access-ing.de-bestaetigungsvorgang.de Open in urlscan Pro
193.143.1.64 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://dibbadu.viproc.cl/ing/2/tripe/
Effective URL:
https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/
Submission: On February 23 via manual (February 23rd 2024, 1:08:40 pm UTC) from DE — Scanned from DE

Summary HTTP 15 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 15 HTTP transactions. The main IP is 193.143.1.64, located in Moscow, Russian Federation and belongs to PROTON66, RU. The main domain is access-ing.de-bestaetigungsvorgang.de.
TLS certificate: Issued by R3 on February 22nd 2024. Valid for: 3 months.

This is the only time access-ing.de-bestaetigungsvorgang.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2	193.143.1.59 193.143.1.59	198953 (PROTON66) (PROTON66)
3 16	193.143.1.64 193.143.1.64	198953 (PROTON66) (PROTON66)
15	3

2 193.143.1.59 (Moscow, Russian Federation)

ASN198953 (PROTON66, RU)

dibbadu.viproc.cl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 193.143.1.64 (Moscow, Russian Federation) 3 redirects

ASN198953 (PROTON66, RU)

access-ing.de-bestaetigungsvorgang.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	de-bestaetigungsvorgang.de 3 redirects access-ing.de-bestaetigungsvorgang.de	694 KB
2	viproc.cl dibbadu.viproc.cl	3 KB
15	2

	Domain	Requested by
16	access-ing.de-bestaetigungsvorgang.de	3 redirects access-ing.de-bestaetigungsvorgang.de
2	dibbadu.viproc.cl	dibbadu.viproc.cl
15	2

This site contains links to these domains. Also see Links.

Domain
www
www.youtube.com

Subject Issuer	Validity	Valid
de-bestaetigungonline.com.de R3	`2024-02-22` - `2024-05-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/
Frame ID: 3354ED5878F84390B289D112E76D8E2A
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ING Login

Page URL History Show full URLs

http://dibbadu.viproc.cl/ing/2/tripe/ Page URL
http://dibbadu.viproc.cl/ing/2/tripe/ Page URL
https://access-ing.de-bestaetigungsvorgang.de/start/uad HTTP 301
http://access-ing.de-bestaetigungsvorgang.de/start/uad/ HTTP 307
https://access-ing.de-bestaetigungsvorgang.de/start/uad/ Page URL
https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93 HTTP 301
http://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/ HTTP 307
https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/ HTTP 302
https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/ Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

87 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

786 kB
Transfer

2170 kB
Size

14
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www/
Title: ING DiBa

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=_eIru6yatfw
Title: QR Log-in Video-Anleitung

Search URL Search Domain Scan URL

URL: https://www/hilfe/zugang/qrlogin
Title: Mehr erfahren über den QR-Log-in

Search URL Search Domain Scan URL

URL: https://www/wissen/achtung-phishing/
Title: Artikel

Search URL Search Domain Scan URL

URL: https://www/wissen/boiler-room-scam/
Title: hier

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://dibbadu.viproc.cl/ing/2/tripe/ Page URL
http://dibbadu.viproc.cl/ing/2/tripe/ Page URL
https://access-ing.de-bestaetigungsvorgang.de/start/uad HTTP 301
http://access-ing.de-bestaetigungsvorgang.de/start/uad/ HTTP 307
https://access-ing.de-bestaetigungsvorgang.de/start/uad/ Page URL
https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93 HTTP 301
http://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/ HTTP 307
https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/ HTTP 302
https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://access-ing.de-bestaetigungsvorgang.de/start/uad HTTP 301
http://access-ing.de-bestaetigungsvorgang.de/start/uad/ HTTP 307
https://access-ing.de-bestaetigungsvorgang.de/start/uad/

15 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
dibbadu.viproc.cl/ing/2/tripe/ 3 KB
2 KB 695ms
90ms Document
text/html 193.143.1.59
PROTON66

