urlscan.io logo urlscan.io
SecurityTrails logo

dev-www-factorlink-portalservice-clientid95141.2ix.at Open in urlscan Pro
91.216.248.22  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ad.doubleclick.net/pcs/click?adurl=https%3A%2F%2Fibf%25EF%25BC%258Etw%2FAPffw%239aed37271b10c2587b19abff8fdc4647
Effective URL: https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f
Submission: On October 21 via manual from NL — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 7 domains to perform 16 HTTP transactions. The main IP is 91.216.248.22, located in Germany and belongs to TTM, DE. The main domain is dev-www-factorlink-portalservice-clientid95141.2ix.at.
TLS certificate: Issued by E6 on October 16th 2024. Valid for: 3 months.
This is the only time dev-www-factorlink-portalservice-clientid95141.2ix.at was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 142.250.185.102 15169 (GOOGLE)
1 1 172.67.210.122 13335 (CLOUDFLAR...)
1 172.217.18.1 15169 (GOOGLE)
3 185.27.134.215 34119 (WILDCARD-...)
2 11 91.216.248.22 47447 (TTM)
2 151.101.65.229 54113 (FASTLY)
1 172.217.18.10 15169 (GOOGLE)
16 6
1    142.250.185.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net
ad.doubleclick.net
1    172.67.210.122 (United States)

ASN13335 (CLOUDFLARENET, US)
ibf.tw
1    172.217.18.1 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f1.1e100.net
crescent-tail-design.blogspot.com
3    185.27.134.215 (United Kingdom)

ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
nafaxat520hraificom.iceiy.com
11    91.216.248.22 (Germany)

ASN47447 (TTM, DE)
PTR: frontend.lima-city.de
dev-www-factorlink-portalservice-clientid95141.2ix.at
2    151.101.65.229 (San Francisco, United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    172.217.18.10 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f10.1e100.net
fonts.googleapis.com
Apex Domain
Subdomains		 Transfer
11 2ix.at
dev-www-factorlink-portalservice-clientid95141.2ix.at
185 KB
3 iceiy.com
nafaxat520hraificom.iceiy.com
18 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 311
129 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
944 B
1 blogspot.com
crescent-tail-design.blogspot.com
15 KB
1 ibf.tw
ibf.tw
777 B
1 doubleclick.net
ad.doubleclick.net — Cisco Umbrella Rank: 150
28 B
16 7
Domain Requested by
11 dev-www-factorlink-portalservice-clientid95141.2ix.at 2 redirects nafaxat520hraificom.iceiy.com
dev-www-factorlink-portalservice-clientid95141.2ix.at
3 nafaxat520hraificom.iceiy.com crescent-tail-design.blogspot.com
nafaxat520hraificom.iceiy.com
2 cdn.jsdelivr.net dev-www-factorlink-portalservice-clientid95141.2ix.at
cdn.jsdelivr.net
1 fonts.googleapis.com cdn.jsdelivr.net
1 crescent-tail-design.blogspot.com
1 ibf.tw 1 redirects
1 ad.doubleclick.net 1 redirects
16 7

This site contains no links.

Subject Issuer Validity Valid
misc-sni.blogspot.com
WR2		 2024-09-24 -
2024-12-17		 3 months crt.sh
2ix.at
E6		 2024-10-16 -
2025-01-14		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-07-30 -
2025-08-31		 a year crt.sh
upload.video.google.com
WR2		 2024-09-30 -
2024-12-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f
Frame ID: 8AE7F7A37570709F2F1C603B867DDA5D
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Welkom,

