ingenetix.centraal-onderhoud.eu Open in urlscan Pro
185.250.251.20 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://linksplit.io/rTSRC0h
Effective URL:
https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
Submission: On August 08 via manual (August 8th 2019, 7:57:53 am UTC) from NL

Summary HTTP 13 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 185.250.251.20, located in Germany and belongs to ACCELERATED-IT, DE. The main domain is ingenetix.centraal-onderhoud.eu.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 8th 2019. Valid for: 3 months.

This is the only time ingenetix.centraal-onderhoud.eu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 2	2606:4700:30:... 2606:4700:30::681c:151c	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:f48:2000... 2a00:f48:2000:affe::50	47447 (TTM) (TTM)
12	185.250.251.20 185.250.251.20	31400 (ACCELERAT...) (ACCELERATED-IT)
13	2

2 2606:4700:30::681c:151c (United States) 2 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

linksplit.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:f48:2000:affe::50 (Germany)

ASN47447 (TTM, DE)

maxbwave.12hp.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 185.250.251.20 (Germany)

ASN31400 (ACCELERATED-IT, DE)
PTR: vweb02.mine-host.de

ingenetix.centraal-onderhoud.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	centraal-onderhoud.eu ingenetix.centraal-onderhoud.eu	238 KB
2	linksplit.io 2 redirects linksplit.io	875 B
1	12hp.at maxbwave.12hp.at	379 B
13	3

	Domain	Requested by
12	ingenetix.centraal-onderhoud.eu	ingenetix.centraal-onderhoud.eu
2	linksplit.io	2 redirects
1	maxbwave.12hp.at
13	3

This site contains links to these domains. Also see Links.

Domain
inlogcodes.mijn.ing.nl
aanvragen.ing.nl
www.ing.nl

Subject Issuer	Validity	Valid
maxbwave.12hp.at Let's Encrypt Authority X3	`2019-08-08` - `2019-11-06`	3 months	crt.sh
ingenetix.centraal-onderhoud.eu Let's Encrypt Authority X3	`2019-08-08` - `2019-11-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
Frame ID: 000F6DD4C2B354A8CB31B171A00D31AE
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://linksplit.io/rTSRC0h HTTP 301
https://linksplit.io/rTSRC0h HTTP 302
https://maxbwave.12hp.at/-/rechts.php Page URL
https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/ Page URL

Detected technologies

Lua (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

OpenResty (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Page Statistics

13
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

238 kB
Transfer

243 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://inlogcodes.mijn.ing.nl/particulier/zelf-regelen/instellen/inlogcodes/index.jsp
Title: Gebruikersnaam of wachtwoord vergeten?

Search URL Search Domain Scan URL

URL: https://aanvragen.ing.nl/particulier/aanvragen/aanvraagframe.html
Title: Mijn ING aanvragen

Search URL Search Domain Scan URL

URL: https://www.ing.nl/particulier/klantenservice/index.html
Title: Contact met ING

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://linksplit.io/rTSRC0h HTTP 301
https://linksplit.io/rTSRC0h HTTP 302
https://maxbwave.12hp.at/-/rechts.php Page URL
https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://linksplit.io/rTSRC0h HTTP 301
https://linksplit.io/rTSRC0h HTTP 302
https://maxbwave.12hp.at/-/rechts.php

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

rechts.php Show response
maxbwave.12hp.at/-/
Redirect Chain

http://linksplit.io/rTSRC0h
https://linksplit.io/rTSRC0h
https://maxbwave.12hp.at/-/rechts.php

59 B
379 B

76ms
48ms

Document
text/html

2a00:f48:2000:affe::50
TTM

General

Check archive.org

Show headers Download Go to

Full URL

https://maxbwave.12hp.at/-/rechts.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a00:f48:2000:affe::50 , Germany, ASN47447 (TTM, DE),

Reverse DNS

Software

openresty / PHP/7.1.29

Resource Hash

b90e10d7180b7429755bc1da73e716f93d3343e6f3e933ad905c9ef0b555f700

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

:method: GET
:authority: maxbwave.12hp.at
:scheme: https
:path: /-/rechts.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
server: openresty
date: Thu, 08 Aug 2019 07:57:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding Accept-Encoding
x-lima-id: ar5E5YNRZJUwHRi3pc
set-cookie: _lcp=a; Path=/; expires=Mon Mar 20 2034 13:02:58
content-security-policy: upgrade-insecure-requests
x-powered-by: PHP/7.1.29
refresh: 0.85;url=https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
content-encoding: gzip