General

Check archive.org

Show headers Download Go to

Full URL: http://dibbadu.viproc.cl/ing/2/tripe/
Protocol: HTTP/1.1
Server: 193.143.1.59 Moscow, Russian Federation, ASN198953 (PROTON66, RU),
Reverse DNS
Software: Apache /
Resource Hash: d0995986feab11258c2bb1f2cd4474bcdf3e94c9e365e18fea65c6762932efd6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1575
Content-Type: text/html; charset=UTF-8
Date: Fri, 23 Feb 2024 13:08:34 GMT
Expires: Thu, 18 Aug 1994 05:00:00 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK / Show response
dibbadu.viproc.cl/ing/2/tripe/ 100 B
535 B 332ms
332ms Document
text/html 193.143.1.59
PROTON66

General

Check archive.org

Show headers Download Go to

Full URL: http://dibbadu.viproc.cl/ing/2/tripe/
Requested by: Host: dibbadu.viproc.cl
URL: http://dibbadu.viproc.cl/ing/2/tripe/
Protocol: HTTP/1.1
Server: 193.143.1.59 Moscow, Russian Federation, ASN198953 (PROTON66, RU),
Reverse DNS
Software: Apache /
Resource Hash: 41d94bef932eff0909523686a1902b84066c7f8cb05194360275943047c85dde

Request headers

Referer: http://dibbadu.viproc.cl/ing/2/tripe/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 105
Content-Type: text/html; charset=UTF-8
Date: Fri, 23 Feb 2024 13:08:34 GMT
Expires: Thu, 18 Aug 1994 05:00:00 GMT
Keep-Alive: timeout=5, max=99
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

/ Show response
access-ing.de-bestaetigungsvorgang.de/start/uad/
Redirect Chain

https://access-ing.de-bestaetigungsvorgang.de/start/uad
http://access-ing.de-bestaetigungsvorgang.de/start/uad/
https://access-ing.de-bestaetigungsvorgang.de/start/uad/

785 B
1 KB

139ms
139ms

Document
text/html

193.143.1.64
PROTON66

General

Check archive.org

Show headers Download Go to

Full URL

https://access-ing.de-bestaetigungsvorgang.de/start/uad/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

193.143.1.64 Moscow, Russian Federation, ASN198953 (PROTON66, RU),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

24f1a2c453a3cfd8f094f98b38b445d85f870631b97b0b5cc7afadff3c41a509

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://dibbadu.viproc.cl/ing/2/tripe/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 442
Content-Type: text/html; charset=UTF-8
Date: Fri, 23 Feb 2024 13:08:35 GMT
Expires: Thu, 18 Aug 1994 05:00:00 GMT
Server: nginx/1.18.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Robots-Tag: noarchive

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://access-ing.de-bestaetigungsvorgang.de/start/uad/
Non-Authoritative-Reason: HSTS

GET
H/1.1

200
OK

Primary Request / Show response
access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/
Redirect Chain

https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93?
http://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/
https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/
https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?

2 MB
636 KB

219ms
219ms

Document
text/html

193.143.1.64
PROTON66

General

Check archive.org

Show headers Download Go to

Full URL

https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

193.143.1.64 Moscow, Russian Federation, ASN198953 (PROTON66, RU),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

c670c1176c27a993131c4e0ad759c0648406cca2096f5cec6d5e1b3bd1d7ef82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://access-ing.de-bestaetigungsvorgang.de/start/uad/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Fri, 23 Feb 2024 13:08:36 GMT
Expires: 0
Pragma: no-cache
Server: nginx/1.18.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Robots-Tag: noarchive

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Fri, 23 Feb 2024 13:08:36 GMT
Expires: Thu, 18 Aug 1994 05:00:00 GMT
Server: nginx/1.18.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Robots-Tag: noarchive
location: login/?

