miasanoixu.cfolks.pl Open in urlscan Pro
185.208.164.24 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://miasanoixu.cfolks.pl/ing/
Submission: On June 12 via manual (June 12th 2023, 11:28:58 am UTC) from ES — Scanned from PL

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 8 HTTP transactions. The main IP is 185.208.164.24, located in Poland and belongs to CF-GDA, PL. The main domain is miasanoixu.cfolks.pl.
TLS certificate: Issued by Certum Domain Validation CA SHA2 on August 3rd 2022. Valid for: a year.

This is the only time miasanoixu.cfolks.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

	IP Address	AS Autonomous System
6	185.208.164.24 185.208.164.24	41079 (CF-GDA) (CF-GDA)
1	69.16.175.10 69.16.175.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	193.41.234.21 193.41.234.21	16289 (ING-DIREC...) (ING-DIRECT-SPAIN)
8	3

6 185.208.164.24 (Poland)

ASN41079 (CF-GDA, PL)
PTR: s24.cyber-folks.pl

miasanoixu.cfolks.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.41.234.21 (Spain)

ASN16289 (ING-DIRECT-SPAIN, ES)

ing.ingdirect.es	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	cfolks.pl miasanoixu.cfolks.pl	80 KB
1	ingdirect.es ing.ingdirect.es — Cisco Umbrella Rank: 738117	22 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 768	30 KB
8	3

	Domain	Requested by
6	miasanoixu.cfolks.pl	miasanoixu.cfolks.pl
1	ing.ingdirect.es	miasanoixu.cfolks.pl
1	code.jquery.com	miasanoixu.cfolks.pl
8	3

This site contains no links.

Subject Issuer	Validity	Valid
*.cfolks.pl Certum Domain Validation CA SHA2	`2022-08-03` - `2023-08-03`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
ing.ingdirect.es Entrust Certification Authority - L1M	`2022-06-13` - `2023-07-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://miasanoixu.cfolks.pl/ing/
Frame ID: 9B62580847BA3C11FC53614A26BFE05D
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Acceso clientes, ING