Redirect headers

status: 302
date: Thu, 08 Aug 2019 07:57:38 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=deabc5618050e2145f6bc60bb01d310741565251058; expires=Fri, 07-Aug-20 07:57:38 GMT; path=/; domain=.linksplit.io; HttpOnly; Secure connect.sid=s%3AvYHYVsUlRkF0STi2WapfrxfRYiaVwhyY.9rMfNWbwVTqBERS605QDHpd9G8ECoH74eMaYbQq32Yg; Path=/; HttpOnly
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-robots-tag: none
location: https://maxbwave.12hp.at/-/rechts.php
vary: Accept, Accept-Encoding
via: 1.1 vegur
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 502ff0c92df6dfb7-FRA

GET
H2 200 Primary Request / Show response
ingenetix.centraal-onderhoud.eu/VChxj47dhsx/ 10 KB
3 KB 105ms
49ms Document
text/html 185.250.251.20
ACCELERATED-IT

General

Check archive.org

Show headers Download Go to

Full URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.250.251.20 , Germany, ASN31400 (ACCELERATED-IT, DE),
Reverse DNS: vweb02.mine-host.de
Software: nginx / PHP/7.2.21 PleskLin
Resource Hash: 4022271930d079acbbf85b25ee337d77605cb3f55fc15eb14d0e3c3fefd1c99e

Request headers

:method: GET
:authority: ingenetix.centraal-onderhoud.eu
:scheme: https
:path: /VChxj47dhsx/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://maxbwave.12hp.at/-/rechts.php
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Referer: https://maxbwave.12hp.at/-/rechts.php

Response headers

status: 200
server: nginx
date: Thu, 08 Aug 2019 07:57:39 GMT
content-type: text/html; charset=UTF-8
content-length: 2959
x-powered-by: PHP/7.2.21 PleskLin
vary: Accept-Encoding
content-encoding: gzip
x-cache-status: BYPASS

GET
H2 200 jsq.js Show response
ingenetix.centraal-onderhoud.eu/VChxj47dhsx/ 111 KB
112 KB 66ms
65ms Script
application/javascript 185.250.251.20
ACCELERATED-IT

General

Check archive.org

Show headers Download Go to

Full URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/jsq.js
Requested by: Host: ingenetix.centraal-onderhoud.eu
URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.250.251.20 , Germany, ASN31400 (ACCELERATED-IT, DE),
Reverse DNS: vweb02.mine-host.de
Software: nginx / PleskLin
Resource Hash: 71345e7c99ee0f1cadbc1d9c778e97195c6859d5ba04ef931f306b06aa2ba683

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 08 Aug 2019 07:57:39 GMT
etag: "5d4ba7c0-1bdba"
last-modified: Thu, 08 Aug 2019 04:40:32 GMT
server: nginx
x-powered-by: PleskLin
x-cache-status: BYPASS
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 114106

GET
H2 200 ing-logo.svg
ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/img/ 11 KB
12 KB 91ms
90ms Image
image/svg+xml 185.250.251.20
ACCELERATED-IT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/img/ing-logo.svg
Requested by: Host: ingenetix.centraal-onderhoud.eu
URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.250.251.20 , Germany, ASN31400 (ACCELERATED-IT, DE),
Reverse DNS: vweb02.mine-host.de
Software: nginx / PleskLin
Resource Hash: 84a60ca3b0ec180e3295696847244027db35fc8bd6f3c4919efcb0bdfa01d87a

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 08 Aug 2019 07:57:39 GMT
etag: "5d4ba7d1-2de2"
last-modified: Thu, 08 Aug 2019 04:40:49 GMT
server: nginx
x-powered-by: PleskLin
x-cache-status: BYPASS
content-type: image/svg+xml
status: 200
accept-ranges: bytes
content-length: 11746

GET
H2 200 alert-error.svg
ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/img/ 623 B
816 B 91ms
90ms Image
image/svg+xml 185.250.251.20
ACCELERATED-IT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/img/alert-error.svg
Requested by: Host: ingenetix.centraal-onderhoud.eu
URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.250.251.20 , Germany, ASN31400 (ACCELERATED-IT, DE),
Reverse DNS: vweb02.mine-host.de
Software: nginx / PleskLin
Resource Hash: 403237e689dc78baa222a8d6cb6e3455d49c6dcef78391657e52f4161ee3da36

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 08 Aug 2019 07:57:39 GMT
etag: "26f-58f93a96b78f3"
last-modified: Thu, 08 Aug 2019 04:40:48 GMT
server: nginx
x-powered-by: PleskLin
x-cache-status: BYPASS
content-type: image/svg+xml
status: 200
x-accel-version: 0.01
accept-ranges: bytes
content-length: 623