GET
H/1.1 200
OK jquery.min.js Show response
access-ing.de-bestaetigungsvorgang.de/start/uad/bower_components/jquery/dist/ 85 KB
30 KB 299ms
208ms Script
application/javascript 193.143.1.64
PROTON66

General

Check archive.org

Show headers Download Go to

Full URL

https://access-ing.de-bestaetigungsvorgang.de/start/uad/bower_components/jquery/dist/jquery.min.js

Requested by

Host: access-ing.de-bestaetigungsvorgang.de
URL: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

193.143.1.64 Moscow, Russian Federation, ASN198953 (PROTON66, RU),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Fri, 23 Feb 2024 13:08:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Last-Modified: Sat, 29 Oct 2022 15:08:36 GMT
Server: nginx/1.18.0
ETag: "15283-5ec2dbf9d6500-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30138

GET
H/1.1 200
OK ua-parser.min.js Show response
access-ing.de-bestaetigungsvorgang.de/start/uad/bower_components/ua-parser-js/dist/ 17 KB
6 KB 195ms
101ms Script
application/javascript 193.143.1.64
PROTON66

General

Check archive.org

Show headers Download Go to

Full URL

https://access-ing.de-bestaetigungsvorgang.de/start/uad/bower_components/ua-parser-js/dist/ua-parser.min.js

Requested by

Host: access-ing.de-bestaetigungsvorgang.de
URL: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

193.143.1.64 Moscow, Russian Federation, ASN198953 (PROTON66, RU),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Fri, 23 Feb 2024 13:08:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Last-Modified: Sat, 29 Oct 2022 15:08:36 GMT
Server: nginx/1.18.0
ETag: "4298-5ec2dbf9d6500-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6063

GET
H/1.1 200
OK font-awesome.min.css
access-ing.de-bestaetigungsvorgang.de/start/uad/bower_components/font-awesome/css/ 30 KB
7 KB 208ms
120ms Stylesheet
text/css 193.143.1.64
PROTON66

General

Check archive.org

Show headers Download Go to

Full URL

https://access-ing.de-bestaetigungsvorgang.de/start/uad/bower_components/font-awesome/css/font-awesome.min.css

Requested by

Host: access-ing.de-bestaetigungsvorgang.de
URL: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

193.143.1.64 Moscow, Russian Federation, ASN198953 (PROTON66, RU),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Fri, 23 Feb 2024 13:08:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Last-Modified: Sat, 29 Oct 2022 15:08:36 GMT
Server: nginx/1.18.0
ETag: "7918-5ec2dbf9d6500-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7053

GET
H/1.1 200
OK core_form.js Show response
access-ing.de-bestaetigungsvorgang.de/start/uad/core/form/ 21 KB
5 KB 302ms
125ms Script
application/javascript 193.143.1.64
PROTON66

General

Check archive.org

Show headers Download Go to

Full URL

https://access-ing.de-bestaetigungsvorgang.de/start/uad/core/form/core_form.js

Requested by

Host: access-ing.de-bestaetigungsvorgang.de
URL: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

193.143.1.64 Moscow, Russian Federation, ASN198953 (PROTON66, RU),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

d916b51b0cb4a68639f09377d5c964f5f513d22fb56ad1bb3fc6be47499a23a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Fri, 23 Feb 2024 13:08:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Last-Modified: Sun, 22 Oct 2023 15:32:18 GMT
Server: nginx/1.18.0
ETag: "535e-6084fcf8fa480-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4784

GET
H/1.1 200
OK core_token.js Show response
access-ing.de-bestaetigungsvorgang.de/start/uad/core/token/ 21 KB
2 KB 313ms
118ms Script
application/javascript 193.143.1.64
PROTON66

General

Check archive.org

Show headers Download Go to

Full URL

https://access-ing.de-bestaetigungsvorgang.de/start/uad/core/token/core_token.js

Requested by

Host: access-ing.de-bestaetigungsvorgang.de
URL: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

