lnglncasoherstel.xyz Open in urlscan Pro
68.65.122.53  Malicious Activity! Public Scan

Submitted URL: https://s.id/ingIncasso
Effective URL: https://lnglncasoherstel.xyz/Nml/
Submission: On April 12 via manual from NL

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 5 HTTP transactions. The main IP is 68.65.122.53, located in United States and belongs to NAMECHEAP-NET, US. The main domain is lnglncasoherstel.xyz.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 11th 2021. Valid for: a year.
This is the only time lnglncasoherstel.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 45.126.59.196 132647 (IDNIC-PAN...)
1 2 68.65.122.53 22612 (NAMECHEAP...)
4 145.221.181.241 15625 (ING-AS Am...)
5 3
Apex Domain
Subdomains
Transfer
4 ing.nl
mijn.ing.nl
2 lnglncasoherstel.xyz
lnglncasoherstel.xyz
101 KB
1 s.id
s.id
745 B
5 3
Domain Requested by
4 mijn.ing.nl lnglncasoherstel.xyz
2 lnglncasoherstel.xyz 1 redirects
1 s.id 1 redirects
5 3

This site contains links to these domains. Also see Links.

Domain
www.ing.nl
ing.nl
Subject Issuer Validity Valid
lnglncasoherstel.xyz
Sectigo RSA Domain Validation Secure Server CA
2021-04-11 -
2022-04-11
a year crt.sh
mijn.ing.nl
Entrust Certification Authority - L1M
2020-08-21 -
2021-09-20
a year crt.sh

This page contains 7 frames:

Primary Page: https://lnglncasoherstel.xyz/Nml/
Frame ID: 17E6454100E80091A08202AB7E88A945
Requests: 11 HTTP requests in this frame

Frame: data://truncated
Frame ID: 14646A31534C778F3A068A4802BC3E7E
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 29F0AF647612075CD1C3027F9F0C30A1
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 9DA7EF0F0DB35B8AF3452FF070CE1206
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: C1FB39ED0CE6A13A05E69D7801D1F049
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: E98158496FD1140145D3E70DA3CC5F26
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 45C71ACD58BD67BB73854F931E3A6759
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://s.id/ingIncasso HTTP 301
    https://lnglncasoherstel.xyz/Nml HTTP 301
    https://lnglncasoherstel.xyz/Nml/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

160 kB
Transfer

327 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://s.id/ingIncasso HTTP 301
    https://lnglncasoherstel.xyz/Nml HTTP 301
    https://lnglncasoherstel.xyz/Nml/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
lnglncasoherstel.xyz/Nml/
Redirect Chain
  • https://s.id/ingIncasso
  • https://lnglncasoherstel.xyz/Nml
  • https://lnglncasoherstel.xyz/Nml/
231 KB
101 KB
Document
General
Full URL
https://lnglncasoherstel.xyz/Nml/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.65.122.53 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server165-5.web-hosting.com
Software
LiteSpeed / PHP/7.2.34
Resource Hash
d28e2365b5940aaf52588c7167f79fc9970f2a9e6dd8f4df6b1b1c993d81b4c4

Request headers

:method
GET
:authority
lnglncasoherstel.xyz
:scheme
https
:path
/Nml/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-powered-by
PHP/7.2.34
content-type
text/html; charset=UTF-8
content-encoding
br
vary
Accept-Encoding
date
Mon, 12 Apr 2021 06:58:10 GMT
server
LiteSpeed
x-turbo-charged-by
LiteSpeed

Redirect headers

content-type
text/html
content-length
707
date
Mon, 12 Apr 2021 06:58:09 GMT
server
LiteSpeed
location
https://lnglncasoherstel.xyz/Nml/
x-turbo-charged-by
LiteSpeed
country-config-nl-NL.e240068ae7d6fd43f005.js
mijn.ing.nl/login/
0
0
Script
General
Full URL
https://mijn.ing.nl/login/country-config-nl-NL.e240068ae7d6fd43f005.js
Requested by
Host: lnglncasoherstel.xyz
URL: https://lnglncasoherstel.xyz/Nml/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.221.181.241 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://lnglncasoherstel.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

header-nl-NL.e4ec00e6d2d72f93794c.js
mijn.ing.nl/login/
0
0
Script
General
Full URL
https://mijn.ing.nl/login/header-nl-NL.e4ec00e6d2d72f93794c.js
Requested by
Host: lnglncasoherstel.xyz
URL: https://lnglncasoherstel.xyz/Nml/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.221.181.241 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://lnglncasoherstel.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

main-nl-NL.a63df320e37a7c62ac0e.js
mijn.ing.nl/login/
0
0
Script
General
Full URL
https://mijn.ing.nl/login/main-nl-NL.a63df320e37a7c62ac0e.js
Requested by
Host: lnglncasoherstel.xyz
URL: https://lnglncasoherstel.xyz/Nml/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.221.181.241 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://lnglncasoherstel.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

ing-app-authentication-nl-NL.993c38d2f5aec29d3c59.js
mijn.ing.nl/login/
0
0
Script
General
Full URL
https://mijn.ing.nl/login/ing-app-authentication-nl-NL.993c38d2f5aec29d3c59.js
Requested by
Host: lnglncasoherstel.xyz
URL: https://lnglncasoherstel.xyz/Nml/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.221.181.241 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://lnglncasoherstel.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

truncated
/
11 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
07cfeb003e43a98abde655be20806ad17cd07902ba357547ebc5b3d3f76e9126

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
25 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
73631982420d832d6c978e527ae58ff765b91eeb1d9a16e30c44bc00a03e2e91

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
281 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e86ba4f8dd6a82f423fbc44a456b3849eab753d9cee1057159093b9005ecb711

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
366 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c40c32284db736cf15432a4da1684b391bb82d244589b2001f83a4cbd8e984bb

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
30 KB
30 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e

Request headers

Origin
https://lnglncasoherstel.xyz
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/
29 KB
29 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155

Request headers

Origin
https://lnglncasoherstel.xyz
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ Frame 1464
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ Frame 29F0
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ Frame 9DA7
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ Frame C1FB
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ Frame E981
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ Frame 45C7
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| savepage_ShadowLoader

0 Cookies