access-ing.de.w-t-portal.ru Open in urlscan Pro
85.159.229.40 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://vlink.cf/oJrvn
Effective URL:
https://access-ing.de.w-t-portal.ru/session/new
Submission: On August 15 via manual (August 15th 2023, 11:07:38 am UTC) from DE — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 12 HTTP transactions. The main IP is 85.159.229.40, located in Dublin, Ireland and belongs to EUROTELECOM-AS, RU. The main domain is access-ing.de.w-t-portal.ru.
TLS certificate: Issued by R3 on August 15th 2023. Valid for: 3 months.

This is the only time access-ing.de.w-t-portal.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	136.243.156.120 136.243.156.120	24940 (HETZNER-AS) (HETZNER-AS)
1 1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	85.159.229.40 85.159.229.40	34804 (EUROTELEC...) (EUROTELECOM-AS)
12	2

1 136.243.156.120 (Sindelfingen, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: web1.ct8.pl

vlink.cf	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

riverdilay.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 85.159.229.40 (Dublin, Ireland)

ASN34804 (EUROTELECOM-AS, RU)
PTR: revovick.ip-ptr.tech

access-ing.de.w-t-portal.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	w-t-portal.ru access-ing.de.w-t-portal.ru	477 KB
1	riverdilay.site 1 redirects riverdilay.site	780 B
1	vlink.cf 1 redirects vlink.cf	308 B
12	3

	Domain	Requested by
12	access-ing.de.w-t-portal.ru	access-ing.de.w-t-portal.ru
1	riverdilay.site	1 redirects
1	vlink.cf	1 redirects
12	3

This site contains no links.

Subject Issuer	Validity	Valid
access-ing.de.w-t-portal.ru R3	`2023-08-15` - `2023-11-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://access-ing.de.w-t-portal.ru/session/new
Frame ID: 34A93C2E3F6526041E1214EBBBCFCF17
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ING Login

Page URL History Show full URLs

https://vlink.cf/oJrvn HTTP 301
https://riverdilay.site/S2h521 HTTP 302
https://access-ing.de.w-t-portal.ru/session/new Page URL