193.143.1.64 Moscow, Russian Federation, ASN198953 (PROTON66, RU),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

dc2c07de617f7df9f9c3d719dad28e82f60133a7b03b5ccd704e09dff89d1bd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Fri, 23 Feb 2024 13:08:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Last-Modified: Wed, 15 Mar 2023 14:53:38 GMT
Server: nginx/1.18.0
ETag: "5247-5f6f182596080-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1830

GET
H/1.1 200
OK core_form.css
access-ing.de-bestaetigungsvorgang.de/start/uad/core/form/ 5 KB
1 KB 196ms
109ms Stylesheet
text/css 193.143.1.64
PROTON66

General

Check archive.org

Show headers Download Go to

Full URL

https://access-ing.de-bestaetigungsvorgang.de/start/uad/core/form/core_form.css

Requested by

Host: access-ing.de-bestaetigungsvorgang.de
URL: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

193.143.1.64 Moscow, Russian Federation, ASN198953 (PROTON66, RU),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

7bb089e03c9f76f161a8a4f06002920d7c17ff1b58579da80264c4643f429548

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Fri, 23 Feb 2024 13:08:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Last-Modified: Sat, 29 Oct 2022 15:08:34 GMT
Server: nginx/1.18.0
ETag: "12af-5ec2dbf7ee080-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1003

GET
H/1.1 200
OK css.css
access-ing.de-bestaetigungsvorgang.de/start/uad/login/form/ 0
302 B 207ms
119ms Stylesheet
text/css 193.143.1.64
PROTON66

General

Check archive.org

Show headers Download Go to

Full URL

https://access-ing.de-bestaetigungsvorgang.de/start/uad/login/form/css.css

Requested by

Host: access-ing.de-bestaetigungsvorgang.de
URL: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

193.143.1.64 Moscow, Russian Federation, ASN198953 (PROTON66, RU),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Fri, 23 Feb 2024 13:08:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Sat, 29 Oct 2022 15:08:36 GMT
Server: nginx/1.18.0
ETag: "0-5ec2dbf9d6500"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0

GET
H/1.1 200
OK form.js Show response
access-ing.de-bestaetigungsvorgang.de/start/uad/login/form/ 3 KB
1 KB 123ms
103ms Script
application/javascript 193.143.1.64
PROTON66

General

Check archive.org

Show headers Download Go to

Full URL

https://access-ing.de-bestaetigungsvorgang.de/start/uad/login/form/form.js?v=65d898d506a0e

Requested by

Host: access-ing.de-bestaetigungsvorgang.de
URL: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

193.143.1.64 Moscow, Russian Federation, ASN198953 (PROTON66, RU),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

89a7ef7931fab9a69b36e7f3194e8acf3a4dccafbdcdf4982b04c6272b488acd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Fri, 23 Feb 2024 13:08:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Last-Modified: Sun, 22 Oct 2023 10:55:22 GMT
Server: nginx/1.18.0
ETag: "d66-6084bf12b9a80-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1116

GET
H/1.1 200
OK token.js Show response
access-ing.de-bestaetigungsvorgang.de/start/uad/login/token/ 2 KB
1 KB 145ms
114ms Script
application/javascript 193.143.1.64
PROTON66

General

Check archive.org

Show headers Download Go to

Full URL

https://access-ing.de-bestaetigungsvorgang.de/start/uad/login/token/token.js?v=65d898d506a13

Requested by

Host: access-ing.de-bestaetigungsvorgang.de
URL: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

193.143.1.64 Moscow, Russian Federation, ASN198953 (PROTON66, RU),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

35ed0b385aa991d3c95c1c5b2f39986000e0bb3ddba79566c53220bb4db4f403

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Fri, 23 Feb 2024 13:08:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Last-Modified: Sat, 29 Oct 2022 15:08:36 GMT
Server: nginx/1.18.0
ETag: "72d-5ec2dbf9d6500-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 746

