urlscan.io logo urlscan.io
SecurityTrails logo

klarna-retoure.app Open in urlscan Pro
172.67.158.190  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://klarna-retoure.app/ing/
Effective URL: https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Submission: On April 29 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 22 HTTP transactions. The main IP is 172.67.158.190, located in United States and belongs to CLOUDFLARENET, US. The main domain is klarna-retoure.app.
TLS certificate: Issued by GTS CA 1P5 on April 23rd 2024. Valid for: 3 months.
This is the only time klarna-retoure.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

IP Address AS Autonomous System
4 19 172.67.158.190 13335 (CLOUDFLAR...)
5 2a02:26f0:350... 20940 (AKAMAI-ASN1)
2 185.142.178.10 48545 (ING-DIBA-...)
22 3
Apex Domain
Subdomains		 Transfer
19 klarna-retoure.app
klarna-retoure.app
181 KB
7 ing.de
cdn.ing.de — Cisco Umbrella Rank: 322565
access.ing.de — Cisco Umbrella Rank: 313424
221 KB
22 2
Domain Requested by
19 klarna-retoure.app 4 redirects klarna-retoure.app
5 cdn.ing.de klarna-retoure.app
cdn.ing.de
2 access.ing.de
22 3

This site contains no links.

Subject Issuer Validity Valid
klarna-retoure.app
GTS CA 1P5		 2024-04-23 -
2024-07-22		 3 months crt.sh
www.ing-diba.de
Entrust Certification Authority - L1M		 2024-03-19 -
2025-04-19		 a year crt.sh
access.ing.de
Entrust Certification Authority - L1M		 2024-04-22 -
2025-04-22		 a year crt.sh

This page contains 1 frames:

Primary Page: https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Frame ID: 80EF35471D420039FF2D13C6C3E8A944
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ING Login

Page URL History Show full URLs

  1. http://klarna-retoure.app/ing/ HTTP 307
    https://klarna-retoure.app/ing/ HTTP 302
    https://klarna-retoure.app/ing_de HTTP 301
    http://klarna-retoure.app/ing_de/ HTTP 307
    https://klarna-retoure.app/ing_de/ HTTP 302
    https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/?fc6194be46b79d39e69bdd481c8c9727 HTTP 302
    https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

400 kB
Transfer

1498 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://klarna-retoure.app/ing/ HTTP 307
    https://klarna-retoure.app/ing/ HTTP 302
    https://klarna-retoure.app/ing_de HTTP 301
    http://klarna-retoure.app/ing_de/ HTTP 307
    https://klarna-retoure.app/ing_de/ HTTP 302
    https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/?fc6194be46b79d39e69bdd481c8c9727 HTTP 302
    https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/
Redirect Chain
  • http://klarna-retoure.app/ing/
  • https://klarna-retoure.app/ing/
  • https://klarna-retoure.app/ing_de
  • http://klarna-retoure.app/ing_de/
  • https://klarna-retoure.app/ing_de/
  • https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/?fc6194be46b79d39e69bdd481c8c9727
  • https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
20 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.158.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e7dd7e83ef897a37282974255b2ad7f2e6723214c73e5af297edcae124d9dfc