Page URL History Show full URLs

  1. https://ad.doubleclick.net/pcs/click?adurl=https%3A%2F%2Fibf%25EF%25BC%258Etw%2FAPffw%239aed37271b10c25... HTTP 302
    https://ibf.tw/APffw HTTP 301
    https://crescent-tail-design.blogspot.com/?id=14 Page URL
  2. http://nafaxat520hraificom.iceiy.com/?560154 HTTP 307
    https://nafaxat520hraificom.iceiy.com/?560154 HTTP 307
    http://nafaxat520hraificom.iceiy.com/?560154 Page URL
  3. http://nafaxat520hraificom.iceiy.com/?560154&i=1 Page URL
  4. https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/?webid=759026 HTTP 302
    https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/index.php?status=checked&webid=6cfe9c2b8ed9a762cc7f4d5df4fec7cd... HTTP 302
    https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • <link[^>]+semantic(?:\.min)\.css"
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

16
Requests

81 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

6
IPs

3
Countries

386 kB
Transfer

1259 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ad.doubleclick.net/pcs/click?adurl=https%3A%2F%2Fibf%25EF%25BC%258Etw%2FAPffw%239aed37271b10c2587b19abff8fdc4647 HTTP 302
    https://ibf.tw/APffw HTTP 301
    https://crescent-tail-design.blogspot.com/?id=14 Page URL
  2. http://nafaxat520hraificom.iceiy.com/?560154 HTTP 307
    https://nafaxat520hraificom.iceiy.com/?560154 HTTP 307
    http://nafaxat520hraificom.iceiy.com/?560154 Page URL
  3. http://nafaxat520hraificom.iceiy.com/?560154&i=1 Page URL
  4. https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/?webid=759026 HTTP 302
    https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/index.php?status=checked&webid=6cfe9c2b8ed9a762cc7f4d5df4fec7cd9b4c39e3 HTTP 302
    https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://ad.doubleclick.net/pcs/click?adurl=https%3A%2F%2Fibf%25EF%25BC%258Etw%2FAPffw%239aed37271b10c2587b19abff8fdc4647 HTTP 302
  • https://ibf.tw/APffw HTTP 301
  • https://crescent-tail-design.blogspot.com/?id=14
Request Chain 1
  • http://nafaxat520hraificom.iceiy.com/?560154 HTTP 307
  • https://nafaxat520hraificom.iceiy.com/?560154 HTTP 307
  • http://nafaxat520hraificom.iceiy.com/?560154

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
crescent-tail-design.blogspot.com/
Redirect Chain
  • https://ad.doubleclick.net/pcs/click?adurl=https%3A%2F%2Fibf%25EF%25BC%258Etw%2FAPffw%239aed37271b10c2587b19abff8fdc4647
  • https://ibf.tw/APffw
  • https://crescent-tail-design.blogspot.com/?id=14
72 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://crescent-tail-design.blogspot.com/?id=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.1 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f1.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
gzip
content-length
15297
content-type
text/html; charset=UTF-8
date
Mon, 21 Oct 2024 15:54:42 GMT
etag
W/"5b61f5b5cdf878ac7261070e37cf106b525d0ebb34fb4edcb8c68e2c9139e06d"
expires
Mon, 21 Oct 2024 15:54:42 GMT
last-modified
Mon, 21 Oct 2024 12:28:39 GMT
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8d626d75cc913719-FRA
content-type
text/html; charset=UTF-8
date
Mon, 21 Oct 2024 15:54:41 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://crescent-tail-design.blogspot.com/?id=14
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VANrhs01aBuLzpleCj20a0s2SF0XBIeMeEcTfu8479qypWCW8mCYjCcSehPPCp5rIlBtHxx4TUSRcwgv0XoF1E5dIcAmG7T7swdx6opvxDLH61BI1irxh5Y%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=17716&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4201&recv_bytes=4617&delivery_rate=644&cwnd=12000&unsent_bytes=0&cid=f32e3acba34788f0&ts=675&x=1" cfExtPri cfHdrFlush;dur=0
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
/
nafaxat520hraificom.iceiy.com/
Redirect Chain
  • http://nafaxat520hraificom.iceiy.com/?560154
  • https://nafaxat520hraificom.iceiy.com/?560154
  • http://nafaxat520hraificom.iceiy.com/?560154
847 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://nafaxat520hraificom.iceiy.com/?560154
Requested by
Host: crescent-tail-design.blogspot.com
URL: https://crescent-tail-design.blogspot.com/?id=14
Protocol
HTTP/1.1
Server
185.27.134.215 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
cfb14bbea601faa7a76bfc88122690d7078c570cd7d8799a56715bfd90b69149

