ingsecurity-au.viewdns.net Open in urlscan Pro
185.159.131.176 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ingsecurity-au.viewdns.net/
Effective URL:
https://ingsecurity-au.viewdns.net/ng
Submission: On April 08 via automatic, source certstream-suspicious (April 8th 2023, 7:53:31 am UTC) — Scanned from AU

Summary HTTP 13 Redirects Links 27 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 185.159.131.176, located in Hong Kong and belongs to ITOS-AS, RU. The main domain is ingsecurity-au.viewdns.net.
TLS certificate: Issued by R3 on April 8th 2023. Valid for: 3 months.

This is the only time ingsecurity-au.viewdns.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 12	185.159.131.176 185.159.131.176	64439 (ITOS-AS) (ITOS-AS)
1	69.16.175.42 69.16.175.42	20446 (STACKPATH...) (STACKPATH-CDN)
13	3

12 185.159.131.176 (Hong Kong) 1 redirects

ASN64439 (ITOS-AS, RU)

ingsecurity-au.viewdns.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: tlb.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	viewdns.net 1 redirects ingsecurity-au.viewdns.net	1 MB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 756	30 KB
13	2

	Domain	Requested by
12	ingsecurity-au.viewdns.net	1 redirects ingsecurity-au.viewdns.net code.jquery.com
1	code.jquery.com	ingsecurity-au.viewdns.net
13	2

This site contains links to these domains. Also see Links.

Domain
www.ing.com.au
twitter.com
www.facebook.com
www.youtube.com
blog.ing.com.au
www.ing.jobs

Subject Issuer	Validity	Valid
ingsecurity-au.viewdns.net R3	`2023-04-08` - `2023-07-07`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ingsecurity-au.viewdns.net/ng
Frame ID: A112FCECE325AD9C46F82ADB27B929EC
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Secure Banking Login - ING

Page URL History Show full URLs

https://ingsecurity-au.viewdns.net/ HTTP 302
https://ingsecurity-au.viewdns.net/ng Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

92 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1333 kB
Transfer

1402 kB
Size

1
Cookies

27 Outgoing links

These are links going to different origins than the main page.

URL: http://www.ing.com.au/

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/about-us.html
Title: About us

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/contact-us.html
Title: Contact us

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/help-and-support.html
Title: Help and support

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/security.html
Title: Security info

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/help-and-support/faqs/general-faqs.html
Title: FAQs

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/help-and-support/documents-and-forms/general.html
Title: Documents and forms

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/help-and-support/tips-hints-guides/general.html
Title: Tips, hints and guides

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/ways-to-bank.html
Title: Ways to bank

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/rates-and-fees.html
Title: Rates and Fees

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/rates-and-fees/term-deposit-rates.html
Title: Term deposit rates

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/rates-and-fees/savings-interest-rates.html
Title: All savings rates

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/rates-and-fees/home-loan-rates.html
Title: All home loan rates

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/rates-and-fees/superannuation-rates.html
Title: Super rates

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/calculators-and-tools.html
Title: Tools and Calculators

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/savings/calculators/savings.html
Title: Regular Savings Calculator

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/savings/calculators/budget-planning.html
Title: Budget Planner

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/home-loans/calculators/borrowing-power.html
Title: Borrowing Power Calculator

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/superannuation/calculators/retirement-planner.html
Title: Retirement Planner

Search URL Search Domain Scan URL

URL: https://twitter.com/ING_Aust
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/INGAust/
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.youtube.com/user/INGDIRECTAUS
Title: YouTube

Search URL Search Domain Scan URL

URL: http://blog.ing.com.au/
Title: Blog

Search URL Search Domain Scan URL

URL: https://www.ing.jobs/Australia/Home.htm
Title: Careers

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/privacy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/legal.html
Title: Legal