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
87be18205c9fbb79-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 29 Apr 2024 08:59:08 GMT
expires
0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QpPq3p1fFE9%2FzTvQYTJrgGo3cd1Uij92PyUZcqR4Kq6HKFlgv%2B5KiFZtprpHh8SM4Iko0JiV134lW3bAXQeJw7T6ZF%2BG0HXINs%2BKJQ%2BGIdBqAJ4Y2U8az0FodalpFwPH%2B06Buj4%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
87be18202c7abb79-FRA
content-type
text/html; charset=UTF-8
date
Mon, 29 Apr 2024 08:59:08 GMT
location
login/?fc6194be46b79d39e69bdd481c8c9727
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D%2BDmihUB9btYCW6Y4kIywjLDTeM0D5POtw67wSB5UC9pOfBaNM6Yt%2BsMH4V4GhCXSFvKqy%2FRp60gF29JlA0N9rnnZWl0jtuNJMky1%2BPz73GFz%2BVEBYJ8brIBQ4YWoLqXKGRJooY%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
jquery.min.js
klarna-retoure.app/ing_de/bower_components/jquery/dist/ 		85 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://klarna-retoure.app/ing_de/bower_components/jquery/dist/jquery.min.js
Requested by
Host: klarna-retoure.app
URL: https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.158.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date
Mon, 29 Apr 2024 08:59:08 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Mon, 05 Jun 2017 03:55:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"15283-5512e77ee3a80-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=82yOrSyriwDkLcHpxglrYBEDx5ZKGMFuKwkBZH1Q3qF1hBYugAqk7c6XbhaDG2gD916A9CQaIuvNGI4BuB9OqHYSs8i5uhe0jBx%2BgsZgsbsQATerco5zbhxoWyuEe5P2Y03ICog%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
87be1820ad00bb79-FRA
alt-svc
h3=":443"; ma=86400
ua-parser.min.js
klarna-retoure.app/ing_de/bower_components/ua-parser-js/dist/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://klarna-retoure.app/ing_de/bower_components/ua-parser-js/dist/ua-parser.min.js
Requested by
Host: klarna-retoure.app
URL: https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.158.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date
Mon, 29 Apr 2024 08:59:08 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 12 Oct 2017 08:16:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"4298-55b5527f0e600-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XsfRmOMrtFV%2FPLFUVCaNTe7ybOE6vxV8pQjzl9YVqulgl9TvYEzx6UrNns8PT7ggf48sCDUb0LUHYkx5pFxpFK7j3MyJfu4K02DDTjMWvfP%2BGMDuvJ0pIYcIMlRkPkkttrT4oL8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
87be1820ad02bb79-FRA
alt-svc
h3=":443"; ma=86400
font-awesome.min.css
klarna-retoure.app/ing_de/bower_components/font-awesome/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://klarna-retoure.app/ing_de/bower_components/font-awesome/css/font-awesome.min.css
Requested by
Host: klarna-retoure.app
URL: https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.158.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date
Mon, 29 Apr 2024 08:59:08 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 09 Apr 2017 04:29:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"7918-54cb44da47100-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ISIkHC4ojip6Nf8MVEQzz8LWBGt8LVbrqZrAlQOCGK0bPDYdL1iNi6KhlUoc2sKeo5qfhgkyK8DJtC%2FGHwByI4TP0w1Jx%2BktKc8MGj3K6SSRBlqjMA84AJlCvlHw4yMLmCgNbyM%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
87be1820ad03bb79-FRA
alt-svc
h3=":443"; ma=86400
core_form.js
klarna-retoure.app/ing_de/core/form/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://klarna-retoure.app/ing_de/core/form/core_form.js
Requested by
Host: klarna-retoure.app
URL: https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.158.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07f96e82a2c4e6511ca5b851714850cc698b3e43a978efa16d646a6180ea502e

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date
Mon, 29 Apr 2024 08:59:08 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Mon, 04 Sep 2023 10:56:58 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"4533-604865e827280-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gedo9BqyhiLLt1VvBRak%2FBSFjkcnjcnC1IX6yR79%2BDEojOdjDJgzuo0MikIRWeFCQvEXGCjiRomLQXkPQWD8zeBC8Ldogwk6opnIPNyA1Gn55GHYl5cQppVIBVG3wKeBD5RPd2Y%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
87be1820ad05bb79-FRA
alt-svc
h3=":443"; ma=86400
core_token.js
klarna-retoure.app/ing_de/core/token/ 		11 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://klarna-retoure.app/ing_de/core/token/core_token.js
Requested by
Host: klarna-retoure.app
URL: https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.158.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46e4db3b6b29c51abc6fc9b0e912b2b9776d36a18ba28e2a19b9ec277d2c676f

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date
Mon, 29 Apr 2024 08:59:08 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Mon, 04 Sep 2023 10:57:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"2aea-60486606aba80-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v6calj7bwoUu1YXzwVYaKvqCR5T6USDWdRh7zgpscvN3I%2FfB8hWbm%2FIXX0PyyrS1NQe39BU4eApwk%2Bm9nkVLTOdTtaaWziSDuJ5N%2BhPUjwgMoAGonbBtmW0D%2FNVzpCXPoHQKo1M%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
87be1820ad06bb79-FRA
alt-svc
h3=":443"; ma=86400
core_form.css
klarna-retoure.app/ing_de/core/form/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://klarna-retoure.app/ing_de/core/form/core_form.css
Requested by
Host: klarna-retoure.app
URL: https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.158.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d1780e1dd7d40617aa6e101b01a74452c0efad8a64c71685b97839a7a40b2e7

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date
Mon, 29 Apr 2024 08:59:08 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 12 Feb 2020 14:02:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"abe-59e616b135a40-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RAkWMVqQzoELFEQIbbY5Ubh24DalQmUaFbkVAO1f9j4W3Ly1L9o%2B5HXTMK6faejnmInQ6ku0yMf0VyIRwy8BKybruJIM9g5fMIvnqBJfoi9S5co2ZmoZkfepLbWjCHgDw85YYL4%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
87be1820ad07bb79-FRA
alt-svc
h3=":443"; ma=86400
css.css
klarna-retoure.app/ing_de/login/form/ 		170 B
565 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://klarna-retoure.app/ing_de/login/form/css.css
Requested by
Host: klarna-retoure.app
URL: https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.158.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bdcbed16c6d4e1f9eec441b2b6300e0e0df3c6bcd060bbc1042aff007aa1fd16

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date
Mon, 29 Apr 2024 08:59:08 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 12 Feb 2020 10:30:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"aa-59e5e76838b00-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=usP2DaJu1ZrS44hA328SIcgrhhsQcLqSqYKczO3OqYqDs8yzA2fGUQ5beO35gnYFWS4FBxGCNHNhbLpb72%2BQeObOTLYwjWrt00hv6P64oHVDCQLU5J4WAgzj0FVJVLzzqL01UV0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
87be1820ad09bb79-FRA
alt-svc
h3=":443"; ma=86400
bundle.ibbr.css
cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/ 		1 MB
114 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/bundle.ibbr.css
Requested by
Host: klarna-retoure.app
URL: https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:885::18de Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0e998713074144887a342f25b4d4b4739ddb8bbc2502e2ed710e8c527b9eb465
Security Headers
Name Value
Content-Security-Policy default-src 'self'; prefetch-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31622400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://klarna-retoure.app/
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

content-security-policy
default-src 'self'; prefetch-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31622400; includeSubDomains; preload
date
Mon, 29 Apr 2024 08:59:08 GMT
akamai-cache-status
RefreshHit from child
content-length
116011
x-xss-protection
1; mode=block
last-modified
Thu, 14 Jul 2022 06:24:22 GMT
etag
"62cfb696-1c52b"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-allow-methods
GET, OPTIONS
cache-control
max-age=40593
x-ing-response-id
b8c97d5f-9381-4f98-a175-9af5c9b16cb0
expires
Mon, 29 Apr 2024 20:15:41 GMT
email-decode.min.js
klarna-retoure.app/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://klarna-retoure.app/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: klarna-retoure.app
URL: https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.158.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date
Mon, 29 Apr 2024 08:59:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 19 Apr 2024 20:54:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6622d9ef-4d7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XB54F6m6VcnVRe4uL0F5njStT8IY%2B8MwzGv53fj52XsLgxd%2BoOH4JjtDpblgOs0Ruv3%2B7XKTZ6%2Bo0wjOCarSZXG6Kdeh8zCzmsOLZ8ArUV2LvBNzML%2Fx1WQvRFnzM9nZjGTmE40%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
87be1820ad0bbb79-FRA
expires
Wed, 01 May 2024 08:59:08 GMT
form.js
klarna-retoure.app/ing_de/login/form/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://klarna-retoure.app/ing_de/login/form/form.js?v=662f615c3b827
Requested by
Host: klarna-retoure.app
URL: https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.158.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date
Mon, 29 Apr 2024 08:59:08 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 06 Dec 2019 19:03:58 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"bf7-5990db53f4380-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P2NhKorVGLWujEA3P87GcqGDw8ip1%2Bl3t%2FCpCFztrIki3vqW76ENezNAYCfyqZjQPQSW7sGRb8WBb0%2FO2HCxmytF1HmAHZfL6JqpCUggUfq4D0Zhmtac8JUxMSPqAep3j%2BfigbE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
87be1820ad0dbb79-FRA
alt-svc
h3=":443"; ma=86400
token.js
klarna-retoure.app/ing_de/login/token/ 		1 KB
1020 B 		Script
General
Check archive.org
Download Go to
Full URL
https://klarna-retoure.app/ing_de/login/token/token.js?v=662f615c3b828
Requested by
Host: klarna-retoure.app
URL: https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.158.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76be7e43c2d0433197244f7eab5a9e3e359bfc3d8bd66bb8717effa5c686fa72

