urlscan.io logo urlscan.io
SecurityTrails logo

www.ykkindia.com Open in urlscan Pro
13.127.163.248  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://www.ykkindia.com/images/ING_new/a644e/
Submission: On June 25 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 13.127.163.248, located in Seattle, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is www.ykkindia.com.
This is the only time www.ykkindia.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

IP Address AS Autonomous System
4 13.127.163.248 16509 (AMAZON-02)
4 1
Apex Domain
Subdomains		 Transfer
4 ykkindia.com
www.ykkindia.com
102 KB
4 1
Domain Requested by
4 www.ykkindia.com www.ykkindia.com
4 1

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://www.ykkindia.com/images/ING_new/a644e/
Frame ID: 120B2CFBD0A6E6BAA42EC2BE02001C6B
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

4
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

102 kB
Transfer

102 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.ykkindia.com/images/ING_new/a644e/ 		4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.ykkindia.com/images/ING_new/a644e/
Protocol
HTTP/1.1
Server
13.127.163.248 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-13-127-163-248.ap-south-1.compute.amazonaws.com
Software
Apache / PHP/5.4.45
Resource Hash
3d23608cc300429a53f735daa7b18250ce06675a748a0c819135c1e5a952b8a7
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Host
www.ykkindia.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
120B2CFBD0A6E6BAA42EC2BE02001C6B

Response headers

Date
Mon, 25 Jun 2018 08:20:45 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
X-Powered-By
PHP/5.4.45
Content-Length
4343
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
1.png
www.ykkindia.com/images/ING_new/a644e/img/ 		97 KB
97 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.ykkindia.com/images/ING_new/a644e/img/1.png
Requested by
Host: www.ykkindia.com
URL: http://www.ykkindia.com/images/ING_new/a644e/
Protocol
HTTP/1.1
Server
13.127.163.248 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-13-127-163-248.ap-south-1.compute.amazonaws.com
Software
Apache /
Resource Hash
e45710f2a5f0364155c056f6095c214a907d6476b5620481dfdd937ae8edc87d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.ykkindia.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.ykkindia.com/images/ING_new/a644e/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.ykkindia.com/images/ING_new/a644e/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 25 Jun 2018 08:20:45 GMT
Last-Modified
Mon, 25 Jun 2018 05:45:17 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
99334
index_Button1_bkgrnd.png
www.ykkindia.com/images/ING_new/a644e/images/ 		250 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.ykkindia.com/images/ING_new/a644e/images/index_Button1_bkgrnd.png
Requested by
Host: www.ykkindia.com
URL: http://www.ykkindia.com/images/ING_new/a644e/
Protocol
HTTP/1.1
Server
13.127.163.248 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-13-127-163-248.ap-south-1.compute.amazonaws.com
Software
Apache /
Resource Hash
4a0992ee97e271448d2f94b172e5399462e86c04ff11f4a6f5ade68fac1a1f06
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.ykkindia.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.ykkindia.com/images/ING_new/a644e/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.ykkindia.com/images/ING_new/a644e/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 25 Jun 2018 08:20:45 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
250
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1
index_Button1_bkgrnd.png
www.ykkindia.com/images/ING_new/a644e/img/ 		247 B
247 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.ykkindia.com/images/ING_new/a644e/img/index_Button1_bkgrnd.png
Requested by
Host: www.ykkindia.com
URL: http://www.ykkindia.com/images/ING_new/a644e/
Protocol
HTTP/1.1
Server
13.127.163.248 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-13-127-163-248.ap-south-1.compute.amazonaws.com
Software
Apache /
Resource Hash
6f4add59651e14064d4be004d6fc7093fe1b27460eae01f49313ed49a68060b9
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.ykkindia.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.ykkindia.com/images/ING_new/a644e/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.ykkindia.com/images/ING_new/a644e/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 25 Jun 2018 08:20:45 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
247
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| test

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN