goto.otopplace.com Open in urlscan Pro
192.185.48.129  Malicious Activity! Public Scan

URL: http://goto.otopplace.com/DE/ING/Anmelden-mit-Zugangsdaten/3620e/
Submission: On February 04 via api from US — Scanned from US

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 192.185.48.129, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is goto.otopplace.com.
This is the only time goto.otopplace.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

IP Address AS Autonomous System
1 192.185.48.129 19871 (NETWORK-S...)
1 2
Apex Domain
Subdomains
Transfer
1 otopplace.com
goto.otopplace.com
183 KB
1 1
Domain Requested by
1 goto.otopplace.com
1 1
Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://goto.otopplace.com/DE/ING/Anmelden-mit-Zugangsdaten/3620e/
Frame ID: 6F7256CC215A3D4AD15F50A1AE188379
Requests: 7 HTTP requests in this frame

Screenshot

Page Title

ING Login

Page Statistics

1
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

274 kB
Transfer

459 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
goto.otopplace.com/DE/ING/Anmelden-mit-Zugangsdaten/3620e/
307 KB
183 KB
Document
General
Full URL
http://goto.otopplace.com/DE/ING/Anmelden-mit-Zugangsdaten/3620e/
Protocol
HTTP/1.1
Server
192.185.48.129 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
gator4123.hostgator.com
Software
Apache /
Resource Hash
f4777b7a3b29aba8928cb11b2eb8977c7a4d215000df814668f9dd49495f56a1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Upgrade, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html
Date
Sat, 04 Feb 2023 15:08:08 GMT
Keep-Alive
timeout=5, max=75
Last-Modified
Mon, 30 Jan 2023 11:23:13 GMT
Server
Apache
Transfer-Encoding
chunked
Upgrade
h2,h2c
Vary
Accept-Encoding
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1470546a5f8d7a68deb045a9f3be48c3fa818c53c0b4f8c854d6acdec64aa225

Request headers

accept-language
en-US,en;q=0.9
Referer
http://goto.otopplace.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
16 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf

Request headers

accept-language
en-US,en;q=0.9
Referer
http://goto.otopplace.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
30 KB
30 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e

Request headers

Referer
http://goto.otopplace.com/
Origin
http://goto.otopplace.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
application/octet-stream
truncated
/
29 KB
29 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155

Request headers

Referer
http://goto.otopplace.com/
Origin
http://goto.otopplace.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
application/octet-stream
truncated
/
32 KB
32 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
305948d72ce8577a386f77079dacdb6841f18668f64cc7865a196a0624e5b5a8

Request headers

Referer
http://goto.otopplace.com/
Origin
http://goto.otopplace.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/
44 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fb6ebe23316c03fd8d25e871bfdd9c41eb77e14115f5a01e3e0d97b94617779e

Request headers

accept-language
en-US,en;q=0.9
Referer
http://goto.otopplace.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange

0 Cookies

1 Console Messages

Source Level URL
Text
security error URL: http://goto.otopplace.com/DE/ING/Anmelden-mit-Zugangsdaten/3620e/(Line 281)
Message:
Refused to frame 'http://goto.otopplace.com/DE/ING/Anmelden-mit-Zugangsdaten/3620e/ING%20Login_files/saved_resource.html' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.