Request headers

Referer
https://crescent-tail-design.blogspot.com/?id=14#9aed37271b10c2587b19abff8fdc4647
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache
Connection
keep-alive
Content-Length
847
Content-Type
text/html
Date
Mon, 21 Oct 2024 15:54:42 GMT
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Server
nginx

Redirect headers

Location
http://nafaxat520hraificom.iceiy.com/?560154
Non-Authoritative-Reason
HttpsUpgrades
aes.js
nafaxat520hraificom.iceiy.com/ 		13 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://nafaxat520hraificom.iceiy.com/aes.js
Requested by
Host: nafaxat520hraificom.iceiy.com
URL: http://nafaxat520hraificom.iceiy.com/?560154
Protocol
HTTP/1.1
Server
185.27.134.215 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
http://nafaxat520hraificom.iceiy.com/?560154

Response headers

ETag
"652cbb4f-35a5"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13733
Date
Mon, 21 Oct 2024 15:54:42 GMT
Content-Type
application/javascript
Last-Modified
Mon, 16 Oct 2023 04:25:51 GMT
Server
nginx
/
nafaxat520hraificom.iceiy.com/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://nafaxat520hraificom.iceiy.com/?560154&i=1
Requested by
Host: nafaxat520hraificom.iceiy.com
URL: http://nafaxat520hraificom.iceiy.com/?560154
Protocol
HTTP/1.1
Server
185.27.134.215 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
http://nafaxat520hraificom.iceiy.com/?560154
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=2592000, public, proxy-revalidate
Connection
keep-alive
Content-Length
2802
Content-Type
text/html; charset=UTF-8
Date
Mon, 21 Oct 2024 15:54:42 GMT
ETag
"af2-624fe43f74076"
Expires
Wed, 20 Nov 2024 15:54:42 GMT
Last-Modified
Mon, 21 Oct 2024 15:25:40 GMT
Server
nginx
Primary Request signin.php
dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/
Redirect Chain
  • https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/?webid=759026
  • https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/index.php?status=checked&webid=6cfe9c2b8ed9a762cc7f4d5df4fec7cd9b4c39e3
  • https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f
14 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f
Requested by
Host: nafaxat520hraificom.iceiy.com
URL: http://nafaxat520hraificom.iceiy.com/?560154&i=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.216.248.22 , Germany, ASN47447 (TTM, DE),
Reverse DNS
frontend.lima-city.de
Software
openresty / PHP/8.1.29
Resource Hash
e17cab1e688f8d3177ff043dd8b940f6fe0267b720fc0ef069e611dc4aec4872
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
http://nafaxat520hraificom.iceiy.com/?560154&i=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
2556
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset-UTF-8;charset=UTF-8
date
Mon, 21 Oct 2024 15:54:43 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
openresty
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-lima-id
gafcNos8HrUISghH3n
x-powered-by
PHP/8.1.29