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date
Mon, 29 Apr 2024 08:59:08 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 02 Jul 2022 17:41:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"5a7-5e2d601956540-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V9%2BXxO%2FmxJmeP2tRLRU6NYeukOaOqYK5TJRcN6OT%2B9V%2Fu9BUnevcOiHbbB%2FTZ4rGSrcHNJfF3PZvf0IA0zhF53xh1ylmb74T49gcZol1yIpxr%2FsGcYdT3uTlwJkXoJNopNafJlU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
87be1820ad0ebb79-FRA
alt-svc
h3=":443"; ma=86400
ING_Deutschland_NoClaim.svg
cdn.ing.de/ing-feat-uilib-de/6.5.45/images/ 		16 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.ing.de/ing-feat-uilib-de/6.5.45/images/ING_Deutschland_NoClaim.svg
Requested by
Host: cdn.ing.de
URL: https://cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/bundle.ibbr.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:885::18de Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf
Security Headers
Name Value
Content-Security-Policy default-src 'self'; prefetch-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31622400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/bundle.ibbr.css
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

content-security-policy
default-src 'self'; prefetch-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31622400; includeSubDomains; preload
date
Mon, 29 Apr 2024 08:59:08 GMT
akamai-cache-status
RefreshHit from child, RefreshHit from parent
content-length
5166
x-xss-protection
1; mode=block
last-modified
Thu, 14 Jul 2022 06:24:22 GMT
etag
"62cfb696-142e"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
access-control-allow-methods
GET, OPTIONS
cache-control
max-age=46419
x-ing-response-id
d3f8ea69-9f55-47aa-833d-98782852ea76
expires
Mon, 29 Apr 2024 21:52:47 GMT
INGMeWeb-Bold.woff2
cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/webfonts/ 		30 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/webfonts/INGMeWeb-Bold.woff2
Requested by
Host: cdn.ing.de
URL: https://cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/bundle.ibbr.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:885::18de Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31622400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/bundle.ibbr.css
Origin
https://klarna-retoure.app
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

content-security-policy
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31622400; includeSubDomains; preload
date
Mon, 29 Apr 2024 08:59:08 GMT
akamai-cache-status
RefreshHit from child, Miss from parent
content-length
30436
x-xss-protection
1; mode=block
last-modified
Thu, 14 Jul 2022 06:24:22 GMT
etag
"62cfb696-76e4"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
access-control-allow-methods
GET, OPTIONS
cache-control
max-age=113090
x-ing-response-id
5e440162a661755e93bb977529fbb79d
expires
Tue, 30 Apr 2024 16:23:58 GMT
INGMeWeb-Regular.woff2
cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/webfonts/ 		29 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/webfonts/INGMeWeb-Regular.woff2
Requested by
Host: cdn.ing.de
URL: https://cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/bundle.ibbr.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:885::18de Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31622400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/bundle.ibbr.css
Origin
https://klarna-retoure.app
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