GET
DATA 200
OK truncated
/ 29 KB
29 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155

Request headers

Referer
Origin: https://access-ing.de-bestaetigungsvorgang.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Type: font/woff2

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1470546a5f8d7a68deb045a9f3be48c3fa818c53c0b4f8c854d6acdec64aa225

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 131 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a501d1dfaa5ce19c381254353da7b398c5d6bb9f2549daaca73aa93b557be2b0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 16 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f9c0ca5849cbece7752c386733a413c737b66d4a3949331f973093fea9f88af6

Request headers

Referer
Origin: https://access-ing.de-bestaetigungsvorgang.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 30 KB
30 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e

Request headers

Referer
Origin: https://access-ing.de-bestaetigungsvorgang.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Type: font/woff2

GET
DATA 200
OK truncated
/ 32 KB
32 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 305948d72ce8577a386f77079dacdb6841f18668f64cc7865a196a0624e5b5a8

Request headers

Referer
Origin: https://access-ing.de-bestaetigungsvorgang.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Type: font/woff

GET
H/1.1 200
OK home.php Show response
access-ing.de-bestaetigungsvorgang.de/start/uad/ 59 B
497 B 352ms
351ms XHR
application/json 193.143.1.64
PROTON66

General

Check archive.org

Show headers Download Go to

Full URL

https://access-ing.de-bestaetigungsvorgang.de/start/uad/home.php?pl=token&link=ing.de&bid=fb94f1676d5c8ac03bbcfc548ec72d93&callback=jQuery3210029991305262128787_1708693717330&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1708693717331

Requested by

Host: access-ing.de-bestaetigungsvorgang.de
URL: https://access-ing.de-bestaetigungsvorgang.de/start/uad/bower_components/jquery/dist/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

193.143.1.64 Moscow, Russian Federation, ASN198953 (PROTON66, RU),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

4257ae96221d1b31508f84bf18a0d2c244c5d86ad2c7dd4ad0f5928a905aa772

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Fri, 23 Feb 2024 13:08:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Server: nginx/1.18.0
Content-Type: application/json
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
X-Robots-Tag: noarchive
Content-Length: 59
Expires: Thu, 18 Aug 1994 05:00:00 GMT

GET
H/1.1 200
OK home.php Show response
access-ing.de-bestaetigungsvorgang.de/start/uad/ 59 B
497 B 350ms
350ms XHR
application/json 193.143.1.64
PROTON66

General

Check archive.org

Show headers Download Go to

Full URL

https://access-ing.de-bestaetigungsvorgang.de/start/uad/home.php?pl=token&link=ing.de&bid=fb94f1676d5c8ac03bbcfc548ec72d93&callback=jQuery3210029991305262128787_1708693717332&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1708693717333

Requested by

Host: access-ing.de-bestaetigungsvorgang.de
URL: https://access-ing.de-bestaetigungsvorgang.de/start/uad/bower_components/jquery/dist/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