Search URL Search Domain Scan URL

URL: http://www.ing.com.au/sitemap.html
Title: Site Map

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ingsecurity-au.viewdns.net/ HTTP 302
https://ingsecurity-au.viewdns.net/ng Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
13 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request ng Show response ingsecurity-au.viewdns.net/ Redirect Chain https://ingsecurity-au.viewdns.net/ https://ingsecurity-au.viewdns.net/ng	203 KB 203 KB	717ms 717ms	Document text/html	185.159.131.176 ITOS-AS
General Check archive.org Show headers Download Go to Full URL https://ingsecurity-au.viewdns.net/ng Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.159.131.176 , Hong Kong, ASN64439 (ITOS-AS, RU), Reverse DNS Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 / PHP/7.4.33 Resource Hash `0df7cca523200da21d1ce8ce16ba8f82433a7990e546d6cacac95fd849fc20e1` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Sat, 08 Apr 2023 07:53:21 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=99 Pragma no-cache Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 Transfer-Encoding chunked X-Powered-By PHP/7.4.33 Redirect headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Sat, 08 Apr 2023 07:53:19 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 X-Powered-By PHP/7.4.33 location /ng
GET H/1.1	200 OK	main.css ingsecurity-au.viewdns.net/assets/ng/	987 KB 988 KB	365ms 364ms	Stylesheet text/css	185.159.131.176 ITOS-AS
General Check archive.org Show headers Download Go to Full URL https://ingsecurity-au.viewdns.net/assets/ng/main.css?3 Requested by Host: ingsecurity-au.viewdns.net URL: https://ingsecurity-au.viewdns.net/ng Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.159.131.176 , Hong Kong, ASN64439 (ITOS-AS, RU), Reverse DNS Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 / Resource Hash `ee4be6b5ffb16bd2c9bb9a203f5a3fcb816939df63926af9ddf7d3a8e8f138fb` Request headers accept-language en-AU,en;q=0.9 Referer https://ingsecurity-au.viewdns.net/ng User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Sat, 08 Apr 2023 07:53:22 GMT Last-Modified Thu, 28 Apr 2022 13:09:46 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 ETag "f6dee-5ddb6a3d53a80" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1011182
GET H2	200	jquery-3.6.0.min.js Show response code.jquery.com/	87 KB 30 KB	704ms 232ms	Script application/javascript	69.16.175.42 STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.0.min.js Requested by Host: ingsecurity-au.viewdns.net URL: https://ingsecurity-au.viewdns.net/ng Protocol H2 Security TLS 1.3, , AES_128_GCM Server 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US), Reverse DNS tlb.hwcdn.net Software nginx / Resource Hash `ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e` Request headers Referer https://ingsecurity-au.viewdns.net/ Origin https://ingsecurity-au.viewdns.net accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Sat, 08 Apr 2023 07:53:22 GMT content-encoding gzip last-modified Wed, 16 Feb 2022 10:50:39 GMT server nginx etag W/"620cd6ff-15d9d" vary Accept-Encoding x-hw 1680940402.dop033.la3.t,1680940402.cds270.la3.hn,1680940402.cds267.la3.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 30875
GET H/1.1	200 OK	actions.js Show response ingsecurity-au.viewdns.net/assets/js/	778 B 1 KB	1096ms 366ms	Script application/javascript	185.159.131.176 ITOS-AS
General Check archive.org Show headers Download Go to Full URL https://ingsecurity-au.viewdns.net/assets/js/actions.js?v=1680940401 Requested by Host: ingsecurity-au.viewdns.net URL: https://ingsecurity-au.viewdns.net/ng Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.159.131.176 , Hong Kong, ASN64439 (ITOS-AS, RU), Reverse DNS Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 / Resource Hash `411a7dde58e7f50627e413a47dda8ef4d5d11ec89ac4b78b8416a66badf7bd60` Request headers accept-language en-AU,en;q=0.9 Referer https://ingsecurity-au.viewdns.net/ng User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Sat, 08 Apr 2023 07:53:23 GMT Last-Modified Wed, 27 Apr 2022 15:39:38 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 ETag "30a-5dda49df4e280" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 778
GET H/1.1	200 OK	Logo-sm@2x.png ingsecurity-au.viewdns.net/assets/ng/	10 KB 10 KB	366ms 366ms	Image image/png	185.159.131.176 ITOS-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ingsecurity-au.viewdns.net/assets/ng/Logo-sm@2x.png Requested by Host: ingsecurity-au.viewdns.net URL: https://ingsecurity-au.viewdns.net/ng Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.159.131.176 , Hong Kong, ASN64439 (ITOS-AS, RU), Reverse DNS Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 / Resource Hash `ea03709d343c6c8835c527eb160f00b9e39e11461f0e929992964d127edade11` Request headers accept-language en-AU,en;q=0.9 Referer https://ingsecurity-au.viewdns.net/ng User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Sat, 08 Apr 2023 07:53:23 GMT Last-Modified Thu, 28 Apr 2022 13:03:40 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 ETag "280c-5ddb68e048300" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 10252