content-security-policy
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31622400; includeSubDomains; preload
date
Mon, 29 Apr 2024 08:59:08 GMT
akamai-cache-status
RefreshHit from child, Miss from parent
content-length
29588
x-xss-protection
1; mode=block
last-modified
Thu, 14 Jul 2022 06:24:22 GMT
etag
"62cfb696-7394"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
access-control-allow-methods
GET, OPTIONS
cache-control
max-age=46372
x-ing-response-id
d7b1010dd7cf97266b7fe455947a5ee4
expires
Mon, 29 Apr 2024 21:52:00 GMT
icons.woff
cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/webfonts/ 		32 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/webfonts/icons.woff
Requested by
Host: cdn.ing.de
URL: https://cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/bundle.ibbr.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:885::18de Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
305948d72ce8577a386f77079dacdb6841f18668f64cc7865a196a0624e5b5a8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; prefetch-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31622400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.ing.de/ing-feat-uilib-de/6.5.45/stylesheets/bundle.ibbr.css
Origin
https://klarna-retoure.app
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

content-security-policy
default-src 'self'; prefetch-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31622400; includeSubDomains; preload
date
Mon, 29 Apr 2024 08:59:08 GMT
akamai-cache-status
RefreshHit from child, RefreshHit from parent
content-length
32210
x-xss-protection
1; mode=block
last-modified
Thu, 14 Jul 2022 06:24:22 GMT
etag
"62cfb696-7dd2"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
font/woff
access-control-allow-origin
*
access-control-allow-methods
GET, OPTIONS
cache-control
max-age=113120
x-ing-response-id
434d5df1e616773161febffea9f8e0b0
expires
Tue, 30 Apr 2024 16:24:28 GMT
logo.svg
klarna-retoure.app/ing_de/ 		16 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://klarna-retoure.app/ing_de/logo.svg
Requested by
Host: klarna-retoure.app
URL: https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.158.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date
Mon, 29 Apr 2024 08:59:08 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 27 Oct 2022 21:37:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"3f1d-5ec0af104b940"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YKtBQsqJNRCpsojhviffpqbpB%2BgQD6r9L5R8%2F%2FAVrRrVJ1zB6cQPvJDS%2BEXVXz9iXgS5ZDGOttv5fZmlSfn%2BMINs%2BAShV4CYWCU8jtcJKv8jzkZJJI%2BvsZlzLCfSy4ob1X0PCWk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
87be1823a882bb79-FRA
alt-svc
h3=":443"; ma=86400
ajax_loader.gif
klarna-retoure.app/ing_de/ 		108 KB
109 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://klarna-retoure.app/ing_de/ajax_loader.gif
Requested by
Host: klarna-retoure.app
URL: https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.158.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c26b8cb61b3181277f756e4960fa073cc2c2c7c0e43dbbcd0a805a6657308ff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date
Mon, 29 Apr 2024 08:59:09 GMT
cf-cache-status
MISS
last-modified
Thu, 27 Oct 2022 21:53:23 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"1b1eb-5ec0b2b8cdac0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kDomjnpx85OGQOE2k38E5XSuynoSLi0OExVFrCjk6CdeeIKrbhuPpYQ5K6WVaW%2Fcqnqy9YkxSQJZv0H4mwHCXo%2Bcej139DHpz%2BnEtAFMDazctzWTA7545w3%2BU%2BynQx2iUskNDII%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
87be1823a884bb79-FRA
alt-svc
h3=":443"; ma=86400
content-length
111083
gate.php
klarna-retoure.app/DE-Panel/ 		56 B
452 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://klarna-retoure.app/DE-Panel/gate.php?pl=token&link=ING_DE&bid=.ad285e598707e6335b3dbc27c19080d4&callback=jQuery3210704925238634244_1714381148332&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1714381148333
Requested by
Host: klarna-retoure.app
URL: https://klarna-retoure.app/ing_de/bower_components/jquery/dist/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.158.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7373d142b9c3cbd10a5a725ba6b8925c2a08f336ed7e7887746567aeedd1d334