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

111 kB
Transfer

211 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response miasanoixu.cfolks.pl/ing/	16 KB 3 KB	134ms 40ms	Document text/html	185.208.164.24 CF-GDA
General Check archive.org Show headers Download Go to Full URL https://miasanoixu.cfolks.pl/ing/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.208.164.24 , Poland, ASN41079 (CF-GDA, PL), Reverse DNS s24.cyber-folks.pl Software LiteSpeed / Resource Hash `b1c6b16c89f0c078a7fd7e693f566c2aea0d72f6417ca29f76ad79d93744bb69` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 accept-language pl-PL,pl;q=0.9 Response headers accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-encoding br content-length 3292 content-type text/html date Mon, 12 Jun 2023 11:28:53 GMT etag "4145-5ee56ae8-d435a6b3fefb8835;br" last-modified Sun, 14 Jun 2020 00:10:16 GMT server LiteSpeed vary Accept-Encoding,User-Agent
GET H2	200	styles.css miasanoixu.cfolks.pl/ing/	15 KB 4 KB	43ms 42ms	Stylesheet text/css	185.208.164.24 CF-GDA
General Check archive.org Show headers Download Go to Full URL https://miasanoixu.cfolks.pl/ing/styles.css Requested by Host: miasanoixu.cfolks.pl URL: https://miasanoixu.cfolks.pl/ing/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.208.164.24 , Poland, ASN41079 (CF-GDA, PL), Reverse DNS s24.cyber-folks.pl Software LiteSpeed / Resource Hash `e008801612a41d04427fd522d313657cb123faf360e0a3821ac900c4b661f77e` Request headers accept-language pl-PL,pl;q=0.9 Referer https://miasanoixu.cfolks.pl/ing/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Mon, 12 Jun 2023 11:28:54 GMT content-encoding br last-modified Sun, 14 Jun 2020 11:12:26 GMT server LiteSpeed etag "3ab6-5ee6061a-a52ad29a14f81b92;br" vary Accept-Encoding,User-Agent content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 4043 expires Mon, 19 Jun 2023 11:28:54 GMT
GET H2	200	jquery-3.5.1.min.js Show response code.jquery.com/	87 KB 30 KB	99ms 32ms	Script application/javascript	69.16.175.10 STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.5.1.min.js Requested by Host: miasanoixu.cfolks.pl URL: https://miasanoixu.cfolks.pl/ing/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 69.16.175.10 , United States, ASN20446 (STACKPATH-CDN, US), Reverse DNS hwcdn.net Software nginx / Resource Hash `f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d` Request headers Referer https://miasanoixu.cfolks.pl/ Origin https://miasanoixu.cfolks.pl accept-language pl-PL,pl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Mon, 12 Jun 2023 11:28:54 GMT content-encoding gzip last-modified Fri, 20 Aug 2021 17:47:53 GMT server nginx etag W/"611feac9-15d84" vary Accept-Encoding x-hw 1686569334.dop201.wa1.t,1686569334.cds205.wa1.hn,1686569334.cds202.wa1.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 30879
GET H2	200	main.js Show response miasanoixu.cfolks.pl/ing/	6 KB 2 KB	44ms 44ms	Script application/javascript	185.208.164.24 CF-GDA
General Check archive.org Show headers Download Go to Full URL https://miasanoixu.cfolks.pl/ing/main.js Requested by Host: miasanoixu.cfolks.pl URL: https://miasanoixu.cfolks.pl/ing/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.208.164.24 , Poland, ASN41079 (CF-GDA, PL), Reverse DNS s24.cyber-folks.pl Software LiteSpeed / Resource Hash `67db6306e67299fb89ef09489bd0a4be9ba0aa7a027eb7a0efb28b8dd8fd44b5` Request headers accept-language pl-PL,pl;q=0.9 Referer https://miasanoixu.cfolks.pl/ing/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Mon, 12 Jun 2023 11:28:54 GMT content-encoding br last-modified Fri, 26 May 2023 13:47:42 GMT server LiteSpeed etag "19e6-6470b87e-fc5ccb7711a33192;br" vary Accept-Encoding,User-Agent content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 1640 expires Mon, 19 Jun 2023 11:28:54 GMT
GET H2	200	ing-lion-reversed.svg miasanoixu.cfolks.pl/ing/	27 KB 12 KB	50ms 50ms	Image image/svg+xml	185.208.164.24 CF-GDA
