ing-esdirecting.pro Open in urlscan Pro
104.219.248.46 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ing-esdirecting.pro/r4/
Effective URL:
https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
Submission Tags: 7062162
Submission: On April 08 via api (April 8th 2021, 9:09:01 am UTC) from NL

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 4 countries across 7 domains to perform 20 HTTP transactions. The main IP is 104.219.248.46, located in United States and belongs to NAMECHEAP-NET, US. The main domain is ing-esdirecting.pro.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 6th 2021. Valid for: a year.

This is the only time ing-esdirecting.pro was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

	IP Address	AS Autonomous System
7	104.219.248.46 104.219.248.46	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1734	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	193.41.234.21 193.41.234.21	16289 (ING-DIREC...) (ING-DIRECT-SPAIN)
4	2606:4700:e6:... 2606:4700:e6::ac40:ca1c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	9

7 104.219.248.46 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: server139-2.web-hosting.com

ing-esdirecting.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

icono-49d6.kxcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 193.41.234.21 (Spain) 1 redirects

ASN16289 (ING-DIRECT-SPAIN, ES)

ing.ingdirect.es	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:e6::ac40:ca1c (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	ing-esdirecting.pro ing-esdirecting.pro	22 KB
5	fontawesome.com kit.fontawesome.com ka-f.fontawesome.com	112 KB
3	ingdirect.es 1 redirects ing.ingdirect.es	6 KB
1	googleapis.com ajax.googleapis.com	30 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	18 KB
1	kxcdn.com icono-49d6.kxcdn.com	7 KB
1	cloudflare.com cdnjs.cloudflare.com	6 KB
20	7

	Domain	Requested by
7	ing-esdirecting.pro	ing-esdirecting.pro
4	ka-f.fontawesome.com	kit.fontawesome.com ing-esdirecting.pro
3	ing.ingdirect.es	1 redirects ing-esdirecting.pro
1	kit.fontawesome.com	ing-esdirecting.pro
1	ajax.googleapis.com	ing-esdirecting.pro
1	maxcdn.bootstrapcdn.com	ing-esdirecting.pro
1	icono-49d6.kxcdn.com	ing-esdirecting.pro
1	cdnjs.cloudflare.com	ing-esdirecting.pro
20	8

This site contains no links.

Subject Issuer	Validity	Valid
ing-esdirecting.pro Sectigo RSA Domain Validation Secure Server CA	`2021-04-06` - `2022-04-06`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-21` - `2021-10-20`	a year	crt.sh
*.kxcdn.com Thawte RSA CA 2018	`2019-07-04` - `2021-09-01`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-13` - `2021-12-14`	a year	crt.sh
ing.ingdirect.es DigiCert SHA2 Extended Validation Server CA	`2020-07-09` - `2022-07-10`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
Frame ID: B958DAEC1C6C01128AD8E6B9744F9C9E
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://ing-esdirecting.pro/r4/ Page URL
https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683 Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
html /<script[^>]* src=[^>]+fontawesome(?:\.js)?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

20
Requests

90 %
HTTPS

75 %
IPv6

7
Domains

8
Subdomains

9
IPs

4
Countries

201 kB
Transfer

548 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ing-esdirecting.pro/r4/ Page URL
https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://ing.ingdirect.es/pfm/assets/images/norton-logo.png HTTP 302
https://ing.ingdirect.es/pfm/

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
ing-esdirecting.pro/r4/ 271 B
502 B 622ms
211ms Document
text/html 104.219.248.46
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ing-esdirecting.pro/r4/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.219.248.46 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server139-2.web-hosting.com
Software: LiteSpeed / PHP/7.2.34
Resource Hash: 1690020f86bda391cb6005e4b96cb0cc4a82f0c8536b8a91e5ce7fd8dc2be4fb

Request headers

:method: GET
:authority: ing-esdirecting.pro
:scheme: https
:path: /r4/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-powered-by: PHP/7.2.34
set-cookie: PHPSESSID=8adb6cc7b5b3ad85c2fbeab1509af254; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset-UTF-8;charset=UTF-8
content-length: 166
content-encoding: br
vary: Accept-Encoding
date: Thu, 08 Apr 2021 09:08:44 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed