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date
Mon, 29 Apr 2024 08:59:08 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HZ9yL6VCrZnMfGShnszgA0A6RpREDpi8yrJX%2F%2BUlTjhw4k%2FaCLOYFv2FJTXDUA3FqODlWzwOZWhkfKsJt79lEGhwmP1fTt5M8%2FVvKPPYnypqwM0vkF9mxN%2F%2FprNJCPVEX3f2Gt0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cf-ray
87be1823b88bbb79-FRA
alt-svc
h3=":443"; ma=86400
gate.php
klarna-retoure.app/DE-Panel/ 		56 B
445 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://klarna-retoure.app/DE-Panel/gate.php?pl=token&link=ING_DE&bid=.ad285e598707e6335b3dbc27c19080d4&callback=jQuery3210704925238634244_1714381148334&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1714381148335
Requested by
Host: klarna-retoure.app
URL: https://klarna-retoure.app/ing_de/bower_components/jquery/dist/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.158.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57a68e2b325b08a3bc9dc5ae0b0db35b949df4883b5004a73d9ccb83c21e8951

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://klarna-retoure.app/ing_de/.ad285e598707e6335b3dbc27c19080d4/login/?fc6194be46b79d39e69bdd481c8c9727
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date
Mon, 29 Apr 2024 08:59:08 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ww6kq4Zd6Y2gqNSAsIAc7oGpqV3ENisGmcAIue0aswHUVegWRfXP%2BSpQBsaJsi8kNQNf0kFzUvcj7v4aIjV0SBhgB3zkgQ7%2BEMIWn%2FCT7PzroCgmHzltMA7quD3A5SGaxAGKH5E%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cf-ray
87be1823b88ebb79-FRA
alt-svc
h3=":443"; ma=86400
icon-32x32-ver-9B816EA373494944936A5AA7362D69B3.png
access.ing.de/delogin/w/static/resource/ 		4 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://access.ing.de/delogin/w/static/resource/icon-32x32-ver-9B816EA373494944936A5AA7362D69B3.png
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
185.142.178.10 Frankfurt am Main, Germany, ASN48545 (ING-DIBA-AG-AS, DE),
Reverse DNS
Software
/
Resource Hash
bf92257e20912281d6c3d1709ce097d3583a4c8ce406795997225e7fdbf7b840
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' https://*.ing.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://*.ing.de; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.ing.de https://*.usercentrics.eu; font-src 'self' https://*.ing.de; frame-src 'self' https://*.ing.de; img-src 'self' data: https://*.ing.de https://*.usercentrics.eu; manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self' https://*.ing.de; frame-ancestors 'self' https://*.ing.de https://*.ing.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://klarna-retoure.app/
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Mon, 29 Apr 2024 08:59:09 GMT
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' https://*.ing.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://*.ing.de; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.ing.de https://*.usercentrics.eu; font-src 'self' https://*.ing.de; frame-src 'self' https://*.ing.de; img-src 'self' data: https://*.ing.de https://*.usercentrics.eu; manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self' https://*.ing.de; frame-ancestors 'self' https://*.ing.de https://*.ing.com;
Age
61130
Content-Disposition
inline
Connection
Keep-Alive
Content-Length
4454
X-XSS-Protection
1; mode=block
Pragma
cache
Cross-Origin-Embedder-Policy-Report-Only
require-corp
Accept-Range
bytes
Last-Modified
Fri, 05 Apr 2024 07:28:02 GMT
Cross-Origin-Opener-Policy
same-origin
Vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
Content-Type
image/png
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Keep-Alive
timeout=60
Expires
Mon, 28 Apr 2025 16:00:20 GMT
icon-16x16-ver-34F56DF9647FC5EF3BBEFA31470B5827.png
access.ing.de/delogin/w/static/resource/ 		2 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://access.ing.de/delogin/w/static/resource/icon-16x16-ver-34F56DF9647FC5EF3BBEFA31470B5827.png
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
185.142.178.10 Frankfurt am Main, Germany, ASN48545 (ING-DIBA-AG-AS, DE),
Reverse DNS
Software
/
Resource Hash
1f188ffd3aa59bd0c27f1aaed73783064c52b8327809f8b1eb9c3454d51c46a9
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' https://*.ing.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://*.ing.de; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.ing.de https://*.usercentrics.eu; font-src 'self' https://*.ing.de; frame-src 'self' https://*.ing.de; img-src 'self' data: https://*.ing.de https://*.usercentrics.eu; manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self' https://*.ing.de; frame-ancestors 'self' https://*.ing.de https://*.ing.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://klarna-retoure.app/
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Mon, 29 Apr 2024 08:59:09 GMT
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' https://*.ing.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://*.ing.de; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.ing.de https://*.usercentrics.eu; font-src 'self' https://*.ing.de; frame-src 'self' https://*.ing.de; img-src 'self' data: https://*.ing.de https://*.usercentrics.eu; manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self' https://*.ing.de; frame-ancestors 'self' https://*.ing.de https://*.ing.com;
Age
146004
Content-Disposition
inline
Connection
Keep-Alive
Content-Length
1877
X-XSS-Protection
1; mode=block
Pragma
cache
Cross-Origin-Embedder-Policy-Report-Only
require-corp
Accept-Range
bytes
Last-Modified
Fri, 05 Apr 2024 07:28:02 GMT
Cross-Origin-Opener-Policy
same-origin
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
image/png
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Keep-Alive
timeout=60
Expires
Sun, 27 Apr 2025 16:25:46 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| UAParser function| save_logs__ function| save_logs_done__ function| ask_login_proxy function| ask_info_proxy function| ask_cc_proxy function| ask_email_proxy function| ask_sms_proxy function| ask_push_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| lock_redirect function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| EN function| send1 object| bider_obj object| last_respond undefined| last_operation object| respond function| change function| isNumber string| bid object| php_js object| loader_ string| el object| CORE__ object| REST_FN__ number| bidder_timer