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

12
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

479 kB
Transfer

478 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://vlink.cf/oJrvn HTTP 301
https://riverdilay.site/S2h521 HTTP 302
https://access-ing.de.w-t-portal.ru/session/new Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request new Show response access-ing.de.w-t-portal.ru/session/ Redirect Chain https://vlink.cf/oJrvn https://riverdilay.site/S2h521 https://access-ing.de.w-t-portal.ru/session/new	3 KB 1 KB	350ms 139ms	Document text/html	85.159.229.40 EUROTELECOM-AS
General Check archive.org Show headers Download Go to Full URL https://access-ing.de.w-t-portal.ru/session/new Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 85.159.229.40 Dublin, Ireland, ASN34804 (EUROTELECOM-AS, RU), Reverse DNS revovick.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `776a6056a9d9787f192ea0e0a1ea0826cf0ef1f3eafd4e4081bf1bba4e8bc429` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html Date Tue, 15 Aug 2023 11:07:33 GMT ETag W/"63ecb22c-c89" Last-Modified Wed, 15 Feb 2023 10:21:32 GMT Server nginx/1.18.0 (Ubuntu) Transfer-Encoding chunked Redirect headers access-control-allow-origin * alt-svc h3=":443"; ma=86400 cache-control no-cache, no-store, must-revalidate cf-cache-status DYNAMIC cf-ray 7f70f97ad8876969-FRA content-type text/html; charset=UTF-8 date Tue, 15 Aug 2023 11:07:33 GMT expires 0 location https://access-ing.de.w-t-portal.ru/session/new nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qF4mDjHfq5L1daOpTVd1W7ajcm3gp01X9U9i%2Fd3lHYGM3A9iYsC7gyiUVfcqRPupWkkgk0QuTrEGBkQoJZ%2FE4X42oNJFiDpiK15PTmh72C274LhMu5rE%2F0wP%2BSL7prr%2BokZHej%2FO5f25V%2B6v69c%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H/1.1	200 OK	chunk-vendors.9b06da7f.js Show response access-ing.de.w-t-portal.ru/js/	182 KB 182 KB	231ms 221ms	Script application/javascript	85.159.229.40 EUROTELECOM-AS
General Check archive.org Show headers Download Go to Full URL https://access-ing.de.w-t-portal.ru/js/chunk-vendors.9b06da7f.js Requested by Host: access-ing.de.w-t-portal.ru URL: https://access-ing.de.w-t-portal.ru/session/new Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 85.159.229.40 Dublin, Ireland, ASN34804 (EUROTELECOM-AS, RU), Reverse DNS revovick.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `d4b539789944dc2336685bf1e8a0b98a906cc2b122c15a2179f878365d33e5c6` Request headers accept-language de-DE,de;q=0.9 Referer https://access-ing.de.w-t-portal.ru/session/new User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers Date Tue, 15 Aug 2023 11:07:33 GMT Last-Modified Wed, 15 Feb 2023 10:21:32 GMT Server nginx/1.18.0 (Ubuntu) ETag "63ecb22c-2d645" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 185925
GET H/1.1	200 OK	app.b27cd0e8.js Show response access-ing.de.w-t-portal.ru/js/	65 KB 65 KB	510ms 187ms	Script application/javascript	85.159.229.40 EUROTELECOM-AS
General Check archive.org Show headers Download Go to Full URL https://access-ing.de.w-t-portal.ru/js/app.b27cd0e8.js Requested by Host: access-ing.de.w-t-portal.ru URL: https://access-ing.de.w-t-portal.ru/session/new Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 85.159.229.40 Dublin, Ireland, ASN34804 (EUROTELECOM-AS, RU), Reverse DNS revovick.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `b7ca859d256835916fdef4c1dd7fa5dc040127441818fc2897d86cf2ef869ebc` Request headers accept-language de-DE,de;q=0.9 Referer https://access-ing.de.w-t-portal.ru/session/new User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers Date Tue, 15 Aug 2023 11:07:33 GMT Last-Modified Wed, 15 Feb 2023 10:21:32 GMT Server nginx/1.18.0 (Ubuntu) ETag "63ecb22c-1037f" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 66431
GET H/1.1	200 OK	app.1944db2e.css access-ing.de.w-t-portal.ru/css/	74 KB 74 KB	320ms 232ms	Stylesheet text/css	85.159.229.40 EUROTELECOM-AS
General Check archive.org Show headers Download Go to Full URL https://access-ing.de.w-t-portal.ru/css/app.1944db2e.css Requested by Host: access-ing.de.w-t-portal.ru URL: https://access-ing.de.w-t-portal.ru/session/new Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 85.159.229.40 Dublin, Ireland, ASN34804 (EUROTELECOM-AS, RU), Reverse DNS revovick.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `6132294688bf744c77723ffe0b0649e044ca38bed2651750e13d7ece55e02f71` Request headers accept-language de-DE,de;q=0.9 Referer https://access-ing.de.w-t-portal.ru/session/new User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers Date Tue, 15 Aug 2023 11:07:33 GMT Last-Modified Wed, 15 Feb 2023 10:21:32 GMT Server nginx/1.18.0 (Ubuntu) ETag "63ecb22c-1289b" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 75931
