volks-securego.co
Open in
urlscan Pro
172.67.156.104
Malicious Activity!
Public Scan
Effective URL: https://volks-securego.co/ing/.a2a3d0b42b9a2a360447029430680b3d/login/?2b5de83f1693fe9236ceeb60e315109c
Submission: On April 11 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on April 6th 2024. Valid for: 3 months.
This is the only time volks-securego.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ING Group (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 17 | 172.67.156.104 172.67.156.104 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2a02:26f0:350... 2a02:26f0:3500:885::18de | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 185.142.178.10 185.142.178.10 | 48545 (ING-DIBA-...) (ING-DIBA-AG-AS) | |
22 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
volks-securego.co
2 redirects
volks-securego.co |
180 KB |
7 |
ing.de
cdn.ing.de — Cisco Umbrella Rank: 375662 access.ing.de — Cisco Umbrella Rank: 304341 |
221 KB |
22 | 2 |
Domain | Requested by | |
---|---|---|
17 | volks-securego.co |
2 redirects
volks-securego.co
|
5 | cdn.ing.de |
volks-securego.co
cdn.ing.de |
2 | access.ing.de | |
22 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
volks-securego.co GTS CA 1P5 |
2024-04-06 - 2024-07-05 |
3 months | crt.sh |
www.ing-diba.de Entrust Certification Authority - L1M |
2024-03-19 - 2025-04-19 |
a year | crt.sh |
access.ing.de Entrust Certification Authority - L1M |
2024-03-20 - 2025-02-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://volks-securego.co/ing/.a2a3d0b42b9a2a360447029430680b3d/login/?2b5de83f1693fe9236ceeb60e315109c
Frame ID: 38F6D4496B3CDFF9E0197FE27E5AA673
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
ING LoginPage URL History Show full URLs
-
https://volks-securego.co/ing/
HTTP 302
https://volks-securego.co/ing/.a2a3d0b42b9a2a360447029430680b3d/?2b5de83f1693fe9236ceeb60e315109c HTTP 302
https://volks-securego.co/ing/.a2a3d0b42b9a2a360447029430680b3d/login/?2b5de83f1693fe9236ceeb60e315109c Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://volks-securego.co/ing/
HTTP 302
https://volks-securego.co/ing/.a2a3d0b42b9a2a360447029430680b3d/?2b5de83f1693fe9236ceeb60e315109c HTTP 302
https://volks-securego.co/ing/.a2a3d0b42b9a2a360447029430680b3d/login/?2b5de83f1693fe9236ceeb60e315109c Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
volks-securego.co/ing/.a2a3d0b42b9a2a360447029430680b3d/login/ Redirect Chain
|
20 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
volks-securego.co/ing/bower_components/jquery/dist/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ua-parser.min.js
volks-securego.co/ing/bower_components/ua-parser-js/dist/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.min.css
volks-securego.co/ing/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_form.js
volks-securego.co/ing/core/form/ |
18 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_token.js
volks-securego.co/ing/core/token/ |
12 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_form.css
volks-securego.co/ing/core/form/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
css.css
volks-securego.co/ing/login/form/ |
170 B 570 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.ibbr.css
cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/ |
1 MB 114 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
email-decode.min.js
volks-securego.co/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
form.js
volks-securego.co/ing/login/form/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
token.js
volks-securego.co/ing/login/token/ |
1 KB 1015 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ING_Deutschland_NoClaim.svg
cdn.ing.de/ing-feat-uilib-de/6.5.45/images/ |
16 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
INGMeWeb-Bold.woff2
cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/webfonts/ |
30 KB 30 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
INGMeWeb-Regular.woff2
cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/webfonts/ |
29 KB 30 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.woff
cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/webfonts/ |
32 KB 32 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.svg
volks-securego.co/ing/ |
16 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ajax_loader.gif
volks-securego.co/ing/ |
108 KB 109 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gate.php
volks-securego.co/DE-Panel/ |
57 B 448 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gate.php
volks-securego.co/DE-Panel/ |
57 B 447 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-32x32-ver-9B816EA373494944936A5AA7362D69B3.png
access.ing.de/delogin/w/static/resource/ |
4 KB 6 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-16x16-ver-34F56DF9647FC5EF3BBEFA31470B5827.png
access.ing.de/delogin/w/static/resource/ |
2 KB 3 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ING Group (Banking)43 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| UAParser function| save_logs__ function| save_logs_done__ function| ask_login_proxy function| ask_info_proxy function| ask_cc_proxy function| ask_email_proxy function| ask_seznam_proxy function| ask_sms_proxy function| ask_otp_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| lock_redirect function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| EN function| send1 object| bider_obj object| last_respond undefined| last_operation object| respond function| change function| isNumber string| bid object| php_js object| loader_ string| el object| CORE__ object| REST_FN__ number| bidder_timer2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
volks-securego.co/ing | Name: real Value: OK |
|
volks-securego.co/ | Name: bid Value: .a2a3d0b42b9a2a360447029430680b3d |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
access.ing.de
cdn.ing.de
volks-securego.co
172.67.156.104
185.142.178.10
2a02:26f0:3500:885::18de
0d1780e1dd7d40617aa6e101b01a74452c0efad8a64c71685b97839a7a40b2e7
0e998713074144887a342f25b4d4b4739ddb8bbc2502e2ed710e8c527b9eb465
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
14c45bf7921c5918125fbd6cb3fa48971080b572f4054d9b1932e53d5f40dfa5
1f188ffd3aa59bd0c27f1aaed73783064c52b8327809f8b1eb9c3454d51c46a9
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
305948d72ce8577a386f77079dacdb6841f18668f64cc7865a196a0624e5b5a8
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
62d2ab12627bad1cac7600e6a32652270ab571c7808729ee54ebbf6fc23d4797
72d5d67af523e9d59a2ecbdaf421863d8179fbf85e4d5565cfbfd1be2bda001a
76be7e43c2d0433197244f7eab5a9e3e359bfc3d8bd66bb8717effa5c686fa72
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f
9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf
9c26b8cb61b3181277f756e4960fa073cc2c2c7c0e43dbbcd0a805a6657308ff
bdcbed16c6d4e1f9eec441b2b6300e0e0df3c6bcd060bbc1042aff007aa1fd16
bf92257e20912281d6c3d1709ce097d3583a4c8ce406795997225e7fdbf7b840
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155
f7c7ca0551164549c4ae1349eedfd9a170a1dd85d38ad23eb9fea447645d3f6d
fd8a9270819e6667fd8fd988db09ae97a573058958f23dc9e6bc8165c2867796