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset-UTF-8;charset=UTF-8
date
Mon, 21 Oct 2024 15:54:43 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
./signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f
pragma
no-cache
server
openresty
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-lima-id
gaR4BMJjEnIPAwWpTp
x-powered-by
PHP/8.1.29
semantic.min.css
cdn.jsdelivr.net/npm/semantic-ui@2.5.0/dist/ 		551 KB
101 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/semantic-ui@2.5.0/dist/semantic.min.css
Requested by
Host: dev-www-factorlink-portalservice-clientid95141.2ix.at
URL: https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
703190dfdc82861a4de6fce01db8c874612d43991713db6db42b08ed547d4ee6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"89aaf-9OgtcMcDm6e7qUui/SpkmOTCs+E"
age
3947489
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Mon, 21 Oct 2024 15:54:44 GMT
content-type
text/css; charset=utf-8
x-served-by
cache-fra-eddf8230054-FRA, cache-mad22030-MAD
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
102922
x-jsd-version
2.5.0
main.css
dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/css/ 		16 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/css/main.css
Requested by
Host: dev-www-factorlink-portalservice-clientid95141.2ix.at
URL: https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.216.248.22 , Germany, ASN47447 (TTM, DE),
Reverse DNS
frontend.lima-city.de
Software
openresty /
Resource Hash
28118021bc40270f688b9645565472c85e0b086aa58db8a75278742c2180fe5f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
cache-control
max-age=2592000
x-lima-id
gaVU5zVE9Fw3oMsBr9
content-encoding
gzip
etag
"40d6-624fe46b7aec0-gzip"
expires
Wed, 20 Nov 2024 15:54:43 GMT
accept-ranges
bytes
content-length
3164
date
Mon, 21 Oct 2024 15:54:43 GMT
content-type
text/css
last-modified
Mon, 21 Oct 2024 15:26:27 GMT
server
openresty
vary
Accept-Encoding
main.js
dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/js/ 		502 KB
157 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/js/main.js
Requested by
Host: dev-www-factorlink-portalservice-clientid95141.2ix.at
URL: https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.216.248.22 , Germany, ASN47447 (TTM, DE),
Reverse DNS
frontend.lima-city.de
Software
openresty /
Resource Hash
9244d24c81c953f8ec9e95a232bdd2295db441d8a911b4497adfb7530b6269f4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
cache-control
max-age=604800
x-lima-id
gaoixp5JvizFcMZGPO
content-encoding
gzip
etag
"7d70a-624fe46b7aec0-gzip"
expires
Mon, 28 Oct 2024 15:54:43 GMT
accept-ranges
bytes
date
Mon, 21 Oct 2024 15:54:43 GMT
content-type
application/javascript
last-modified
Mon, 21 Oct 2024 15:26:27 GMT
server
openresty
vary
Accept-Encoding
push.png
dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/img/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/img/push.png
Requested by
Host: dev-www-factorlink-portalservice-clientid95141.2ix.at
URL: https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.216.248.22 , Germany, ASN47447 (TTM, DE),
Reverse DNS
frontend.lima-city.de
Software
openresty /
Resource Hash
bd065deb862ff7e75fa2914d811903616ce37a28911a22624ed8bc58a4f3e5b2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
cache-control
max-age=2592000
x-lima-id
gaAtlgfmOdnTPjZ1mM
etag
"d53-624fe46b7aec0"
expires
Wed, 20 Nov 2024 15:54:43 GMT
accept-ranges
bytes
content-length
3411
date
Mon, 21 Oct 2024 15:54:43 GMT
content-type
image/png
last-modified
Mon, 21 Oct 2024 15:26:27 GMT
server
openresty
sms.png
dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/img/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/img/sms.png
Requested by
Host: dev-www-factorlink-portalservice-clientid95141.2ix.at
URL: https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.216.248.22 , Germany, ASN47447 (TTM, DE),
Reverse DNS
frontend.lima-city.de
Software
openresty /
Resource Hash
914445d8be882d922cb59bd76d5808f9cf1ce130fd61cf2e26d37bda3c55f8bc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
cache-control
max-age=2592000
x-lima-id
gatnNDahbG56Xhm1wa
etag
"be4-624fe46b7aec0"
expires
Wed, 20 Nov 2024 15:54:43 GMT
accept-ranges
bytes
content-length
3044
date
Mon, 21 Oct 2024 15:54:43 GMT
content-type
image/png
last-modified
Mon, 21 Oct 2024 15:26:27 GMT
server
openresty
lg.png
dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/img/lg.png
Requested by
Host: dev-www-factorlink-portalservice-clientid95141.2ix.at
URL: https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.216.248.22 , Germany, ASN47447 (TTM, DE),
Reverse DNS
frontend.lima-city.de
Software
openresty /
Resource Hash
9fab395935e4b76e71d96bbc1b5bbaf1b95f11ceac19509a17eab8cc4202c51d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
cache-control
max-age=2592000
x-lima-id
gaY0l0zjBSWoROKdUT
etag
"6fc-624fe46b7aec0"
expires
Wed, 20 Nov 2024 15:54:43 GMT
accept-ranges
bytes
content-length
1788
date
Mon, 21 Oct 2024 15:54:43 GMT
content-type
image/png
last-modified
Mon, 21 Oct 2024 15:26:27 GMT
server
openresty
hdng.png
dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/img/hdng.png
Requested by
Host: dev-www-factorlink-portalservice-clientid95141.2ix.at
URL: https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.216.248.22 , Germany, ASN47447 (TTM, DE),
Reverse DNS
frontend.lima-city.de
Software
openresty /
Resource Hash
9604e1e81ebbef563a749ce356dc2a33e91edeb3995e53b2aa3960c68457a2a4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
cache-control
max-age=2592000
x-lima-id
gaDzRKqw0NATZnRgsM
etag
"464-624fe46b7aec0"
expires
Wed, 20 Nov 2024 15:54:43 GMT
accept-ranges
bytes
content-length
1124
date
Mon, 21 Oct 2024 15:54:43 GMT
content-type
image/png
last-modified
Mon, 21 Oct 2024 15:26:27 GMT
server
openresty
css
fonts.googleapis.com/ 		3 KB
944 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/semantic-ui@2.5.0/dist/semantic.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.10 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f10.1e100.net
Software
ESF /
Resource Hash
d52a5150edb54fde546e89151c657cbc4f83edb87452f5cd4662feaa006d5540
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cdn.jsdelivr.net/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 21 Oct 2024 15:54:44 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 21 Oct 2024 15:54:44 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Mon, 21 Oct 2024 15:32:51 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
bg.png
dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/img/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/img/bg.png
Requested by
Host: dev-www-factorlink-portalservice-clientid95141.2ix.at
URL: https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.216.248.22 , Germany, ASN47447 (TTM, DE),
Reverse DNS
frontend.lima-city.de
Software
openresty /
Resource Hash
069464f146f27eba627ca8edb4754609234d2ccd2c29e6baa85a1c1ad2fa3e31
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/css/main.css