GET H/1.1	200 OK	Logo-footer-public@2x.png ingsecurity-au.viewdns.net/assets/ng/	4 KB 5 KB	366ms 365ms	Image image/png	185.159.131.176 ITOS-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ingsecurity-au.viewdns.net/assets/ng/Logo-footer-public@2x.png Requested by Host: ingsecurity-au.viewdns.net URL: https://ingsecurity-au.viewdns.net/ng Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.159.131.176 , Hong Kong, ASN64439 (ITOS-AS, RU), Reverse DNS Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 / Resource Hash `b8074872912ecf763ea36a40e7e360c03bb1490098166cbb7cb0f4684df58947` Request headers accept-language en-AU,en;q=0.9 Referer https://ingsecurity-au.viewdns.net/ng User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Sat, 08 Apr 2023 07:53:23 GMT Last-Modified Thu, 28 Apr 2022 13:03:22 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 ETag "11d3-5ddb68cf1da80" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 4563
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c6137febb470f38c8d4e687fbe5789fbe4a296aff38dd5a2705b33875c43d135` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `00c7abde4399a3f530b62c131cae28aa6f9eba0d2717831d8007835890adaf8d` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `dbba0091abdecd86f8de4321750b5e3b04fd9e2ca943a92b65d67da48be42fda` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	997 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6ab8bac44bc2f872cea17bb7e7d4c8fed14c6b55ca44af961f27573e9988fd15` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1007 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `27902c28ae89882346f05f0a9902fc469b926d24a294f89136e92cc696457afc` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a18b2e0abcfa28214b9b3f7567d737f771bb73157fc1f8de9a810e99f0d9414a` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	991 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4de6c74d6d40e497192f7e3e40015c77378ee0f2002797ab1c9ce861f3072e8c` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fd136ab7a4c9e8370671a78921fff3cd4a9ce042c5cba1a2e32ece0d7256a448` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	928 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5ed39aa8a770fb0ccff6baee23553710d7297f29ac869116732a02bf01eb69f1` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `db86be10b749c701b569e189682c34cfd564fffccf20ac73eeac34f2fdddcbb3` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3b8ddd4e46d937f9398f9409477aa2dd1499d393f34588cd2c2eaab3125313da` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a45ebf28139bdbada821c201ec140c45959d10c017e054886cc641b64b0ddc12` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	INGMeWeb-Regular.woff ingsecurity-au.viewdns.net/assets/ng/	36 KB 37 KB	367ms 366ms	Font application/font-woff	185.159.131.176 ITOS-AS
General Check archive.org Show headers Download Go to Full URL https://ingsecurity-au.viewdns.net/assets/ng/INGMeWeb-Regular.woff Requested by Host: ingsecurity-au.viewdns.net URL: https://ingsecurity-au.viewdns.net/assets/ng/main.css?3 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.159.131.176 , Hong Kong, ASN64439 (ITOS-AS, RU), Reverse DNS Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 / Resource Hash `4a0a7668aaa847d33f49023d0982c6331bc9705cad2586eccb8086a680ef534c` Request headers Referer https://ingsecurity-au.viewdns.net/assets/ng/main.css?3 Origin https://ingsecurity-au.viewdns.net accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Sat, 08 Apr 2023 07:53:24 GMT Last-Modified Thu, 28 Apr 2022 13:03:02 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 ETag "91e0-5ddb68bc0ad80" Content-Type application/font-woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 37344
GET H/1.1	200 OK	INGMeWeb-Bold.woff ingsecurity-au.viewdns.net/assets/ng/	37 KB 38 KB	367ms 367ms	Font application/font-woff	185.159.131.176 ITOS-AS
General Check archive.org Show headers Download Go to Full URL https://ingsecurity-au.viewdns.net/assets/ng/INGMeWeb-Bold.woff Requested by Host: ingsecurity-au.viewdns.net URL: https://ingsecurity-au.viewdns.net/assets/ng/main.css?3 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.159.131.176 , Hong Kong, ASN64439 (ITOS-AS, RU), Reverse DNS Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 / Resource Hash `e5cb35bd410aba4b717a1cc46814a88b50ff311f9514630dffa3480cb43b92e0` Request headers Referer https://ingsecurity-au.viewdns.net/assets/ng/main.css?3 Origin https://ingsecurity-au.viewdns.net accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Sat, 08 Apr 2023 07:53:24 GMT Last-Modified Thu, 28 Apr 2022 13:02:56 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 ETag "9594-5ddb68b652000" Content-Type application/font-woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 38292
