urlscan.io logo urlscan.io
SecurityTrails logo

bw.coolwind.cc Open in urlscan Pro
192.18.137.142  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/YA1dbypspw
Effective URL: https://bw.coolwind.cc/Ing_es/
Submission: On October 07 via api from PL — Scanned from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 7 domains to perform 19 HTTP transactions. The main IP is 192.18.137.142, located in San Jose, United States and belongs to ORACLE-BMC-31898, US. The main domain is bw.coolwind.cc.
TLS certificate: Issued by R11 on October 2nd 2024. Valid for: 3 months.
This is the only time bw.coolwind.cc was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

IP Address AS Autonomous System
1 172.66.0.227 13335 (CLOUDFLAR...)
12 192.18.137.142 31898 (ORACLE-BM...)
1 2a04:4e42:200... 54113 (FASTLY)
1 104.18.10.207 13335 (CLOUDFLAR...)
2 165.22.209.237 14061 (DIGITALOC...)
1 2a00:1450:400... 15169 (GOOGLE)
1 142.250.185.131 15169 (GOOGLE)
19 7
1    172.66.0.227 (United States)

ASN13335 (CLOUDFLARENET, US)
t.co
12    192.18.137.142 (San Jose, United States)

ASN31898 (ORACLE-BMC-31898, US)
bw.coolwind.cc
1    2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
2    165.22.209.237 (Bengaluru, India)

ASN14061 (DIGITALOCEAN-ASN, US)
plugins.doubleclicks.biz
1    2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    142.250.185.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f3.1e100.net
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
12 coolwind.cc
bw.coolwind.cc
154 KB
2 doubleclicks.biz
plugins.doubleclicks.biz
5 KB
1 gstatic.com
fonts.gstatic.com
41 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
36 KB
1 bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3270
8 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 311
9 KB
1 t.co
t.co — Cisco Umbrella Rank: 859
799 B
19 7
Domain Requested by
12 bw.coolwind.cc t.co
bw.coolwind.cc
2 plugins.doubleclicks.biz bw.coolwind.cc
plugins.doubleclicks.biz
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com bw.coolwind.cc
1 stackpath.bootstrapcdn.com bw.coolwind.cc
1 cdn.jsdelivr.net bw.coolwind.cc
1 t.co
19 7

This site contains no links.

Subject Issuer Validity Valid
t.co
E5		 2024-09-28 -
2024-12-27		 3 months crt.sh
bw.coolwind.cc
R11		 2024-10-02 -
2024-12-31		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-07-30 -
2025-08-31		 a year crt.sh
bootstrapcdn.com
WE1		 2024-09-20 -
2024-12-19		 3 months crt.sh
*.doubleclicks.biz
R11		 2024-09-04 -
2024-12-03		 3 months crt.sh
upload.video.google.com
WR2		 2024-09-16 -
2024-12-09		 3 months crt.sh
*.gstatic.com
WR2		 2024-09-16 -
2024-12-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://bw.coolwind.cc/Ing_es/
Frame ID: DF30EB00FDF10F6CF3BA31192C2E0F63
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Acceso clientes, ING

Page URL History Show full URLs

  1. https://t.co/YA1dbypspw Page URL
  2. https://bw.coolwind.cc/Ing_es/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Overall confidence: 100%
Detected patterns
  • <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

19
Requests

100 %
HTTPS

29 %
IPv6

7
Domains

7
Subdomains

7
IPs

4
Countries

254 kB
Transfer

772 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/YA1dbypspw Page URL
  2. https://bw.coolwind.cc/Ing_es/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
YA1dbypspw
t.co/ 		246 B
799 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/YA1dbypspw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare tsa_f /
Resource Hash
f66059a1f91fb93bdf433553f2d0fff51fc93b8988d9f209e69a8c86114d002c
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