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
cache-control
max-age=2592000
x-lima-id
gat8SZHQkXgscmy3At
etag
"19ef-624fe46b7aec0"
expires
Wed, 20 Nov 2024 15:54:44 GMT
accept-ranges
bytes
content-length
6639
date
Mon, 21 Oct 2024 15:54:44 GMT
content-type
image/png
last-modified
Mon, 21 Oct 2024 15:26:27 GMT
server
openresty
flags.png
cdn.jsdelivr.net/npm/semantic-ui@2.5.0/dist/themes/default/assets/images/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.jsdelivr.net/npm/semantic-ui@2.5.0/dist/themes/default/assets/images/flags.png
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/semantic-ui@2.5.0/dist/semantic.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
94d5c7f1661301c4a6dc491d72dd559a0620cd917a826f0df1b023bb96ea9ddd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cdn.jsdelivr.net/npm/semantic-ui@2.5.0/dist/semantic.min.css

Response headers

access-control-expose-headers
*
etag
W/"6ddb-SlUuyxI97VBA3doB1iYQPMZdsFU"
age
2356194
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Mon, 21 Oct 2024 15:54:44 GMT
content-type
image/png
x-served-by
cache-fra-etou8220136-FRA, cache-mad22030-MAD
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
28123
x-jsd-version
2.5.0
truncated
/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5dd216ad75ced5dd6acfb48d1ae11ba66fb373c26da7fc5efbdad9fd1c14f6e3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://dev-www-factorlink-portalservice-clientid95141.2ix.at
Referer

