lnglncasoherstel.xyz Open in urlscan Pro
68.65.122.53 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s.id/ingIncasso
Effective URL:
https://lnglncasoherstel.xyz/Nml/
Submission: On April 12 via manual (April 12th 2021, 6:58:28 am UTC) from NL

Summary HTTP 5 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 5 HTTP transactions. The main IP is 68.65.122.53, located in United States and belongs to NAMECHEAP-NET, US. The main domain is lnglncasoherstel.xyz.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 11th 2021. Valid for: a year.

This is the only time lnglncasoherstel.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	45.126.59.196 45.126.59.196	132647 (IDNIC-PAN...) (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia)
1 2	68.65.122.53 68.65.122.53	22612 (NAMECHEAP...) (NAMECHEAP-NET)
4	145.221.181.241 145.221.181.241	15625 (ING-AS Am...) (ING-AS Amsterdam)
5	3

1 45.126.59.196 (Indonesia) 1 redirects

ASN132647 (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia, ID)

s.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.65.122.53 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: server165-5.web-hosting.com

lnglncasoherstel.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 145.221.181.241 (Netherlands)

ASN15625 (ING-AS Amsterdam, NL)

mijn.ing.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	ing.nl mijn.ing.nl
2	lnglncasoherstel.xyz 1 redirects lnglncasoherstel.xyz	101 KB
1	s.id 1 redirects s.id	745 B
5	3

	Domain	Requested by
4	mijn.ing.nl	lnglncasoherstel.xyz
2	lnglncasoherstel.xyz	1 redirects
1	s.id	1 redirects
5	3

This site contains links to these domains. Also see Links.

Domain
www.ing.nl
ing.nl

Subject Issuer	Validity	Valid
lnglncasoherstel.xyz Sectigo RSA Domain Validation Secure Server CA	`2021-04-11` - `2022-04-11`	a year	crt.sh
mijn.ing.nl Entrust Certification Authority - L1M	`2020-08-21` - `2021-09-20`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://lnglncasoherstel.xyz/Nml/
Frame ID: 17E6454100E80091A08202AB7E88A945
Requests: 11 HTTP requests in this frame

Frame: data://truncated
Frame ID: 14646A31534C778F3A068A4802BC3E7E
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 29F0AF647612075CD1C3027F9F0C30A1
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 9DA7EF0F0DB35B8AF3452FF070CE1206
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: C1FB39ED0CE6A13A05E69D7801D1F049
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: E98158496FD1140145D3E70DA3CC5F26
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 45C71ACD58BD67BB73854F931E3A6759
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://s.id/ingIncasso HTTP 301
https://lnglncasoherstel.xyz/Nml HTTP 301
https://lnglncasoherstel.xyz/Nml/ Page URL

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

160 kB
Transfer

327 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ing.nl/

Search URL Search Domain Scan URL

URL: https://ing.nl/

Search URL Search Domain Scan URL

URL: https://www.ing.nl/de-ing/veilig-bankieren/index.html
Title: Veilig bankieren

Search URL Search Domain Scan URL

URL: https://www.ing.nl/de-ing/privacy-statement/index.html
Title: Privacy en cookies