GET
H2 200 Primary Request tarjeta.php Show response
ing-esdirecting.pro/r4/ 4 KB
2 KB 240ms
240ms Document
text/html 104.219.248.46
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
Requested by: Host: ing-esdirecting.pro
URL: https://ing-esdirecting.pro/r4/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.219.248.46 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server139-2.web-hosting.com
Software: LiteSpeed / PHP/7.2.34
Resource Hash: 9ef40c2f4aa313c34aab4474e8939b68fb79ff687179486d99db8d8d8427db4d

Request headers

:method: GET
:authority: ing-esdirecting.pro
:scheme: https
:path: /r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://ing-esdirecting.pro/r4/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PHPSESSID=8adb6cc7b5b3ad85c2fbeab1509af254
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ing-esdirecting.pro/r4/

Response headers

x-powered-by: PHP/7.2.34
content-type: text/html; charset=UTF-8
content-length: 1764
content-encoding: br
vary: Accept-Encoding
date: Thu, 08 Apr 2021 09:08:44 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 15ms
13ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: ing-esdirecting.pro
URL: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://ing-esdirecting.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Apr 2021 09:08:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 1784312
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5631
cf-request-id: 095256c78900002c3691918000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8ylW5s%2Fkh6OoDeGKj3KBQ2fH4Djnz94IavmtLSC4YbrraAy6SKH%2F4DFsW5PQYLKT5%2FWtaiaIxhJDYyL9E%2F474M7cVqwLnQYpeQqhnB8oDbWsQ4pLZ%2B3O8rFswRu%2FmY7BeA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 63ca5a527f732c36-FRA
expires: Tue, 29 Mar 2022 09:08:44 GMT

GET
H2 200 navbar.css
ing-esdirecting.pro/r4/App/css/ 6 KB
2 KB 196ms
195ms Stylesheet
text/css 104.219.248.46
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ing-esdirecting.pro/r4/App/css/navbar.css
Requested by: Host: ing-esdirecting.pro
URL: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.219.248.46 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server139-2.web-hosting.com
Software: LiteSpeed /
Resource Hash: f4948dbf00f11bc77beb2b6c5ce4364ba0d8aa73594f969bd525954dc6bca73e

Request headers

Referer: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Apr 2021 09:08:44 GMT
content-encoding: br
last-modified: Mon, 01 Jul 2019 07:44:40 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 1474
expires: Thu, 15 Apr 2021 09:08:44 GMT

GET
H2 200 body.css
ing-esdirecting.pro/r4/App/css/ 1 KB
650 B 197ms
196ms Stylesheet
text/css 104.219.248.46
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ing-esdirecting.pro/r4/App/css/body.css
Requested by: Host: ing-esdirecting.pro
URL: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.219.248.46 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server139-2.web-hosting.com
Software: LiteSpeed /
Resource Hash: b3e7a746100e97655b71495bb0fa83bbcc3f4ded049cd5a36638923c9e75cb09

Request headers

Referer: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Apr 2021 09:08:44 GMT
content-encoding: br
last-modified: Mon, 01 Jul 2019 07:00:46 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 421
expires: Thu, 15 Apr 2021 09:08:44 GMT

GET
H2 200 icono.min.css
icono-49d6.kxcdn.com/ 42 KB
7 KB 54ms
7ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://icono-49d6.kxcdn.com/icono.min.css
Requested by: Host: ing-esdirecting.pro
URL: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: af5eb7b630394e61de5d229bb59017bdc45a126a23ecab83012fbd66d1c5332f

Request headers

Referer: https://ing-esdirecting.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Apr 2021 09:08:44 GMT
content-encoding: br
last-modified: Tue, 11 Oct 2016 16:43:52 GMT
server: keycdn-engine
x-edge-location: defr
etag: W/"57fd16c8-a90a"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
access-control-allow-headers: *
expires: Thu, 15 Apr 2021 09:08:44 GMT

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 141 KB
18 KB 26ms
24ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

Requested by

Host: ing-esdirecting.pro
URL: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://ing-esdirecting.pro
Referer: https://ing-esdirecting.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Apr 2021 09:08:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 1018
cdn-cachedat: 2021-04-07 13:41:51
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 095256c78a00004e1f649cf000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: e6170edbe70b08876d011ed41b870a10
cf-ray: 63ca5a527d824e1f-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 85 KB
30 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

Requested by

Host: ing-esdirecting.pro
URL: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ing-esdirecting.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 21:24:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42243
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30399
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Apr 2022 21:24:41 GMT

GET
H2 200 9870a60e4f.js Show response
kit.fontawesome.com/ 11 KB
4 KB 55ms
36ms Script
text/javascript 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/9870a60e4f.js