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2bdead0fe52bdb7718f24184b902121e8e0cea26bb70dcd67045976f1cd30ac6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://dev-www-factorlink-portalservice-clientid95141.2ix.at
Referer

Response headers

Content-Type
application/font-woff;charset=utf-8
ico.png
dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/img/ 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/layout/img/ico.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.216.248.22 , Germany, ASN47447 (TTM, DE),
Reverse DNS
frontend.lima-city.de
Software
openresty /
Resource Hash
afe72f6aeade65f8c187f583c1449b383d150a271c91f4ad0ea83720c6c70355
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://dev-www-factorlink-portalservice-clientid95141.2ix.at/webapps/mijn/signin.php?webid=2f491207e1246cbd88ed3b45c4ddc305b53af06f

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
cache-control
max-age=2592000
x-lima-id
gaB6RpWgxV9RCTl0Rk
etag
"686-624fe46b7aec0"
expires
Wed, 20 Nov 2024 15:54:44 GMT
accept-ranges
bytes
content-length
1670
date
Mon, 21 Oct 2024 15:54:44 GMT
content-type
image/png
last-modified
Mon, 21 Oct 2024 15:26:27 GMT
server
openresty

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| Modernizr function| $ function| jQuery string| get string| set

6 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: IDE
Value: AHWqTUmQv15JjRPFKmbqRO9b_l4BYIfcUR84rG4tT1COIk40dzkV_pVm6dTBKETs
ibf.tw/ Name: PHPSESSID
Value: bc0a655bfa38f0639a936e05f7d808bc
nafaxat520hraificom.iceiy.com/ Name: __test
Value: c066506070099cf5620f67471ff577e0
dev-www-factorlink-portalservice-clientid95141.2ix.at/ Name: _lcp
Value: a
dev-www-factorlink-portalservice-clientid95141.2ix.at/ Name: PHPSESSID
Value: 2e3498b4472616db4d3f1cd4ad7de25d
dev-www-factorlink-portalservice-clientid95141.2ix.at/ Name: _lcp2
Value: a

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
cdn.jsdelivr.net
crescent-tail-design.blogspot.com
dev-www-factorlink-portalservice-clientid95141.2ix.at
fonts.googleapis.com
ibf.tw
nafaxat520hraificom.iceiy.com
142.250.185.102
151.101.65.229
172.217.18.1
172.217.18.10
172.67.210.122
185.27.134.215
91.216.248.22
069464f146f27eba627ca8edb4754609234d2ccd2c29e6baa85a1c1ad2fa3e31
28118021bc40270f688b9645565472c85e0b086aa58db8a75278742c2180fe5f
2bdead0fe52bdb7718f24184b902121e8e0cea26bb70dcd67045976f1cd30ac6
5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96
5dd216ad75ced5dd6acfb48d1ae11ba66fb373c26da7fc5efbdad9fd1c14f6e3
703190dfdc82861a4de6fce01db8c874612d43991713db6db42b08ed547d4ee6
914445d8be882d922cb59bd76d5808f9cf1ce130fd61cf2e26d37bda3c55f8bc
9244d24c81c953f8ec9e95a232bdd2295db441d8a911b4497adfb7530b6269f4
94d5c7f1661301c4a6dc491d72dd559a0620cd917a826f0df1b023bb96ea9ddd
9604e1e81ebbef563a749ce356dc2a33e91edeb3995e53b2aa3960c68457a2a4
9fab395935e4b76e71d96bbc1b5bbaf1b95f11ceac19509a17eab8cc4202c51d
afe72f6aeade65f8c187f583c1449b383d150a271c91f4ad0ea83720c6c70355
bd065deb862ff7e75fa2914d811903616ce37a28911a22624ed8bc58a4f3e5b2
cfb14bbea601faa7a76bfc88122690d7078c570cd7d8799a56715bfd90b69149
d52a5150edb54fde546e89151c657cbc4f83edb87452f5cd4662feaa006d5540
e17cab1e688f8d3177ff043dd8b940f6fe0267b720fc0ef069e611dc4aec4872