agbs-push.de
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Effective URL: https://agbs-push.de/ing_de/.0068436be311510338d7f731bb3d8828/login/?8583ef973800225604fe1395ce725f1d
Submission: On October 23 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on September 22nd 2023. Valid for: 3 months.
This is the only time agbs-push.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ING Group (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 107.189.8.23 107.189.8.23 | 53667 (PONYNET) (PONYNET) | |
1 1 | 2606:4700:303... 2606:4700:3035::ac43:8657 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 20 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 2 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2a02:26f0:480... 2a02:26f0:480:5b4::18de | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
20 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
agbs-push.de
7 redirects
agbs-push.de |
183 KB |
5 |
ing.de
cdn.ing.de — Cisco Umbrella Rank: 369638 |
212 KB |
1 |
service-rule.lol
1 redirects
service-rule.lol |
771 B |
1 |
nxgturl.com
1 redirects
nxgturl.com |
399 B |
20 | 4 |
Domain | Requested by | |
---|---|---|
22 | agbs-push.de |
7 redirects
agbs-push.de
|
5 | cdn.ing.de |
agbs-push.de
cdn.ing.de |
1 | service-rule.lol | 1 redirects |
1 | nxgturl.com | 1 redirects |
20 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
agbs-push.de GTS CA 1P5 |
2023-09-22 - 2023-12-21 |
3 months | crt.sh |
www.ing-diba.de Entrust Certification Authority - L1M |
2023-03-21 - 2024-04-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://agbs-push.de/ing_de/.0068436be311510338d7f731bb3d8828/login/?8583ef973800225604fe1395ce725f1d
Frame ID: 17D38C3AF9AD388C8927C84FF24D9822
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
ING LoginPage URL History Show full URLs
-
https://nxgturl.com/UADSZ
HTTP 301
https://service-rule.lol/Mksx9B HTTP 302
https://agbs-push.de/ing HTTP 301
http://agbs-push.de/ing/ HTTP 301
https://agbs-push.de/ing/ HTTP 302
https://agbs-push.de/ing_de HTTP 301
http://agbs-push.de/ing_de/ HTTP 301
https://agbs-push.de/ing_de/ HTTP 302
https://agbs-push.de/ing_de/.0068436be311510338d7f731bb3d8828/?8583ef973800225604fe1395ce725f1d HTTP 302
https://agbs-push.de/ing_de/.0068436be311510338d7f731bb3d8828/login/?8583ef973800225604fe1395ce72... Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://nxgturl.com/UADSZ
HTTP 301
https://service-rule.lol/Mksx9B HTTP 302
https://agbs-push.de/ing HTTP 301
http://agbs-push.de/ing/ HTTP 301
https://agbs-push.de/ing/ HTTP 302
https://agbs-push.de/ing_de HTTP 301
http://agbs-push.de/ing_de/ HTTP 301
https://agbs-push.de/ing_de/ HTTP 302
https://agbs-push.de/ing_de/.0068436be311510338d7f731bb3d8828/?8583ef973800225604fe1395ce725f1d HTTP 302
https://agbs-push.de/ing_de/.0068436be311510338d7f731bb3d8828/login/?8583ef973800225604fe1395ce725f1d Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
agbs-push.de/ing_de/.0068436be311510338d7f731bb3d8828/login/ Redirect Chain
|
20 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
agbs-push.de/ing_de/bower_components/jquery/dist/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ua-parser.min.js
agbs-push.de/ing_de/bower_components/ua-parser-js/dist/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.min.css
agbs-push.de/ing_de/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_form.js
agbs-push.de/ing_de/core/form/ |
17 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_token.js
agbs-push.de/ing_de/core/token/ |
11 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_form.css
agbs-push.de/ing_de/core/form/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
css.css
agbs-push.de/ing_de/login/form/ |
170 B 578 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.ibbr.css
cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/ |
1 MB 114 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
email-decode.min.js
agbs-push.de/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
form.js
agbs-push.de/ing_de/login/form/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
token.js
agbs-push.de/ing_de/login/token/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ING_Deutschland_NoClaim.svg
cdn.ing.de/ing-feat-uilib-de/6.5.45/images/ |
16 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
INGMeWeb-Bold.woff2
cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/webfonts/ |
30 KB 30 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
INGMeWeb-Regular.woff2
cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/webfonts/ |
29 KB 30 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.woff
cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/webfonts/ |
32 KB 32 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.svg
agbs-push.de/ing_de/ |
16 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ajax_loader.gif
agbs-push.de/ing_de/ |
108 KB 109 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gate.php
agbs-push.de/DE-Panel/ |
57 B 455 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gate.php
agbs-push.de/DE-Panel/ |
57 B 457 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ING Group (Banking)42 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| UAParser function| save_logs__ function| save_logs_done__ function| ask_login_proxy function| ask_info_proxy function| ask_cc_proxy function| ask_email_proxy function| ask_sms_proxy function| ask_push_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| lock_redirect function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| EN function| send1 object| bider_obj object| last_respond undefined| last_operation object| respond function| change function| isNumber string| bid object| php_js object| loader_ string| el object| CORE__ object| REST_FN__ number| bidder_timer6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
agbs-push.de/ing_de | Name: real Value: OK |
|
nxgturl.com/ | Name: PHPSESSID Value: 01c8ucluk3m58oq33dscq8c8td |
|
nxgturl.com/ | Name: short_214 Value: 1 |
|
service-rule.lol/ | Name: _subid Value: ema71v9bg |
|
service-rule.lol/ | Name: bce7d Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE3XCI6MTY5ODA1NDg5NX0sXCJjYW1wYWlnbnNcIjp7XCI2XCI6MTY5ODA1NDg5NX0sXCJ0aW1lXCI6MTY5ODA1NDg5NX0ifQ.Rg1PqAv1zn3YCMBBjNM1uuvSdyPUnAxeX8Q9vflgVrI |
|
agbs-push.de/ | Name: bid Value: .0068436be311510338d7f731bb3d8828 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
agbs-push.de
cdn.ing.de
nxgturl.com
service-rule.lol
107.189.8.23
2606:4700:3035::ac43:8657
2a02:26f0:480:5b4::18de
2a06:98c1:3120::3
2a06:98c1:3121::3
07f96e82a2c4e6511ca5b851714850cc698b3e43a978efa16d646a6180ea502e
0d1780e1dd7d40617aa6e101b01a74452c0efad8a64c71685b97839a7a40b2e7
0e998713074144887a342f25b4d4b4739ddb8bbc2502e2ed710e8c527b9eb465
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
305948d72ce8577a386f77079dacdb6841f18668f64cc7865a196a0624e5b5a8
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
46e4db3b6b29c51abc6fc9b0e912b2b9776d36a18ba28e2a19b9ec277d2c676f
76be7e43c2d0433197244f7eab5a9e3e359bfc3d8bd66bb8717effa5c686fa72
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f
980866f86ea8cfabe6be6357239a02976cd90dd112abb111da628af738d5f9a6
9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf
9c26b8cb61b3181277f756e4960fa073cc2c2c7c0e43dbbcd0a805a6657308ff
bdcbed16c6d4e1f9eec441b2b6300e0e0df3c6bcd060bbc1042aff007aa1fd16
ccb515fbbcf90c1786f3e802cd7fcfae39bf78f89e20007950ec58e924e69b2e
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155
fb352aec8d94e16ab62f9d9ca206f91ade0a3836ea7d86b2b977033a9213e110