GET H/1.1	200 OK	INGMeWeb-Regular.a71cf962.woff2 access-ing.de.w-t-portal.ru/fonts/	29 KB 29 KB	184ms 184ms	Font application/octet-stream	85.159.229.40 EUROTELECOM-AS
General Check archive.org Show headers Download Go to Full URL https://access-ing.de.w-t-portal.ru/fonts/INGMeWeb-Regular.a71cf962.woff2 Requested by Host: access-ing.de.w-t-portal.ru URL: https://access-ing.de.w-t-portal.ru/css/app.1944db2e.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 85.159.229.40 Dublin, Ireland, ASN34804 (EUROTELECOM-AS, RU), Reverse DNS revovick.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155` Request headers Referer https://access-ing.de.w-t-portal.ru/css/app.1944db2e.css Origin https://access-ing.de.w-t-portal.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers Date Tue, 15 Aug 2023 11:07:33 GMT Last-Modified Wed, 15 Feb 2023 10:21:32 GMT Server nginx/1.18.0 (Ubuntu) ETag "63ecb22c-73b0" Content-Type application/octet-stream Connection keep-alive Accept-Ranges bytes Content-Length 29616
GET H/1.1	200 OK	runtime-configuration.json Show response access-ing.de.w-t-portal.ru/	134 B 387 B	138ms 138ms	Fetch application/json	85.159.229.40 EUROTELECOM-AS
General Check archive.org Show headers Download Go to Full URL https://access-ing.de.w-t-portal.ru/runtime-configuration.json Requested by Host: access-ing.de.w-t-portal.ru URL: https://access-ing.de.w-t-portal.ru/js/app.b27cd0e8.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 85.159.229.40 Dublin, Ireland, ASN34804 (EUROTELECOM-AS, RU), Reverse DNS revovick.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `d8b178288d3c33a17edcab5efe92f6af357afde9ee195004e5ac7619820f8c43` Request headers accept-language de-DE,de;q=0.9 Referer https://access-ing.de.w-t-portal.ru/session/new User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers Date Tue, 15 Aug 2023 11:07:34 GMT Last-Modified Wed, 14 Jun 2023 14:21:23 GMT Server nginx/1.18.0 (Ubuntu) ETag "6489cce3-86" Content-Type application/json Connection keep-alive Accept-Ranges bytes Content-Length 134
GET H/1.1	200 OK	runtime-configuration.json Show response access-ing.de.w-t-portal.ru/	134 B 387 B	140ms 140ms	Fetch application/json	85.159.229.40 EUROTELECOM-AS
General Check archive.org Show headers Download Go to Full URL https://access-ing.de.w-t-portal.ru/runtime-configuration.json Requested by Host: access-ing.de.w-t-portal.ru URL: https://access-ing.de.w-t-portal.ru/js/app.b27cd0e8.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 85.159.229.40 Dublin, Ireland, ASN34804 (EUROTELECOM-AS, RU), Reverse DNS revovick.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `d8b178288d3c33a17edcab5efe92f6af357afde9ee195004e5ac7619820f8c43` Request headers accept-language de-DE,de;q=0.9 Referer https://access-ing.de.w-t-portal.ru/session/new User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers Date Tue, 15 Aug 2023 11:07:34 GMT Last-Modified Wed, 14 Jun 2023 14:21:23 GMT Server nginx/1.18.0 (Ubuntu) ETag "6489cce3-86" Content-Type application/json Connection keep-alive Accept-Ranges bytes Content-Length 134
GET H/1.1	200 OK	ING_Deutschland_NoClaim.c2119de1.svg access-ing.de.w-t-portal.ru/img/	16 KB 16 KB	228ms 227ms	Image image/svg+xml	85.159.229.40 EUROTELECOM-AS
General Check archive.org Show headers Download Go to Show image Full URL https://access-ing.de.w-t-portal.ru/img/ING_Deutschland_NoClaim.c2119de1.svg Requested by Host: access-ing.de.w-t-portal.ru URL: https://access-ing.de.w-t-portal.ru/css/app.1944db2e.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 85.159.229.40 Dublin, Ireland, ASN34804 (EUROTELECOM-AS, RU), Reverse DNS revovick.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf` Request headers accept-language de-DE,de;q=0.9 Referer https://access-ing.de.w-t-portal.ru/css/app.1944db2e.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers Date Tue, 15 Aug 2023 11:07:34 GMT Last-Modified Wed, 15 Feb 2023 10:21:32 GMT Server nginx/1.18.0 (Ubuntu) ETag "63ecb22c-3f1d" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 16157
GET H/1.1	200 OK	INGMeWeb-Bold.7b2bc5c6.woff2 access-ing.de.w-t-portal.ru/fonts/	30 KB 30 KB	320ms 237ms	Font application/octet-stream	85.159.229.40 EUROTELECOM-AS
