ing-esdirecting.pro
Open in
urlscan Pro
104.219.248.46
Malicious Activity!
Public Scan
Effective URL: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
Submission Tags: 7062162
Submission: On April 08 via api from NL
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 6th 2021. Valid for: a year.
This is the only time ing-esdirecting.pro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ING Group (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 104.219.248.46 104.219.248.46 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 2606:4700::68... 2606:4700::6810:135e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a0b:4d07:102::1 2a0b:4d07:102::1 | 44239 (PROINITY ...) (PROINITY PROINITY) | |
1 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:813::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700::68... 2606:4700::6812:1734 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 3 | 193.41.234.21 193.41.234.21 | 16289 (ING-DIREC...) (ING-DIRECT-SPAIN) | |
4 | 2606:4700:e6:... 2606:4700:e6::ac40:ca1c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
20 | 9 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server139-2.web-hosting.com
ing-esdirecting.pro |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
ing-esdirecting.pro
ing-esdirecting.pro |
22 KB |
5 |
fontawesome.com
kit.fontawesome.com ka-f.fontawesome.com |
112 KB |
3 |
ingdirect.es
1 redirects
ing.ingdirect.es |
6 KB |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
18 KB |
1 |
kxcdn.com
icono-49d6.kxcdn.com |
7 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
6 KB |
20 | 7 |
Domain | Requested by | |
---|---|---|
7 | ing-esdirecting.pro |
ing-esdirecting.pro
|
4 | ka-f.fontawesome.com |
kit.fontawesome.com
ing-esdirecting.pro |
3 | ing.ingdirect.es |
1 redirects
ing-esdirecting.pro
|
1 | kit.fontawesome.com |
ing-esdirecting.pro
|
1 | ajax.googleapis.com |
ing-esdirecting.pro
|
1 | maxcdn.bootstrapcdn.com |
ing-esdirecting.pro
|
1 | icono-49d6.kxcdn.com |
ing-esdirecting.pro
|
1 | cdnjs.cloudflare.com |
ing-esdirecting.pro
|
20 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ing-esdirecting.pro Sectigo RSA Domain Validation Secure Server CA |
2021-04-06 - 2022-04-06 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
*.kxcdn.com Thawte RSA CA 2018 |
2019-07-04 - 2021-09-01 |
2 years | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-03-16 - 2021-06-08 |
3 months | crt.sh |
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2020-11-13 - 2021-12-14 |
a year | crt.sh |
ing.ingdirect.es DigiCert SHA2 Extended Validation Server CA |
2020-07-09 - 2022-07-10 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
Frame ID: B958DAEC1C6C01128AD8E6B9744F9C9E
Requests: 20 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://ing-esdirecting.pro/r4/ Page URL
- https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683 Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
LiteSpeed (Web Servers) Expand
Detected patterns
- headers server /^LiteSpeed$/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
- html /<script[^>]* src=[^>]+fontawesome(?:\.js)?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://ing-esdirecting.pro/r4/ Page URL
- https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 10- https://ing.ingdirect.es/pfm/assets/images/norton-logo.png HTTP 302
- https://ing.ingdirect.es/pfm/
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
ing-esdirecting.pro/r4/ |
271 B 502 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
tarjeta.php
ing-esdirecting.pro/r4/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
30 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
navbar.css
ing-esdirecting.pro/r4/App/css/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
body.css
ing-esdirecting.pro/r4/App/css/ |
1 KB 650 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icono.min.css
icono-49d6.kxcdn.com/ |
42 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ |
141 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9870a60e4f.js
kit.fontawesome.com/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
val_login.js
ing-esdirecting.pro/r4/App/js/ |
2 KB 463 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logoING.svg
ing-esdirecting.pro/r4/App/img/ |
33 KB 12 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
ing.ingdirect.es/pfm/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LogoDNIE-trazado.svg
ing.ingdirect.es/pfm/assets/images/ |
13 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footerbanner.png
ing-esdirecting.pro/r4/App/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v5.15.3/css/ |
59 KB 13 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.3/css/ |
26 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
banner-login_1164x300.jpg
ing-esdirecting.pro/r4/App/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
button-loading-dark.gif
ing-esdirecting.pro/r4/App/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-fa-regular-400.woff2
ka-f.fontawesome.com/releases/v5.15.3/webfonts/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v5.15.3/webfonts/ |
76 KB 77 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ing-esdirecting.pro
- URL
- https://ing-esdirecting.pro/r4/App/img/banner-login_1164x300.jpg
- Domain
- ing-esdirecting.pro
- URL
- https://ing-esdirecting.pro/r4/App/img/button-loading-dark.gif
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ING Group (Banking)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| FontAwesomeKitConfig1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ing-esdirecting.pro/ | Name: PHPSESSID Value: 8adb6cc7b5b3ad85c2fbeab1509af254 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdnjs.cloudflare.com
icono-49d6.kxcdn.com
ing-esdirecting.pro
ing.ingdirect.es
ka-f.fontawesome.com
kit.fontawesome.com
maxcdn.bootstrapcdn.com
ing-esdirecting.pro
104.219.248.46
193.41.234.21
2606:4700::6810:135e
2606:4700::6812:1734
2606:4700::6812:acf
2606:4700:e6::ac40:ca1c
2a00:1450:4001:813::200a
2a0b:4d07:102::1
065eb3954b9ea8584f535ede5b5c563383c3b40e4e0344f75a02c4bf3200314b
0c7cb491aa1516c16026e2ddcb8662110085f3cb5cb64d0270b69c62b39343ec
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1690020f86bda391cb6005e4b96cb0cc4a82f0c8536b8a91e5ce7fd8dc2be4fb
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
362daeaf1f7e05fee9a609e549f148aacbe518c166fbd96ead69057e295742af
546f7d8b5ad8e3f1382d3654cdd5c99b2596dd3c5f756bedba1b4e1b9d6826ee
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
89eccdaee2732ee9dfe7315eb218088bfe9e7e119a866b7997fa380599a5f83d
9ef40c2f4aa313c34aab4474e8939b68fb79ff687179486d99db8d8d8427db4d
adccb506cd605e83c77b54a2f8cc3788ca564aaf3e479a0904ff6007416883a9
af5eb7b630394e61de5d229bb59017bdc45a126a23ecab83012fbd66d1c5332f
b3e7a746100e97655b71495bb0fa83bbcc3f4ded049cd5a36638923c9e75cb09
c2819ca1f7ad1af7ba53c4edfdfd395c547bcb16d29892a234d7860c689ed929
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f397092cf73336318795755fd359194072438816835d2cd3a2d01948db7a0d1f
f3efc08ac2c0a7a9c082d3dd21598b822afea0fa8014530b56f5a0bd8c110fac
f4948dbf00f11bc77beb2b6c5ce4364ba0d8aa73594f969bd525954dc6bca73e