cache-control
private,max-age=300
cf-cache-status
DYNAMIC
cf-ray
8ceeb2147cad665f-MAD
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 07 Oct 2024 14:49:03 GMT
expires
Mon, 07 Oct 2024 14:54:03 GMT
perf
7402827104
server
cloudflare tsa_f
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
99d70a897f447754dd77319db383edb1360455caac762bd4eaf261fc3cf4ebe2
x-response-time
127
x-transaction-id
aca469809a03616c
x-xss-protection
0
Primary Request /
bw.coolwind.cc/Ing_es/ 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bw.coolwind.cc/Ing_es/
Requested by
Host: t.co
URL: https://t.co/YA1dbypspw
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.18.137.142 San Jose, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
b6867c6fb74f698c2223b6c7b337009cc7bab9d122b4afa02a061271ef09032c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://t.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 07 Oct 2024 14:49:04 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding
bootstrap-icons.css
cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ 		64 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/bootstrap-icons.css
Requested by
Host: bw.coolwind.cc
URL: https://bw.coolwind.cc/Ing_es/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3c325075337b768950583012228055ae392e384688d77ec5235e6ca88dcec6ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://bw.coolwind.cc/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"100a0-GGXd3Lt7Z9zvQlDlkMyalXSrpnM"
age
2558308
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Mon, 07 Oct 2024 14:49:05 GMT
content-type
text/css; charset=utf-8
x-served-by
cache-fra-eddf8230101-FRA, cache-mad22046-MAD
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
8770
x-jsd-version
1.5.0
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: bw.coolwind.cc
URL: https://bw.coolwind.cc/Ing_es/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://bw.coolwind.cc/

Response headers

cdn-status
200
content-encoding
gzip
cf-cache-status
HIT
etag
W/"269550530cc127b6aa5a35925a7de6ce"
age
5171834
x-content-type-options
nosniff
date
Mon, 07 Oct 2024 14:49:05 GMT
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cdn-cache
HIT
cdn-cachedat
11/18/2022 06:18:29
cdn-requestpullcode
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
timing-allow-origin
*
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
b3a57c6aca414a3b87fe0638b631146d
cross-origin-resource-policy
cross-origin
cdn-pullzone
252412
cdn-proxyver
1.03
cf-ray
8ceeb21edfc6216c-MAD
access-control-allow-origin
*
cdn-edgestorageid
722
server
cloudflare
cdn-requestcountrycode
DE
bootstrap.css
bw.coolwind.cc/Ing_es/css/ 		188 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bw.coolwind.cc/Ing_es/css/bootstrap.css
Requested by
Host: bw.coolwind.cc
URL: https://bw.coolwind.cc/Ing_es/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.18.137.142 San Jose, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
0c159070e198b7ed2a9162d6c9751f5914ff62803914d8512d60b1f5ffde4334
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://bw.coolwind.cc/Ing_es/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=43200
content-encoding
gzip
etag
W/"6703bd1d-2f1f7"
expires
Tue, 08 Oct 2024 02:49:05 GMT
date
Mon, 07 Oct 2024 14:49:05 GMT
content-type
text/css
last-modified
Mon, 07 Oct 2024 10:51:09 GMT
server
nginx
vary
Accept-Encoding
styles.css
bw.coolwind.cc/Ing_es/css/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bw.coolwind.cc/Ing_es/css/styles.css
Requested by
Host: bw.coolwind.cc
URL: https://bw.coolwind.cc/Ing_es/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.18.137.142 San Jose, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
8e2493d37d38efce746558e21f52e02918f16c68839a43011bc732d4ad8cca0c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://bw.coolwind.cc/Ing_es/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=43200
content-encoding
gzip
etag
W/"6703bd1d-1fb4"
expires
Tue, 08 Oct 2024 02:49:05 GMT
date
Mon, 07 Oct 2024 14:49:05 GMT
content-type
text/css
last-modified
Mon, 07 Oct 2024 10:51:09 GMT
server
nginx
vary
Accept-Encoding
animate.css
bw.coolwind.cc/Ing_es/css/ 		56 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bw.coolwind.cc/Ing_es/css/animate.css
Requested by
Host: bw.coolwind.cc
URL: https://bw.coolwind.cc/Ing_es/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.18.137.142 San Jose, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
59a1460df6cb458204ec993345ff4964fa7e1a77da4ab7137e50fce8434c1d6a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://bw.coolwind.cc/Ing_es/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=43200
content-encoding
gzip
etag
W/"6703bd1d-df07"
expires
Tue, 08 Oct 2024 02:49:05 GMT
date
Mon, 07 Oct 2024 14:49:05 GMT
content-type
text/css
last-modified
Mon, 07 Oct 2024 10:51:09 GMT
server
nginx
vary
Accept-Encoding
ing_es.svg
bw.coolwind.cc/Ing_es/image/ 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bw.coolwind.cc/Ing_es/image/ing_es.svg
Requested by
Host: bw.coolwind.cc
URL: https://bw.coolwind.cc/Ing_es/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.18.137.142 San Jose, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
1a77d762d62e1948dd5c2346672422e68cea346657fe350c42a30705721100cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://bw.coolwind.cc/Ing_es/