General Check archive.org Show headers Download Go to Show image Full URL https://miasanoixu.cfolks.pl/ing/ing-lion-reversed.svg Requested by Host: miasanoixu.cfolks.pl URL: https://miasanoixu.cfolks.pl/ing/styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.208.164.24 , Poland, ASN41079 (CF-GDA, PL), Reverse DNS s24.cyber-folks.pl Software LiteSpeed / Resource Hash `6b3c4d3e255d73ca9e57959f5860c8357dbfad51249a6ee5a969c0d75f38f462` Request headers accept-language pl-PL,pl;q=0.9 Referer https://miasanoixu.cfolks.pl/ing/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Mon, 12 Jun 2023 11:28:54 GMT content-encoding br last-modified Thu, 04 Jun 2020 23:09:16 GMT server LiteSpeed etag "6c45-5ed97f1c-a71570c88c3a10ad;br" vary Accept-Encoding,User-Agent content-type image/svg+xml cache-control public, max-age=604800 accept-ranges bytes content-length 12377 expires Mon, 19 Jun 2023 11:28:54 GMT
GET H/1.1	404 Not Found	logoING.svg ing.ingdirect.es/app-login/assets/images/svg/	22 B 22 B	330ms 165ms	Image text/html	193.41.234.21 ING-DIRECT-SPAIN
General Check archive.org Show headers Download Go to Show image Full URL https://ing.ingdirect.es/app-login/assets/images/svg/logoING.svg Requested by Host: miasanoixu.cfolks.pl URL: https://miasanoixu.cfolks.pl/ing/styles.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 193.41.234.21 , Spain, ASN16289 (ING-DIRECT-SPAIN, ES), Reverse DNS Software / Resource Hash `e9e18797898538013a66ff759d88668598c674e0e5b6d1873c404a549640617d` Request headers accept-language pl-PL,pl;q=0.9 Referer https://miasanoixu.cfolks.pl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Mon, 12 Jun 2023 11:28:54 GMT Connection keep-alive Content-Length 22 x-pool-ipc dfwo Content-Type text/html
GET H2	200	INGMeWeb-Regular.woff2 miasanoixu.cfolks.pl/ing/font/	29 KB 29 KB	125ms 125ms	Font font/woff2	185.208.164.24 CF-GDA
General Check archive.org Show headers Download Go to Full URL https://miasanoixu.cfolks.pl/ing/font/INGMeWeb-Regular.woff2 Requested by Host: miasanoixu.cfolks.pl URL: https://miasanoixu.cfolks.pl/ing/styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.208.164.24 , Poland, ASN41079 (CF-GDA, PL), Reverse DNS s24.cyber-folks.pl Software LiteSpeed / Resource Hash `f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155` Request headers Referer https://miasanoixu.cfolks.pl/ing/styles.css Origin https://miasanoixu.cfolks.pl accept-language pl-PL,pl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Mon, 12 Jun 2023 11:28:54 GMT last-modified Thu, 04 Jun 2020 23:04:44 GMT server LiteSpeed etag "73b0-5ed97e0c-214d9b3573df0d03;;;" vary User-Agent content-type font/woff2 cache-control public, max-age=604800 accept-ranges bytes content-length 29616 expires Mon, 19 Jun 2023 11:28:54 GMT
GET H2	200	INGMeWeb-Bold.woff2 miasanoixu.cfolks.pl/ing/font/	30 KB 30 KB	78ms 78ms	Font font/woff2	185.208.164.24 CF-GDA
General Check archive.org Show headers Download Go to Full URL https://miasanoixu.cfolks.pl/ing/font/INGMeWeb-Bold.woff2 Requested by Host: miasanoixu.cfolks.pl URL: https://miasanoixu.cfolks.pl/ing/styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.208.164.24 , Poland, ASN41079 (CF-GDA, PL), Reverse DNS s24.cyber-folks.pl Software LiteSpeed / Resource Hash `3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e` Request headers Referer https://miasanoixu.cfolks.pl/ing/styles.css Origin https://miasanoixu.cfolks.pl accept-language pl-PL,pl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Mon, 12 Jun 2023 11:28:54 GMT last-modified Thu, 04 Jun 2020 23:04:44 GMT server LiteSpeed etag "76f8-5ed97e0c-67ccc8422f2af78f;;;" vary User-Agent content-type font/woff2 cache-control public, max-age=604800 accept-ranges bytes content-length 30456 expires Mon, 19 Jun 2023 11:28:54 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://ing.ingdirect.es/app-login/assets/images/svg/logoING.svg Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
ing.ingdirect.es
miasanoixu.cfolks.pl
185.208.164.24
193.41.234.21
69.16.175.10
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
67db6306e67299fb89ef09489bd0a4be9ba0aa7a027eb7a0efb28b8dd8fd44b5
6b3c4d3e255d73ca9e57959f5860c8357dbfad51249a6ee5a969c0d75f38f462
b1c6b16c89f0c078a7fd7e693f566c2aea0d72f6417ca29f76ad79d93744bb69
e008801612a41d04427fd522d313657cb123faf360e0a3821ac900c4b661f77e
e9e18797898538013a66ff759d88668598c674e0e5b6d1873c404a549640617d
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

miasanoixu.cfolks.pl Open in urlscan Pro 185.208.164.24 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

111 kBTransfer

211 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

miasanoixu.cfolks.pl Open in urlscan Pro
185.208.164.24 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

111 kB
Transfer

211 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!