GET
H2 200 checkbox.svg
ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/img/ 281 B
474 B 37ms
37ms Image
image/svg+xml 185.250.251.20
ACCELERATED-IT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/img/checkbox.svg
Requested by: Host: ingenetix.centraal-onderhoud.eu
URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.250.251.20 , Germany, ASN31400 (ACCELERATED-IT, DE),
Reverse DNS: vweb02.mine-host.de
Software: nginx / PleskLin
Resource Hash: e86ba4f8dd6a82f423fbc44a456b3849eab753d9cee1057159093b9005ecb711

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 08 Aug 2019 07:57:39 GMT
etag: "119-58f93a96faf0f"
last-modified: Thu, 08 Aug 2019 04:40:49 GMT
server: nginx
x-powered-by: PleskLin
x-cache-status: BYPASS
content-type: image/svg+xml
status: 200
x-accel-version: 0.01
accept-ranges: bytes
content-length: 281

GET
H2 200 arrow-chevron-open-right.svg
ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/img/ 366 B
559 B 37ms
36ms Image
image/svg+xml 185.250.251.20
ACCELERATED-IT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/img/arrow-chevron-open-right.svg
Requested by: Host: ingenetix.centraal-onderhoud.eu
URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.250.251.20 , Germany, ASN31400 (ACCELERATED-IT, DE),
Reverse DNS: vweb02.mine-host.de
Software: nginx / PleskLin
Resource Hash: c40c32284db736cf15432a4da1684b391bb82d244589b2001f83a4cbd8e984bb

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 08 Aug 2019 07:57:39 GMT
etag: "16e-58f93a96e0930"
last-modified: Thu, 08 Aug 2019 04:40:49 GMT
server: nginx
x-powered-by: PleskLin
x-cache-status: BYPASS
content-type: image/svg+xml
status: 200
x-accel-version: 0.01
accept-ranges: bytes
content-length: 366

GET
H2 200 menu-close.svg
ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/img/ 348 B
541 B 50ms
49ms Image
image/svg+xml 185.250.251.20
ACCELERATED-IT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/img/menu-close.svg
Requested by: Host: ingenetix.centraal-onderhoud.eu
URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.250.251.20 , Germany, ASN31400 (ACCELERATED-IT, DE),
Reverse DNS: vweb02.mine-host.de
Software: nginx / PleskLin
Resource Hash: 9030f83b22e9a96c2aafff1a3abfdd4ffd0cffa31e1748df717d84282fba82b5

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 08 Aug 2019 07:57:39 GMT
etag: "15c-58f93a974910a"
last-modified: Thu, 08 Aug 2019 04:40:49 GMT
server: nginx
x-powered-by: PleskLin
x-cache-status: BYPASS
content-type: image/svg+xml
status: 200
x-accel-version: 0.01
accept-ranges: bytes
content-length: 348

GET
H2 200 illustratie_algemenestoring.png
ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/img/ 14 KB
15 KB 66ms
66ms Image
image/png 185.250.251.20
ACCELERATED-IT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/img/illustratie_algemenestoring.png
Requested by: Host: ingenetix.centraal-onderhoud.eu
URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.250.251.20 , Germany, ASN31400 (ACCELERATED-IT, DE),
Reverse DNS: vweb02.mine-host.de
Software: nginx / PleskLin
Resource Hash: 1e932fd1c21334067f030f29d277be08c51604c49d3dffe1600b891fceae4e3f

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 08 Aug 2019 07:57:39 GMT
etag: "5d4ba7d1-39b0"
last-modified: Thu, 08 Aug 2019 04:40:49 GMT
server: nginx
x-powered-by: PleskLin
x-cache-status: BYPASS
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 14768

GET
H2 200 base.css
ingenetix.centraal-onderhoud.eu/VChxj47dhsx/ 15 KB
15 KB 41ms
40ms Stylesheet
text/css 185.250.251.20
ACCELERATED-IT

General

Check archive.org

Show headers Download Go to

Full URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/base.css
Requested by: Host: ingenetix.centraal-onderhoud.eu
URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.250.251.20 , Germany, ASN31400 (ACCELERATED-IT, DE),
Reverse DNS: vweb02.mine-host.de
Software: nginx / PleskLin
Resource Hash: 83fd226ddbc6ab7a502849918dc525f5cd4a2c3d63711ffe9c08570d535bead9

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 08 Aug 2019 07:57:39 GMT
etag: "5d4ba7c1-3a1a"
last-modified: Thu, 08 Aug 2019 04:40:33 GMT
server: nginx
x-powered-by: PleskLin
x-cache-status: BYPASS
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 14874