Response headers

strict-transport-security
max-age=31536000
etag
"6703bd1d-9595"
accept-ranges
bytes
content-length
38293
date
Mon, 07 Oct 2024 14:49:05 GMT
content-type
image/svg+xml
last-modified
Mon, 07 Oct 2024 10:51:09 GMT
server
nginx
num.png
bw.coolwind.cc/Ing_es/image/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bw.coolwind.cc/Ing_es/image/num.png
Requested by
Host: bw.coolwind.cc
URL: https://bw.coolwind.cc/Ing_es/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.18.137.142 San Jose, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
401266201a6c752e8fba16811786e87b1afa1927fc9cff873cb3e1eb0e44de02
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://bw.coolwind.cc/Ing_es/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=2592000
etag
"6703bd1d-7ff"
expires
Wed, 06 Nov 2024 14:49:05 GMT
accept-ranges
bytes
content-length
2047
date
Mon, 07 Oct 2024 14:49:05 GMT
content-type
image/png
last-modified
Mon, 07 Oct 2024 10:51:09 GMT
server
nginx
arrow.png
bw.coolwind.cc/Ing_es/image/ 		387 B
593 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bw.coolwind.cc/Ing_es/image/arrow.png
Requested by
Host: bw.coolwind.cc
URL: https://bw.coolwind.cc/Ing_es/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.18.137.142 San Jose, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
39665b0dc250d0c7354078843e04e2c37d32f9a92eec8d4dd3b723a76f1938fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://bw.coolwind.cc/Ing_es/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=2592000
etag
"6703bd1d-183"
expires
Wed, 06 Nov 2024 14:49:05 GMT
accept-ranges
bytes
content-length
387
date
Mon, 07 Oct 2024 14:49:05 GMT
content-type
image/png
last-modified
Mon, 07 Oct 2024 10:51:09 GMT
server
nginx
jquery-3.5.1.min.js
bw.coolwind.cc/Ing_es/js/ 		87 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bw.coolwind.cc/Ing_es/js/jquery-3.5.1.min.js
Requested by
Host: bw.coolwind.cc
URL: https://bw.coolwind.cc/Ing_es/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.18.137.142 San Jose, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://bw.coolwind.cc/Ing_es/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=43200
content-encoding
gzip
etag
W/"6703bd1d-15d84"
expires
Tue, 08 Oct 2024 02:49:05 GMT
date
Mon, 07 Oct 2024 14:49:05 GMT
content-type
application/javascript
last-modified
Mon, 07 Oct 2024 10:51:09 GMT
server
nginx
vary
Accept-Encoding
jquery.mask.js
bw.coolwind.cc/Ing_es/js/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bw.coolwind.cc/Ing_es/js/jquery.mask.js
Requested by
Host: bw.coolwind.cc
URL: https://bw.coolwind.cc/Ing_es/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.18.137.142 San Jose, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://bw.coolwind.cc/Ing_es/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=43200
content-encoding
gzip
etag
W/"6703bd1d-5a88"
expires
Tue, 08 Oct 2024 02:49:05 GMT
date
Mon, 07 Oct 2024 14:49:05 GMT
content-type
application/javascript
last-modified
Mon, 07 Oct 2024 10:51:09 GMT
server
nginx
vary
Accept-Encoding
linkid.js
plugins.doubleclicks.biz/plugins/ua/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://plugins.doubleclicks.biz/plugins/ua/linkid.js
Requested by
Host: bw.coolwind.cc
URL: https://bw.coolwind.cc/Ing_es/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
165.22.209.237 Bengaluru, India, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx / Express
Resource Hash
35c153471303b51141565440f23f9b410836b4129cd196b71b06c6205d4136cd