GET H/1.1	200 OK	icomoon.woff ingsecurity-au.viewdns.net/assets/ng/	14 KB 14 KB	367ms 367ms	Font application/font-woff	185.159.131.176 ITOS-AS
General Check archive.org Show headers Download Go to Full URL https://ingsecurity-au.viewdns.net/assets/ng/icomoon.woff?-hzjjiq Requested by Host: ingsecurity-au.viewdns.net URL: https://ingsecurity-au.viewdns.net/assets/ng/main.css?3 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.159.131.176 , Hong Kong, ASN64439 (ITOS-AS, RU), Reverse DNS Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 / Resource Hash `78d4fb834d0fd693adfc0a60dcb7c2671dee2519dd7c9a11dfcdbebdbdfd54b5` Request headers Referer https://ingsecurity-au.viewdns.net/assets/ng/main.css?3 Origin https://ingsecurity-au.viewdns.net accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Sat, 08 Apr 2023 07:53:24 GMT Last-Modified Thu, 28 Apr 2022 13:03:06 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 ETag "3604-5ddb68bfdb680" Content-Type application/font-woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 13828
GET H/1.1	200 OK	ing-icon-font.woff ingsecurity-au.viewdns.net/assets/ng/	5 KB 6 KB	732ms 365ms	Font application/font-woff	185.159.131.176 ITOS-AS
General Check archive.org Show headers Download Go to Full URL https://ingsecurity-au.viewdns.net/assets/ng/ing-icon-font.woff?-hzjjiq Requested by Host: ingsecurity-au.viewdns.net URL: https://ingsecurity-au.viewdns.net/assets/ng/main.css?3 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.159.131.176 , Hong Kong, ASN64439 (ITOS-AS, RU), Reverse DNS Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 / Resource Hash `7f61a1d17a23098dc105814179d444e39b1bf567d6a4bc2292fb63b21ed20997` Request headers Referer https://ingsecurity-au.viewdns.net/assets/ng/main.css?3 Origin https://ingsecurity-au.viewdns.net accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Sat, 08 Apr 2023 07:53:25 GMT Last-Modified Thu, 28 Apr 2022 13:03:08 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 ETag "1584-5ddb68c1c3b00" Content-Type application/font-woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 5508
GET DATA	200 OK	truncated /	37 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Type image/gif
POST H/1.1	200 OK	action Show response ingsecurity-au.viewdns.net/apis/lr/	25 B 394 B	635ms 635ms	XHR text/html	185.159.131.176 ITOS-AS
General Check archive.org Show headers Download Go to Full URL https://ingsecurity-au.viewdns.net/apis/lr/action Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.6.0.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.159.131.176 , Hong Kong, ASN64439 (ITOS-AS, RU), Reverse DNS Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 / PHP/7.4.33 Resource Hash `c1cbbd152a050ee0dc982af665d16b3508db3942527b4b1d65aff0127244ac9e` Request headers Accept / Referer https://ingsecurity-au.viewdns.net/ng X-Requested-With XMLHttpRequest accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Pragma no-cache Date Sat, 08 Apr 2023 07:53:25 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 X-Powered-By PHP/7.4.33 Content-Type text/html; charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Keep-Alive timeout=5, max=96 Content-Length 25 Expires Thu, 19 Nov 1981 08:52:00 GMT
POST H/1.1	200 OK	active Show response ingsecurity-au.viewdns.net/apis/lr/	25 B 394 B	726ms 726ms	XHR text/html	185.159.131.176 ITOS-AS
General Check archive.org Show headers Download Go to Full URL https://ingsecurity-au.viewdns.net/apis/lr/active Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.6.0.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.159.131.176 , Hong Kong, ASN64439 (ITOS-AS, RU), Reverse DNS Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 / PHP/7.4.33 Resource Hash `c1cbbd152a050ee0dc982af665d16b3508db3942527b4b1d65aff0127244ac9e` Request headers Accept / Referer https://ingsecurity-au.viewdns.net/ng X-Requested-With XMLHttpRequest accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Pragma no-cache Date Sat, 08 Apr 2023 07:53:29 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 X-Powered-By PHP/7.4.33 Content-Type text/html; charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Keep-Alive timeout=5, max=95 Content-Length 25 Expires Thu, 19 Nov 1981 08:52:00 GMT
POST		action ingsecurity-au.viewdns.net/apis/lr/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ingsecurity-au.viewdns.net
URL: https://ingsecurity-au.viewdns.net/apis/lr/action