GET
H2 200 811383197.svg
ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/img/ 21 KB
21 KB 38ms
38ms Image
image/svg+xml 185.250.251.20
ACCELERATED-IT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/img/811383197.svg
Requested by: Host: ingenetix.centraal-onderhoud.eu
URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.250.251.20 , Germany, ASN31400 (ACCELERATED-IT, DE),
Reverse DNS: vweb02.mine-host.de
Software: nginx / PleskLin
Resource Hash: 3e5c9215408174cff78c491ad0cd933f2cf7c21bdaf61d71abac85e49f901fd2

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/base.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 08 Aug 2019 07:57:39 GMT
etag: "5d4ba7d0-5346"
last-modified: Thu, 08 Aug 2019 04:40:48 GMT
server: nginx
x-powered-by: PleskLin
x-cache-status: BYPASS
content-type: image/svg+xml
status: 200
accept-ranges: bytes
content-length: 21318

GET
H2 200 1224525800.woff2
ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/fonts/ 30 KB
30 KB 46ms
46ms Font
application/octet-stream 185.250.251.20
ACCELERATED-IT

General

Check archive.org

Show headers Download Go to

Full URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/fonts/1224525800.woff2
Requested by: Host: ingenetix.centraal-onderhoud.eu
URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.250.251.20 , Germany, ASN31400 (ACCELERATED-IT, DE),
Reverse DNS: vweb02.mine-host.de
Software: nginx / PleskLin
Resource Hash: 3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e

Request headers

Sec-Fetch-Mode: cors
Referer: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/base.css
Origin: https://ingenetix.centraal-onderhoud.eu
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 08 Aug 2019 07:57:39 GMT
etag: "5d4ba7ce-76f8"
last-modified: Thu, 08 Aug 2019 04:40:46 GMT
server: nginx
x-powered-by: PleskLin
x-cache-status: BYPASS
content-type: application/octet-stream
status: 200
accept-ranges: bytes
content-length: 30456

GET
H2 200 _388920554.woff2
ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/fonts/ 29 KB
29 KB 70ms
70ms Font
application/octet-stream 185.250.251.20
ACCELERATED-IT

General

Check archive.org

Show headers Download Go to

Full URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/css/fonts/_388920554.woff2
Requested by: Host: ingenetix.centraal-onderhoud.eu
URL: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.250.251.20 , Germany, ASN31400 (ACCELERATED-IT, DE),
Reverse DNS: vweb02.mine-host.de
Software: nginx / PleskLin
Resource Hash: f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155

Request headers

Sec-Fetch-Mode: cors
Referer: https://ingenetix.centraal-onderhoud.eu/VChxj47dhsx/base.css
Origin: https://ingenetix.centraal-onderhoud.eu
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 08 Aug 2019 07:57:39 GMT
etag: "5d4ba7d0-73b0"
last-modified: Thu, 08 Aug 2019 04:40:48 GMT
server: nginx
x-powered-by: PleskLin
x-cache-status: BYPASS
content-type: application/octet-stream
status: 200
accept-ranges: bytes
content-length: 29616

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ingenetix.centraal-onderhoud.eu
linksplit.io
maxbwave.12hp.at
185.250.251.20
2606:4700:30::681c:151c
2a00:f48:2000:affe::50
1e932fd1c21334067f030f29d277be08c51604c49d3dffe1600b891fceae4e3f
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
3e5c9215408174cff78c491ad0cd933f2cf7c21bdaf61d71abac85e49f901fd2
4022271930d079acbbf85b25ee337d77605cb3f55fc15eb14d0e3c3fefd1c99e
403237e689dc78baa222a8d6cb6e3455d49c6dcef78391657e52f4161ee3da36
71345e7c99ee0f1cadbc1d9c778e97195c6859d5ba04ef931f306b06aa2ba683
83fd226ddbc6ab7a502849918dc525f5cd4a2c3d63711ffe9c08570d535bead9
84a60ca3b0ec180e3295696847244027db35fc8bd6f3c4919efcb0bdfa01d87a
9030f83b22e9a96c2aafff1a3abfdd4ffd0cffa31e1748df717d84282fba82b5
b90e10d7180b7429755bc1da73e716f93d3343e6f3e933ad905c9ef0b555f700
c40c32284db736cf15432a4da1684b391bb82d244589b2001f83a4cbd8e984bb
e86ba4f8dd6a82f423fbc44a456b3849eab753d9cee1057159093b9005ecb711
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155

ingenetix.centraal-onderhoud.eu Open in urlscan Pro 185.250.251.20 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

238 kBTransfer

243 kBSize

0 Cookies

3 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

ingenetix.centraal-onderhoud.eu Open in urlscan Pro
185.250.251.20 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

238 kB
Transfer

243 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!