Search URL Search Domain Scan URL

URL: https://www.ing.nl/de-ing/disclaimer/index.html
Title: Disclaimer

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s.id/ingIncasso HTTP 301
https://lnglncasoherstel.xyz/Nml HTTP 301
https://lnglncasoherstel.xyz/Nml/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
12 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response lnglncasoherstel.xyz/Nml/ Redirect Chain https://s.id/ingIncasso https://lnglncasoherstel.xyz/Nml https://lnglncasoherstel.xyz/Nml/	231 KB 101 KB	374ms 374ms	Document text/html	68.65.122.53 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://lnglncasoherstel.xyz/Nml/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 68.65.122.53 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server165-5.web-hosting.com Software LiteSpeed / PHP/7.2.34 Resource Hash `d28e2365b5940aaf52588c7167f79fc9970f2a9e6dd8f4df6b1b1c993d81b4c4` Request headers :method GET :authority lnglncasoherstel.xyz :scheme https :path /Nml/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-powered-by PHP/7.2.34 content-type text/html; charset=UTF-8 content-encoding br vary Accept-Encoding date Mon, 12 Apr 2021 06:58:10 GMT server LiteSpeed x-turbo-charged-by LiteSpeed Redirect headers content-type text/html content-length 707 date Mon, 12 Apr 2021 06:58:09 GMT server LiteSpeed location https://lnglncasoherstel.xyz/Nml/ x-turbo-charged-by LiteSpeed
GET H/1.1	404 Not Found	country-config-nl-NL.e240068ae7d6fd43f005.js mijn.ing.nl/login/	0 0	407ms 60ms	Script text/html	145.221.181.241 ING-AS Amsterdam
General Check archive.org Show headers Download Go to Full URL https://mijn.ing.nl/login/country-config-nl-NL.e240068ae7d6fd43f005.js Requested by Host: lnglncasoherstel.xyz URL: https://lnglncasoherstel.xyz/Nml/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 145.221.181.241 , Netherlands, ASN15625 (ING-AS Amsterdam, NL), Reverse DNS Software / Resource Hash Request headers Referer https://lnglncasoherstel.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H/1.1	404 Not Found	header-nl-NL.e4ec00e6d2d72f93794c.js mijn.ing.nl/login/	0 0	406ms 59ms	Script text/html	145.221.181.241 ING-AS Amsterdam
General Check archive.org Show headers Download Go to Full URL https://mijn.ing.nl/login/header-nl-NL.e4ec00e6d2d72f93794c.js Requested by Host: lnglncasoherstel.xyz URL: https://lnglncasoherstel.xyz/Nml/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 145.221.181.241 , Netherlands, ASN15625 (ING-AS Amsterdam, NL), Reverse DNS Software / Resource Hash Request headers Referer https://lnglncasoherstel.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H/1.1	404 Not Found	main-nl-NL.a63df320e37a7c62ac0e.js mijn.ing.nl/login/	0 0	408ms 60ms	Script text/html	145.221.181.241 ING-AS Amsterdam
General Check archive.org Show headers Download Go to Full URL https://mijn.ing.nl/login/main-nl-NL.a63df320e37a7c62ac0e.js Requested by Host: lnglncasoherstel.xyz URL: https://lnglncasoherstel.xyz/Nml/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 145.221.181.241 , Netherlands, ASN15625 (ING-AS Amsterdam, NL), Reverse DNS Software / Resource Hash Request headers Referer https://lnglncasoherstel.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H/1.1	404 Not Found	ing-app-authentication-nl-NL.993c38d2f5aec29d3c59.js mijn.ing.nl/login/	0 0	408ms 61ms	Script text/html	145.221.181.241 ING-AS Amsterdam
General Check archive.org Show headers Download Go to Full URL https://mijn.ing.nl/login/ing-app-authentication-nl-NL.993c38d2f5aec29d3c59.js Requested by Host: lnglncasoherstel.xyz URL: https://lnglncasoherstel.xyz/Nml/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 145.221.181.241 , Netherlands, ASN15625 (ING-AS Amsterdam, NL), Reverse DNS Software / Resource Hash Request headers Referer https://lnglncasoherstel.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET DATA	200 OK	truncated /	11 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `07cfeb003e43a98abde655be20806ad17cd07902ba357547ebc5b3d3f76e9126` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	25 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `73631982420d832d6c978e527ae58ff765b91eeb1d9a16e30c44bc00a03e2e91` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	281 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e86ba4f8dd6a82f423fbc44a456b3849eab753d9cee1057159093b9005ecb711` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	366 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c40c32284db736cf15432a4da1684b391bb82d244589b2001f83a4cbd8e984bb` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	30 KB 30 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e` Request headers Origin https://lnglncasoherstel.xyz Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	29 KB 29 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155` Request headers Origin https://lnglncasoherstel.xyz Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated / Frame 1464	42 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated / Frame 29F0	42 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated / Frame 9DA7	42 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated / Frame C1FB	42 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated / Frame E981	42 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated / Frame 45C7	42 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lnglncasoherstel.xyz
mijn.ing.nl
s.id
145.221.181.241
45.126.59.196
68.65.122.53
07cfeb003e43a98abde655be20806ad17cd07902ba357547ebc5b3d3f76e9126
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
73631982420d832d6c978e527ae58ff765b91eeb1d9a16e30c44bc00a03e2e91
c40c32284db736cf15432a4da1684b391bb82d244589b2001f83a4cbd8e984bb
d28e2365b5940aaf52588c7167f79fc9970f2a9e6dd8f4df6b1b1c993d81b4c4
e86ba4f8dd6a82f423fbc44a456b3849eab753d9cee1057159093b9005ecb711
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155

lnglncasoherstel.xyz Open in urlscan Pro 68.65.122.53 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

160 kBTransfer

327 kBSize

0 Cookies

5 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

16 JavaScript Global Variables

0 Cookies

Indicators

lnglncasoherstel.xyz Open in urlscan Pro
68.65.122.53 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

160 kB
Transfer

327 kB
Size

0
Cookies

5 HTTP transactions
12 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!