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer
https://bw.coolwind.cc/

Response headers

cache-control
no-store, no-cache
etag
W/"1097-/rhbvsQrplnZn07Reo51BhtnH1E"
access-control-allow-origin
*
content-length
4247
date
Mon, 07 Oct 2024 14:49:05 GMT
content-type
application/javascript; charset=utf-8
x-powered-by
Express
server
nginx
gstats
plugins.doubleclicks.biz/f/ 		2 B
190 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://plugins.doubleclicks.biz/f/gstats
Requested by
Host: plugins.doubleclicks.biz
URL: https://plugins.doubleclicks.biz/plugins/ua/linkid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
165.22.209.237 Bengaluru, India, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx / Express
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-type
application/x-www-form-urlencoded
Referer
https://bw.coolwind.cc/

Response headers

cache-control
no-store, no-cache
etag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
access-control-allow-origin
*
content-length
2
date
Mon, 07 Oct 2024 14:49:06 GMT
content-type
application/json; charset=utf-8
x-powered-by
Express
server
nginx
css2
fonts.googleapis.com/ 		189 KB
36 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Cabin:ital,wght@0,400..700;1,400..700&family=Inter:wght@100..900&family=Montserrat:ital,wght@0,100..900;1,100..900&family=Mukta:wght@200;300;400;500;600;700;800&family=Noto+Sans+TC:wght@100..900&family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&family=Reddit+Sans:ital,wght@0,200..900;1,200..900&family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&family=Rubik:ital,wght@0,300..900;1,300..900&family=Wix+Madefor+Text:ital,wght@0,400..800;1,400..800&display=swap
Requested by
Host: bw.coolwind.cc
URL: https://bw.coolwind.cc/Ing_es/css/styles.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a759188e2998fdc80cab14263cb2360853816311bf6ff2dd3cd67a1d4e749ca4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://bw.coolwind.cc/

Response headers

strict-transport-security
max-age=31536000
cache-control
private, max-age=86400
timing-allow-origin
*
content-encoding
gzip
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Mon, 07 Oct 2024 14:49:05 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 07 Oct 2024 14:49:05 GMT
x-xss-protection
0
content-type
text/css; charset=utf-8
server
ESF
x-frame-options
SAMEORIGIN
back.svg
bw.coolwind.cc/Ing_es/image/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bw.coolwind.cc/Ing_es/image/back.svg
Requested by
Host: bw.coolwind.cc
URL: https://bw.coolwind.cc/Ing_es/css/styles.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.18.137.142 San Jose, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
6b3c4d3e255d73ca9e57959f5860c8357dbfad51249a6ee5a969c0d75f38f462
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://bw.coolwind.cc/Ing_es/css/styles.css

Response headers

strict-transport-security
max-age=31536000
etag
"6703bd1d-6c45"
accept-ranges
bytes
content-length
27717
date
Mon, 07 Oct 2024 14:49:06 GMT
content-type
image/svg+xml
last-modified
Mon, 07 Oct 2024 10:51:09 GMT
server
nginx
EYq3maFOxq1T_-ETdN7EKQNre5a92XNF.woff2
fonts.gstatic.com/s/redditsans/v4/ 		41 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/redditsans/v4/EYq3maFOxq1T_-ETdN7EKQNre5a92XNF.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Cabin:ital,wght@0,400..700;1,400..700&family=Inter:wght@100..900&family=Montserrat:ital,wght@0,100..900;1,100..900&family=Mukta:wght@200;300;400;500;600;700;800&family=Noto+Sans+TC:wght@100..900&family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&family=Reddit+Sans:ital,wght@0,200..900;1,200..900&family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&family=Rubik:ital,wght@0,300..900;1,300..900&family=Wix+Madefor+Text:ital,wght@0,400..800;1,400..800&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f3.1e100.net
Software
sffe /
Resource Hash
d1f6ad515efd5f39325b8705bdebd6fbfcb5b91cf9b94a6fc472cf287a8b3e5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Origin
https://bw.coolwind.cc
Referer
https://fonts.googleapis.com/