Requested by

Host: ing-esdirecting.pro
URL: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89eccdaee2732ee9dfe7315eb218088bfe9e7e119a866b7997fa380599a5f83d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer: https://ing-esdirecting.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Apr 2021 09:08:44 GMT
content-encoding: gzip
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-cache-status: REVALIDATED
strict-transport-security: max-age=31536000; preload
cf-request-id: 095256c79b0000323366ad6000000001
x-request-id: FnLjGBmGfYbddrxfxTNB
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60, public, must-revalidate
cf-ray: 63ca5a529f003233-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token

GET
H2 200 val_login.js Show response
ing-esdirecting.pro/r4/App/js/ 2 KB
463 B 196ms
195ms Script
application/javascript 104.219.248.46
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ing-esdirecting.pro/r4/App/js/val_login.js
Requested by: Host: ing-esdirecting.pro
URL: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.219.248.46 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server139-2.web-hosting.com
Software: LiteSpeed /
Resource Hash: adccb506cd605e83c77b54a2f8cc3788ca564aaf3e479a0904ff6007416883a9

Request headers

Referer: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Apr 2021 09:08:44 GMT
content-encoding: br
last-modified: Mon, 01 Jul 2019 06:58:22 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 220
expires: Thu, 15 Apr 2021 09:08:44 GMT

GET
H2 200 logoING.svg
ing-esdirecting.pro/r4/App/img/ 33 KB
12 KB 204ms
203ms Image
image/svg+xml 104.219.248.46
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ing-esdirecting.pro/r4/App/img/logoING.svg
Requested by: Host: ing-esdirecting.pro
URL: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.219.248.46 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server139-2.web-hosting.com
Software: LiteSpeed /
Resource Hash: 546f7d8b5ad8e3f1382d3654cdd5c99b2596dd3c5f756bedba1b4e1b9d6826ee

Request headers

Referer: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Apr 2021 09:08:44 GMT
content-encoding: br
last-modified: Fri, 28 Jun 2019 04:39:52 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 12082
expires: Thu, 15 Apr 2021 09:08:44 GMT

GET
H/1.1

200
OK

/
ing.ingdirect.es/pfm/
Redirect Chain

https://ing.ingdirect.es/pfm/assets/images/norton-logo.png
https://ing.ingdirect.es/pfm/

0
0

283ms
101ms

Image
text/html

193.41.234.21
ING-DIRECT-SPAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ing.ingdirect.es/pfm/
Requested by: Host: ing-esdirecting.pro
URL: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.41.234.21 , Spain, ASN16289 (ING-DIRECT-SPAIN, ES),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ing-esdirecting.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

Date: Thu, 08 Apr 2021 09:08:08 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Type: text/html
Location: https://ing.ingdirect.es/pfm/#login
Connection: keep-alive
Content-Length: 138
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK LogoDNIE-trazado.svg
ing.ingdirect.es/pfm/assets/images/ 13 KB
5 KB 471ms
99ms Image
image/svg+xml 193.41.234.21
ING-DIRECT-SPAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ing.ingdirect.es/pfm/assets/images/LogoDNIE-trazado.svg

Requested by

Host: ing-esdirecting.pro
URL: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

193.41.234.21 , Spain, ASN16289 (ING-DIRECT-SPAIN, ES),

Reverse DNS

Software

Resource Hash

0c7cb491aa1516c16026e2ddcb8662110085f3cb5cb64d0270b69c62b39343ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ing-esdirecting.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Apr 2021 09:08:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 25 Mar 2021 12:01:56 GMT
ETag: W/"605c7bb4-32db"
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block

GET
H2 200 footerbanner.png
ing-esdirecting.pro/r4/App/img/ 5 KB
5 KB 350ms
350ms Image
image/png 104.219.248.46
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ing-esdirecting.pro/r4/App/img/footerbanner.png
Requested by: Host: ing-esdirecting.pro
URL: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.219.248.46 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server139-2.web-hosting.com
Software: LiteSpeed /
Resource Hash: f3efc08ac2c0a7a9c082d3dd21598b822afea0fa8014530b56f5a0bd8c110fac

Request headers

Referer: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Apr 2021 09:08:44 GMT
last-modified: Fri, 28 Jun 2019 20:52:50 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 5089
expires: Thu, 15 Apr 2021 09:08:44 GMT