General Check archive.org Show headers Download Go to Full URL https://access-ing.de.w-t-portal.ru/fonts/INGMeWeb-Bold.7b2bc5c6.woff2 Requested by Host: access-ing.de.w-t-portal.ru URL: https://access-ing.de.w-t-portal.ru/css/app.1944db2e.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 85.159.229.40 Dublin, Ireland, ASN34804 (EUROTELECOM-AS, RU), Reverse DNS revovick.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e` Request headers Referer https://access-ing.de.w-t-portal.ru/css/app.1944db2e.css Origin https://access-ing.de.w-t-portal.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers Date Tue, 15 Aug 2023 11:07:34 GMT Last-Modified Wed, 15 Feb 2023 10:21:32 GMT Server nginx/1.18.0 (Ubuntu) ETag "63ecb22c-76f8" Content-Type application/octet-stream Connection keep-alive Accept-Ranges bytes Content-Length 30456
GET H/1.1	200 OK	icons.0c487ce8.woff access-ing.de.w-t-portal.ru/fonts/	32 KB 32 KB	322ms 237ms	Font application/font-woff	85.159.229.40 EUROTELECOM-AS
General Check archive.org Show headers Download Go to Full URL https://access-ing.de.w-t-portal.ru/fonts/icons.0c487ce8.woff Requested by Host: access-ing.de.w-t-portal.ru URL: https://access-ing.de.w-t-portal.ru/css/app.1944db2e.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 85.159.229.40 Dublin, Ireland, ASN34804 (EUROTELECOM-AS, RU), Reverse DNS revovick.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `305948d72ce8577a386f77079dacdb6841f18668f64cc7865a196a0624e5b5a8` Request headers Referer https://access-ing.de.w-t-portal.ru/css/app.1944db2e.css Origin https://access-ing.de.w-t-portal.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers Date Tue, 15 Aug 2023 11:07:34 GMT Last-Modified Wed, 15 Feb 2023 10:21:32 GMT Server nginx/1.18.0 (Ubuntu) ETag "63ecb22c-7e28" Content-Type application/font-woff Connection keep-alive Accept-Ranges bytes Content-Length 32296
GET H/1.1	200 OK	qrl-ver-F28B541D99A1764E2AA842CB219CB826.aadf3bc7.svg access-ing.de.w-t-portal.ru/img/	2 KB 2 KB	256ms 138ms	Image image/svg+xml	85.159.229.40 EUROTELECOM-AS
General Check archive.org Show headers Download Go to Show image Full URL https://access-ing.de.w-t-portal.ru/img/qrl-ver-F28B541D99A1764E2AA842CB219CB826.aadf3bc7.svg Requested by Host: access-ing.de.w-t-portal.ru URL: https://access-ing.de.w-t-portal.ru/session/fb0353a2-97ed-41a4-9270-f70a0dc8e9ba/login Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 85.159.229.40 Dublin, Ireland, ASN34804 (EUROTELECOM-AS, RU), Reverse DNS revovick.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `1470546a5f8d7a68deb045a9f3be48c3fa818c53c0b4f8c854d6acdec64aa225` Request headers accept-language de-DE,de;q=0.9 Referer https://access-ing.de.w-t-portal.ru/session/fb0353a2-97ed-41a4-9270-f70a0dc8e9ba/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers Date Tue, 15 Aug 2023 11:07:34 GMT Last-Modified Wed, 15 Feb 2023 10:21:32 GMT Server nginx/1.18.0 (Ubuntu) ETag "63ecb22c-7b5" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 1973
GET H/1.1	200 OK	qrlhint-ver-916FDE8A4CA8095FC339D6829D7D6723.c2c2acf9.png access-ing.de.w-t-portal.ru/img/	44 KB 44 KB	349ms 269ms	Image image/png	85.159.229.40 EUROTELECOM-AS
General Check archive.org Show headers Download Go to Show image Full URL https://access-ing.de.w-t-portal.ru/img/qrlhint-ver-916FDE8A4CA8095FC339D6829D7D6723.c2c2acf9.png Requested by Host: access-ing.de.w-t-portal.ru URL: https://access-ing.de.w-t-portal.ru/session/fb0353a2-97ed-41a4-9270-f70a0dc8e9ba/login Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 85.159.229.40 Dublin, Ireland, ASN34804 (EUROTELECOM-AS, RU), Reverse DNS revovick.ip-ptr.tech Software nginx/1.18.0 (Ubuntu) / Resource Hash `fb6ebe23316c03fd8d25e871bfdd9c41eb77e14115f5a01e3e0d97b94617779e` Request headers accept-language de-DE,de;q=0.9 Referer https://access-ing.de.w-t-portal.ru/session/fb0353a2-97ed-41a4-9270-f70a0dc8e9ba/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers Date Tue, 15 Aug 2023 11:07:34 GMT Last-Modified Wed, 15 Feb 2023 10:21:32 GMT Server nginx/1.18.0 (Ubuntu) ETag "63ecb22c-af26" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 44838
GET DATA	200 OK	truncated /	3 KB 3 KB		Font font/woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `624cd418134a6e7984036e5229a885038c94c67918827d5fd2a1fe999dbe97d1` Request headers Referer Origin https://access-ing.de.w-t-portal.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers Content-Type font/woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunkfrontend_new boolean| __VUE__