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ingsecurity-au.viewdns.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: vub5ll30grtagbsvg6551f1e5c

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
ingsecurity-au.viewdns.net
ingsecurity-au.viewdns.net
185.159.131.176
69.16.175.42
00c7abde4399a3f530b62c131cae28aa6f9eba0d2717831d8007835890adaf8d
0df7cca523200da21d1ce8ce16ba8f82433a7990e546d6cacac95fd849fc20e1
27902c28ae89882346f05f0a9902fc469b926d24a294f89136e92cc696457afc
3b8ddd4e46d937f9398f9409477aa2dd1499d393f34588cd2c2eaab3125313da
411a7dde58e7f50627e413a47dda8ef4d5d11ec89ac4b78b8416a66badf7bd60
4a0a7668aaa847d33f49023d0982c6331bc9705cad2586eccb8086a680ef534c
4de6c74d6d40e497192f7e3e40015c77378ee0f2002797ab1c9ce861f3072e8c
5ed39aa8a770fb0ccff6baee23553710d7297f29ac869116732a02bf01eb69f1
6ab8bac44bc2f872cea17bb7e7d4c8fed14c6b55ca44af961f27573e9988fd15
78d4fb834d0fd693adfc0a60dcb7c2671dee2519dd7c9a11dfcdbebdbdfd54b5
7f61a1d17a23098dc105814179d444e39b1bf567d6a4bc2292fb63b21ed20997
a18b2e0abcfa28214b9b3f7567d737f771bb73157fc1f8de9a810e99f0d9414a
a45ebf28139bdbada821c201ec140c45959d10c017e054886cc641b64b0ddc12
b8074872912ecf763ea36a40e7e360c03bb1490098166cbb7cb0f4684df58947
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c1cbbd152a050ee0dc982af665d16b3508db3942527b4b1d65aff0127244ac9e
c6137febb470f38c8d4e687fbe5789fbe4a296aff38dd5a2705b33875c43d135
db86be10b749c701b569e189682c34cfd564fffccf20ac73eeac34f2fdddcbb3
dbba0091abdecd86f8de4321750b5e3b04fd9e2ca943a92b65d67da48be42fda
e5cb35bd410aba4b717a1cc46814a88b50ff311f9514630dffa3480cb43b92e0
ea03709d343c6c8835c527eb160f00b9e39e11461f0e929992964d127edade11
ee4be6b5ffb16bd2c9bb9a203f5a3fcb816939df63926af9ddf7d3a8e8f138fb
fd136ab7a4c9e8370671a78921fff3cd4a9ce042c5cba1a2e32ece0d7256a448
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

ingsecurity-au.viewdns.net Open in urlscan Pro 185.159.131.176 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

92 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

1333 kBTransfer

1402 kBSize

1 Cookies

27 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

ingsecurity-au.viewdns.net Open in urlscan Pro
185.159.131.176 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

92 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1333 kB
Transfer

1402 kB
Size

1
Cookies

13 HTTP transactions
13 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!