GET
H2 200 free.min.css Show response
ka-f.fontawesome.com/releases/v5.15.3/css/ 59 KB
13 KB 31ms
16ms Fetch
text/css 2606:4700:e6::ac40:ca1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.3/css/free.min.css?token=9870a60e4f
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/9870a60e4f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2819ca1f7ad1af7ba53c4edfdfd395c547bcb16d29892a234d7860c689ed929

Request headers

Referer: https://ing-esdirecting.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Apr 2021 09:08:44 GMT
via: 1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1017
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 095256c86700003250b9032000000001
last-modified: Wed, 17 Mar 2021 02:23:57 GMT
server: cloudflare
etag: W/"390b4210e10c744c3c597500bcf0b31a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Xheks7%2F%2F3xHTe2x3uLxoiJuVt29DRoWqJSmSy7Je1W61NVYbTw932uFTq8IoX%2B30N0mLuoE%2F4oac2HPw9KGXayeEzp2VVlkhBCN4Z7X5tJCuF9SQTfSGjtwvMKCBMl%2FdBQ%3D%3D"}],"group":"cf-nel"}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
x-amz-cf-pop: FRA56-C2
cf-ray: 63ca5a53d8d13250-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: HLU8A6p5tk5AyCdCuK4R4-xqy0mFTSmHWTiM1lrH0MOvSQrpqv4fwA==

GET
H2 200 free-v4-shims.min.css Show response
ka-f.fontawesome.com/releases/v5.15.3/css/ 26 KB
5 KB 31ms
15ms Fetch
text/css 2606:4700:e6::ac40:ca1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.3/css/free-v4-shims.min.css?token=9870a60e4f
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/9870a60e4f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 362daeaf1f7e05fee9a609e549f148aacbe518c166fbd96ead69057e295742af

Request headers

Referer: https://ing-esdirecting.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Apr 2021 09:08:44 GMT
via: 1.1 a7631312afe99e40229aa0da70662113.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1017
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 095256c86700003250a49ca000000001
last-modified: Wed, 17 Mar 2021 02:23:57 GMT
server: cloudflare
etag: W/"8a99ce81ec2f89fbca03f2c8cf1a3679"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=k2iTFV03Qni5ugrU0KpUXjykM3nPOQPDGFyADhqivLNHMZOeMBXtHP1lvIMzG0FGz0u9Dws0dr03Yhs0rVT3qlKWzNkqsn6Wdi42QiO3ACmtC%2B6MmriMADVpp%2B3hnDqalA%3D%3D"}],"group":"cf-nel"}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
x-amz-cf-pop: FRA56-C2
cf-ray: 63ca5a53d8d23250-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: X2wDWxRq24USQKQiu-nmfciEshx8jfVe1XBbOyMRoBBJI1jZGXrx-w==

GET banner-login_1164x300.jpg
ing-esdirecting.pro/r4/App/img/ 0
0

GET button-loading-dark.gif
ing-esdirecting.pro/r4/App/img/ 0
0

GET
H2 200 free-fa-regular-400.woff2
ka-f.fontawesome.com/releases/v5.15.3/webfonts/ 13 KB
13 KB 12ms
12ms Font
font/woff2 2606:4700:e6::ac40:ca1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-regular-400.woff2
Requested by: Host: ing-esdirecting.pro
URL: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f397092cf73336318795755fd359194072438816835d2cd3a2d01948db7a0d1f

Request headers

Origin: https://ing-esdirecting.pro
Referer: https://ing-esdirecting.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Apr 2021 09:08:44 GMT
via: 1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1017
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-methods: GET
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13292
cf-request-id: 095256c922000032502627e000000001
last-modified: Wed, 17 Mar 2021 02:28:17 GMT
server: cloudflare
etag: "3f46d884913ca952661ea484e4646fd2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cxYW6OZWbey5SHyEfS6klWHgc7Bp1aW6PyeeMYmuziV83NcTH8yIgo4le71A9e2%2FUrhG0UQTGP0tcqkWKJbL8flTrwzS3jzgxkGAIPPxauf2eqWdlmlHrXE76cmzdlPrOg%3D%3D"}],"group":"cf-nel"}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
x-amz-cf-pop: FRA56-C2
accept-ranges: bytes
cf-ray: 63ca5a550a1e3250-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: 6WvgG_7Mfio9WvyXskdAzf76OQVu2_PighyeniONsIVn25KoLjMudg==