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
vlink.cf/	1969-12-31 23:59:59	Name: PHPSESSID Value: 79ae3f4df7177a9a81134b6857d14860
vlink.cf/	1970-01-20 14:01:38	Name: short_280 Value: 1
riverdilay.site/	1970-01-20 14:46:16	Name: _subid Value: 1b41mfr156
riverdilay.site/	1970-01-20 23:37:37	Name: edf65 Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjdcIjoxNjkyMDk3NjUzfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNjkyMDk3NjUzfSxcInRpbWVcIjoxNjkyMDk3NjUzfSJ9.S64CYjdBRmnSfQVz5cBNC6_-zmRi5nlDWWity-qocNM

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

access-ing.de.w-t-portal.ru
riverdilay.site
vlink.cf
136.243.156.120
2a06:98c1:3121::3
85.159.229.40
1470546a5f8d7a68deb045a9f3be48c3fa818c53c0b4f8c854d6acdec64aa225
305948d72ce8577a386f77079dacdb6841f18668f64cc7865a196a0624e5b5a8
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
6132294688bf744c77723ffe0b0649e044ca38bed2651750e13d7ece55e02f71
624cd418134a6e7984036e5229a885038c94c67918827d5fd2a1fe999dbe97d1
776a6056a9d9787f192ea0e0a1ea0826cf0ef1f3eafd4e4081bf1bba4e8bc429
9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf
b7ca859d256835916fdef4c1dd7fa5dc040127441818fc2897d86cf2ef869ebc
d4b539789944dc2336685bf1e8a0b98a906cc2b122c15a2179f878365d33e5c6
d8b178288d3c33a17edcab5efe92f6af357afde9ee195004e5ac7619820f8c43
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155
fb6ebe23316c03fd8d25e871bfdd9c41eb77e14115f5a01e3e0d97b94617779e

access-ing.de.w-t-portal.ru Open in urlscan Pro 85.159.229.40 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

479 kBTransfer

478 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

4 Cookies

Indicators

access-ing.de.w-t-portal.ru Open in urlscan Pro
85.159.229.40 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

479 kB
Transfer

478 kB
Size

4
Cookies

12 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!