Response headers

age
528638
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 11:58:28 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 01 Oct 2024 11:58:28 GMT
last-modified
Wed, 01 May 2024 20:33:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
41952
x-xss-protection
0
server
sffe
favicon.ico
bw.coolwind.cc/Ing_es/image/ 		4 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://bw.coolwind.cc/Ing_es/image/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.18.137.142 San Jose, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
a12b74568c0776358f2ff26213881adb74f667dabe484335d8e138bc5e98441e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://bw.coolwind.cc/Ing_es/

Response headers

strict-transport-security
max-age=31536000
etag
"6703bd1d-10be"
accept-ranges
bytes
content-length
4286
date
Mon, 07 Oct 2024 14:49:06 GMT
content-type
image/x-icon
last-modified
Mon, 07 Oct 2024 10:51:09 GMT
server
nginx
favicon.ico
bw.coolwind.cc/Ing_es/image/ 		4 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://bw.coolwind.cc/Ing_es/image/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.18.137.142 San Jose, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
a12b74568c0776358f2ff26213881adb74f667dabe484335d8e138bc5e98441e

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://bw.coolwind.cc/Ing_es/

Response headers

accept-ranges
bytes
content-length
4286
date
Mon, 07 Oct 2024 14:49:06 GMT
etag
"6703bd1d-10be"
content-type
image/x-icon
last-modified
Mon, 07 Oct 2024 10:51:09 GMT
server
nginx

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _0xafac function| setc function| $ function| jQuery

4 Cookies

Domain/Path Name / Value
bw.coolwind.cc/Ing_es Name: waf_sc
Value: 5889647726
.t.co/ Name: muc
Value: 53513df8-8f3b-4e0d-b7b8-db8f7576821c
.t.co/ Name: __cf_bm
Value: ScY6_SXCBdWh6zilnZuj0W.OAicx.gwBxYz9ySO8gFI-1728312543-1.0.1.1-yENLm_pKKRNS.O7wLiCHpjf_kpkxfgve9VtyOAUN.HBoqVNR0tVDoB8X2rkgCkgJmpW1kkI6vMoZfnU.amfBKg
bw.coolwind.cc/ Name: PHPSESSID
Value: l0lo12a4jplflbhd7097qslmbt

2 Console Messages

Source Level URL
Text
javascript warning URL: https://bw.coolwind.cc/Ing_es/(Line 2)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://plugins.doubleclicks.biz/plugins/ua/linkid.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://bw.coolwind.cc/Ing_es/(Line 2)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://plugins.doubleclicks.biz/plugins/ua/linkid.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bw.coolwind.cc
cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
plugins.doubleclicks.biz
stackpath.bootstrapcdn.com
t.co
104.18.10.207
142.250.185.131
165.22.209.237
172.66.0.227
192.18.137.142
2a00:1450:4001:81c::200a
2a04:4e42:200::485
0c159070e198b7ed2a9162d6c9751f5914ff62803914d8512d60b1f5ffde4334
1a77d762d62e1948dd5c2346672422e68cea346657fe350c42a30705721100cf
35c153471303b51141565440f23f9b410836b4129cd196b71b06c6205d4136cd
39665b0dc250d0c7354078843e04e2c37d32f9a92eec8d4dd3b723a76f1938fa
3c325075337b768950583012228055ae392e384688d77ec5235e6ca88dcec6ef
401266201a6c752e8fba16811786e87b1afa1927fc9cff873cb3e1eb0e44de02
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
59a1460df6cb458204ec993345ff4964fa7e1a77da4ab7137e50fce8434c1d6a
6b3c4d3e255d73ca9e57959f5860c8357dbfad51249a6ee5a969c0d75f38f462
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8e2493d37d38efce746558e21f52e02918f16c68839a43011bc732d4ad8cca0c
a12b74568c0776358f2ff26213881adb74f667dabe484335d8e138bc5e98441e
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
a759188e2998fdc80cab14263cb2360853816311bf6ff2dd3cd67a1d4e749ca4
b6867c6fb74f698c2223b6c7b337009cc7bab9d122b4afa02a061271ef09032c
d1f6ad515efd5f39325b8705bdebd6fbfcb5b91cf9b94a6fc472cf287a8b3e5a
f66059a1f91fb93bdf433553f2d0fff51fc93b8988d9f209e69a8c86114d002c
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d