GET
H2 200 free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v5.15.3/webfonts/ 76 KB
77 KB 13ms
13ms Font
font/woff2 2606:4700:e6::ac40:ca1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-solid-900.woff2
Requested by: Host: ing-esdirecting.pro
URL: https://ing-esdirecting.pro/r4/tarjeta.php?ip=425828729code=761790299&id=23321655&country=632204683
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 065eb3954b9ea8584f535ede5b5c563383c3b40e4e0344f75a02c4bf3200314b

Request headers

Origin: https://ing-esdirecting.pro
Referer: https://ing-esdirecting.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Apr 2021 09:08:44 GMT
via: 1.1 307a3e1075dd3d0976c64513a6ec3d74.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1017
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-methods: GET
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 78212
cf-request-id: 095256c9220000325048931000000001
last-modified: Wed, 17 Mar 2021 02:28:18 GMT
server: cloudflare
etag: "4e463cfb29c596ba3bb8b0c2469914e5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=33I7LSiGE1fIygrJr7H1h0muCeT29cdZNvJeQpJ48jnVv58EQmLU8hz3zL03feMmUr7RUJ%2FEDTRcaW3z4sT%2FgAsT0b600zBx34ASZvFFr90i8J68G1u%2BMlxv8O8CzW2Lwg%3D%3D"}],"group":"cf-nel"}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
x-amz-cf-pop: FRA56-C2
accept-ranges: bytes
cf-ray: 63ca5a550a1f3250-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: RvSBrJUtz3O0O5dVhEWVwO0-4pXBFdhK6yud1rIXz12c9H1wLY235w==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ing-esdirecting.pro
URL: https://ing-esdirecting.pro/r4/App/img/banner-login_1164x300.jpg

Domain: ing-esdirecting.pro
URL: https://ing-esdirecting.pro/r4/App/img/button-loading-dark.gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ing-esdirecting.pro/	1969-12-31 23:59:59	Name: PHPSESSID Value: 8adb6cc7b5b3ad85c2fbeab1509af254

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
icono-49d6.kxcdn.com
ing-esdirecting.pro
ing.ingdirect.es
ka-f.fontawesome.com
kit.fontawesome.com
maxcdn.bootstrapcdn.com
ing-esdirecting.pro
104.219.248.46
193.41.234.21
2606:4700::6810:135e
2606:4700::6812:1734
2606:4700::6812:acf
2606:4700:e6::ac40:ca1c
2a00:1450:4001:813::200a
2a0b:4d07:102::1
065eb3954b9ea8584f535ede5b5c563383c3b40e4e0344f75a02c4bf3200314b
0c7cb491aa1516c16026e2ddcb8662110085f3cb5cb64d0270b69c62b39343ec
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1690020f86bda391cb6005e4b96cb0cc4a82f0c8536b8a91e5ce7fd8dc2be4fb
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
362daeaf1f7e05fee9a609e549f148aacbe518c166fbd96ead69057e295742af
546f7d8b5ad8e3f1382d3654cdd5c99b2596dd3c5f756bedba1b4e1b9d6826ee
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
89eccdaee2732ee9dfe7315eb218088bfe9e7e119a866b7997fa380599a5f83d
9ef40c2f4aa313c34aab4474e8939b68fb79ff687179486d99db8d8d8427db4d
adccb506cd605e83c77b54a2f8cc3788ca564aaf3e479a0904ff6007416883a9
af5eb7b630394e61de5d229bb59017bdc45a126a23ecab83012fbd66d1c5332f
b3e7a746100e97655b71495bb0fa83bbcc3f4ded049cd5a36638923c9e75cb09
c2819ca1f7ad1af7ba53c4edfdfd395c547bcb16d29892a234d7860c689ed929
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f397092cf73336318795755fd359194072438816835d2cd3a2d01948db7a0d1f
f3efc08ac2c0a7a9c082d3dd21598b822afea0fa8014530b56f5a0bd8c110fac
f4948dbf00f11bc77beb2b6c5ce4364ba0d8aa73594f969bd525954dc6bca73e

ing-esdirecting.pro Open in urlscan Pro 104.219.248.46 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

90 %HTTPS

75 %IPv6

7 Domains

8 Subdomains

9 IPs

4 Countries

201 kBTransfer

548 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

1 Cookies

Indicators

ing-esdirecting.pro Open in urlscan Pro
104.219.248.46 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

90 %
HTTPS

75 %
IPv6

7
Domains

8
Subdomains

9
IPs

4
Countries

201 kB
Transfer

548 kB
Size

1
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!