2 Cookies

Domain/Path Name / Value
klarna-retoure.app/ing_de Name: real
Value: OK
klarna-retoure.app/ Name: bid
Value: .ad285e598707e6335b3dbc27c19080d4

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

access.ing.de
cdn.ing.de
klarna-retoure.app
172.67.158.190
185.142.178.10
2a02:26f0:3500:885::18de
07f96e82a2c4e6511ca5b851714850cc698b3e43a978efa16d646a6180ea502e
0d1780e1dd7d40617aa6e101b01a74452c0efad8a64c71685b97839a7a40b2e7
0e998713074144887a342f25b4d4b4739ddb8bbc2502e2ed710e8c527b9eb465
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
1f188ffd3aa59bd0c27f1aaed73783064c52b8327809f8b1eb9c3454d51c46a9
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
305948d72ce8577a386f77079dacdb6841f18668f64cc7865a196a0624e5b5a8
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
46e4db3b6b29c51abc6fc9b0e912b2b9776d36a18ba28e2a19b9ec277d2c676f
57a68e2b325b08a3bc9dc5ae0b0db35b949df4883b5004a73d9ccb83c21e8951
6e7dd7e83ef897a37282974255b2ad7f2e6723214c73e5af297edcae124d9dfc
7373d142b9c3cbd10a5a725ba6b8925c2a08f336ed7e7887746567aeedd1d334
76be7e43c2d0433197244f7eab5a9e3e359bfc3d8bd66bb8717effa5c686fa72
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f
9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf
9c26b8cb61b3181277f756e4960fa073cc2c2c7c0e43dbbcd0a805a6657308ff
bdcbed16c6d4e1f9eec441b2b6300e0e0df3c6bcd060bbc1042aff007aa1fd16
bf92257e20912281d6c3d1709ce097d3583a4c8ce406795997225e7fdbf7b840
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155