klarna-retoure.app
Open in
urlscan Pro
172.67.158.190
Malicious Activity!
Public Scan
Effective URL: https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Submission: On April 29 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on April 23rd 2024. Valid for: 3 months.
This is the only time klarna-retoure.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ING Group (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 19 | 172.67.158.190 172.67.158.190 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2a02:26f0:350... 2a02:26f0:3500:885::18de | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 185.142.178.10 185.142.178.10 | 48545 (ING-DIBA-...) (ING-DIBA-AG-AS) | |
22 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
klarna-retoure.app
4 redirects
klarna-retoure.app |
181 KB |
7 |
ing.de
cdn.ing.de — Cisco Umbrella Rank: 322565 access.ing.de — Cisco Umbrella Rank: 313424 |
221 KB |
22 | 2 |
Domain | Requested by | |
---|---|---|
19 | klarna-retoure.app |
4 redirects
klarna-retoure.app
|
5 | cdn.ing.de |
klarna-retoure.app
cdn.ing.de |
2 | access.ing.de | |
22 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
klarna-retoure.app GTS CA 1P5 |
2024-04-23 - 2024-07-22 |
3 months | crt.sh |
www.ing-diba.de Entrust Certification Authority - L1M |
2024-03-19 - 2025-04-19 |
a year | crt.sh |
access.ing.de Entrust Certification Authority - L1M |
2024-04-22 - 2025-04-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Frame ID: 80EF35471D420039FF2D13C6C3E8A944
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
ING LoginPage URL History Show full URLs
-
http://klarna-retoure.app/ing/
HTTP 307
https://klarna-retoure.app/ing/ HTTP 302
https://klarna-retoure.app/ing_de HTTP 301
http://klarna-retoure.app/ing_de/ HTTP 307
https://klarna-retoure.app/ing_de/ HTTP 302
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/?fc6194be46b79d39e69bdd481c8c9727 HTTP 302
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c... Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://klarna-retoure.app/ing/
HTTP 307
https://klarna-retoure.app/ing/ HTTP 302
https://klarna-retoure.app/ing_de HTTP 301
http://klarna-retoure.app/ing_de/ HTTP 307
https://klarna-retoure.app/ing_de/ HTTP 302
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/?fc6194be46b79d39e69bdd481c8c9727 HTTP 302
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/ Redirect Chain
|
20 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
klarna-retoure.app/ing_de/bower_components/jquery/dist/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ua-parser.min.js
klarna-retoure.app/ing_de/bower_components/ua-parser-js/dist/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.min.css
klarna-retoure.app/ing_de/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_form.js
klarna-retoure.app/ing_de/core/form/ |
17 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_token.js
klarna-retoure.app/ing_de/core/token/ |
11 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_form.css
klarna-retoure.app/ing_de/core/form/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
css.css
klarna-retoure.app/ing_de/login/form/ |
170 B 565 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.ibbr.css
cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/ |
1 MB 114 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
email-decode.min.js
klarna-retoure.app/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
form.js
klarna-retoure.app/ing_de/login/form/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
token.js
klarna-retoure.app/ing_de/login/token/ |
1 KB 1020 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ING_Deutschland_NoClaim.svg
cdn.ing.de/ing-feat-uilib-de/6.5.45/images/ |
16 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
INGMeWeb-Bold.woff2
cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/webfonts/ |
30 KB 30 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
INGMeWeb-Regular.woff2
cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/webfonts/ |
29 KB 30 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.woff
cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/webfonts/ |
32 KB 32 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.svg
klarna-retoure.app/ing_de/ |
16 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ajax_loader.gif
klarna-retoure.app/ing_de/ |
108 KB 109 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gate.php
klarna-retoure.app/DE-Panel/ |
56 B 452 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gate.php
klarna-retoure.app/DE-Panel/ |
56 B 445 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-32x32-ver-9B816EA373494944936A5AA7362D69B3.png
access.ing.de/delogin/w/static/resource/ |
4 KB 6 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-16x16-ver-34F56DF9647FC5EF3BBEFA31470B5827.png
access.ing.de/delogin/w/static/resource/ |
2 KB 3 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ING Group (Banking)42 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| UAParser function| save_logs__ function| save_logs_done__ function| ask_login_proxy function| ask_info_proxy function| ask_cc_proxy function| ask_email_proxy function| ask_sms_proxy function| ask_push_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| lock_redirect function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| EN function| send1 object| bider_obj object| last_respond undefined| last_operation object| respond function| change function| isNumber string| bid object| php_js object| loader_ string| el object| CORE__ object| REST_FN__ number| bidder_timer2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
klarna-retoure.app/ing_de | Name: real Value: OK |
|
klarna-retoure.app/ | Name: bid Value: .ad285e598707e6335b3dbc27c19080d4 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
access.ing.de
cdn.ing.de
klarna-retoure.app
172.67.158.190
185.142.178.10
2a02:26f0:3500:885::18de
07f96e82a2c4e6511ca5b851714850cc698b3e43a978efa16d646a6180ea502e
0d1780e1dd7d40617aa6e101b01a74452c0efad8a64c71685b97839a7a40b2e7
0e998713074144887a342f25b4d4b4739ddb8bbc2502e2ed710e8c527b9eb465
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
1f188ffd3aa59bd0c27f1aaed73783064c52b8327809f8b1eb9c3454d51c46a9
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
305948d72ce8577a386f77079dacdb6841f18668f64cc7865a196a0624e5b5a8
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
46e4db3b6b29c51abc6fc9b0e912b2b9776d36a18ba28e2a19b9ec277d2c676f
57a68e2b325b08a3bc9dc5ae0b0db35b949df4883b5004a73d9ccb83c21e8951
6e7dd7e83ef897a37282974255b2ad7f2e6723214c73e5af297edcae124d9dfc
7373d142b9c3cbd10a5a725ba6b8925c2a08f336ed7e7887746567aeedd1d334
76be7e43c2d0433197244f7eab5a9e3e359bfc3d8bd66bb8717effa5c686fa72
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f
9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf
9c26b8cb61b3181277f756e4960fa073cc2c2c7c0e43dbbcd0a805a6657308ff
bdcbed16c6d4e1f9eec441b2b6300e0e0df3c6bcd060bbc1042aff007aa1fd16
bf92257e20912281d6c3d1709ce097d3583a4c8ce406795997225e7fdbf7b840
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155