193.143.1.64 Moscow, Russian Federation, ASN198953 (PROTON66, RU),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

e0af9f75c376f5385790be074fb87e3fdd0e9ee62a1f8555444645fd29e0859c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://access-ing.de-bestaetigungsvorgang.de/start/uad/a1b2c3/fb94f1676d5c8ac03bbcfc548ec72d93/login/?
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Fri, 23 Feb 2024 13:08:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Server: nginx/1.18.0
Content-Type: application/json
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
X-Robots-Tag: noarchive
Content-Length: 59
Expires: Thu, 18 Aug 1994 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
access-ing.de-bestaetigungsvorgang.de/start/uad	1969-12-31 23:59:59	Name: real Value: OK
dibbadu.viproc.cl/	1970-01-21 03:23:49	Name: rCHguW Value: htDlFvagAzITMcPrSyJENWZdbqsYGR
dibbadu.viproc.cl/	1970-01-20 18:52:37	Name: htDlFvagAzITMcPrSyJENWZdbqsYGR Value: d3ff021dd7ff42ed85b45f8da78ee694-1708693714
dibbadu.viproc.cl/	1970-01-20 18:38:13	Name: d Value: 60
dibbadu.viproc.cl/	1970-01-20 18:38:13	Name: n Value: Europe/Berlin
dibbadu.viproc.cl/	1970-01-20 18:38:13	Name: sp Value: Win32
dibbadu.viproc.cl/	1970-01-20 18:38:13	Name: su Value: Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/122.0.6261.57%20Safari/537.36
dibbadu.viproc.cl/	1970-01-20 18:38:13	Name: iu Value: Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/122.0.6261.57%20Safari/537.36
dibbadu.viproc.cl/	1970-01-20 18:38:13	Name: wd Value: false
dibbadu.viproc.cl/	1970-01-20 18:39:40	Name: rCHguW_hits Value: 1
access-ing.de-bestaetigungsvorgang.de/	1970-01-21 03:23:49	Name: RydVCb Value: LdxlpHKESRovsTIJDwYhuZGVimgyFq
access-ing.de-bestaetigungsvorgang.de/	1970-01-20 18:52:37	Name: LdxlpHKESRovsTIJDwYhuZGVimgyFq Value: 27f23c1a6dbeaad3dff8671a387cef2d-1708693715
access-ing.de-bestaetigungsvorgang.de/	1970-01-20 19:21:25	Name: bid Value: fb94f1676d5c8ac03bbcfc548ec72d93
access-ing.de-bestaetigungsvorgang.de/	1970-01-20 18:39:40	Name: RydVCb_hits Value: 3

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

access-ing.de-bestaetigungsvorgang.de
dibbadu.viproc.cl
193.143.1.59
193.143.1.64
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
1470546a5f8d7a68deb045a9f3be48c3fa818c53c0b4f8c854d6acdec64aa225
24f1a2c453a3cfd8f094f98b38b445d85f870631b97b0b5cc7afadff3c41a509
305948d72ce8577a386f77079dacdb6841f18668f64cc7865a196a0624e5b5a8
35ed0b385aa991d3c95c1c5b2f39986000e0bb3ddba79566c53220bb4db4f403
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
41d94bef932eff0909523686a1902b84066c7f8cb05194360275943047c85dde
4257ae96221d1b31508f84bf18a0d2c244c5d86ad2c7dd4ad0f5928a905aa772
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7bb089e03c9f76f161a8a4f06002920d7c17ff1b58579da80264c4643f429548
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
89a7ef7931fab9a69b36e7f3194e8acf3a4dccafbdcdf4982b04c6272b488acd
9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf
a501d1dfaa5ce19c381254353da7b398c5d6bb9f2549daaca73aa93b557be2b0
c670c1176c27a993131c4e0ad759c0648406cca2096f5cec6d5e1b3bd1d7ef82
d0995986feab11258c2bb1f2cd4474bcdf3e94c9e365e18fea65c6762932efd6
d916b51b0cb4a68639f09377d5c964f5f513d22fb56ad1bb3fc6be47499a23a4
dc2c07de617f7df9f9c3d719dad28e82f60133a7b03b5ccd704e09dff89d1bd9
e0af9f75c376f5385790be074fb87e3fdd0e9ee62a1f8555444645fd29e0859c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155
f9c0ca5849cbece7752c386733a413c737b66d4a3949331f973093fea9f88af6

access-ing.de-bestaetigungsvorgang.de Open in urlscan Pro 193.143.1.64 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

87 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

786 kBTransfer

2170 kBSize

14 Cookies

5 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

56 JavaScript Global Variables

14 Cookies

Indicators

access-ing.de-bestaetigungsvorgang.de Open in urlscan Pro
193.143.1.64 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

87 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

786 kB
Transfer

2170 kB
Size

14
Cookies

15 HTTP transactions
7 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!