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
25 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
281 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
366 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
30 KB 30 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 1464 |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 29F0 |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 9DA7 |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame C1FB |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame E981 |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 45C7 |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ING Group (Banking)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| savepage_ShadowLoader0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
lnglncasoherstel.xyz
mijn.ing.nl
s.id
145.221.181.241
45.126.59.196
68.65.122.53
07cfeb003e43a98abde655be20806ad17cd07902ba357547ebc5b3d3f76e9126
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
73631982420d832d6c978e527ae58ff765b91eeb1d9a16e30c44bc00a03e2e91
c40c32284db736cf15432a4da1684b391bb82d244589b2001f83a4cbd8e984bb
d28e2365b5940aaf52588c7167f79fc9970f2a9e6dd8f4df6b1b1c993d81b4c4
e86ba4f8dd6a82f423fbc44a456b3849eab753d9cee1057159093b9005ecb711
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155