my.ing-es.one
Open in
urlscan Pro
2606:4700:3037::6815:474
Malicious Activity!
Public Scan
Effective URL: https://my.ing-es.one/
Submission: On May 17 via api from NL — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on May 17th 2024. Valid for: 3 months.
This is the only time my.ing-es.one was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ING Group (Banking)Live information
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2001:4860:480... 2001:4860:4802:36::36 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700:303... 2606:4700:3037::6815:474 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42::649 2a04:4e42::649 | 54113 (FASTLY) (FASTLY) | |
9 | 172.67.132.9 172.67.132.9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
12 | 4 |
ASN15169 (GOOGLE, US)
europe-southwest1-decent-being-423303-g1.cloudfunctions.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
ing-es.one
my.ing-es.one |
69 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 776 |
30 KB |
1 |
cloudfunctions.net
europe-southwest1-decent-being-423303-g1.cloudfunctions.net |
202 B |
12 | 3 |
Domain | Requested by | |
---|---|---|
10 | my.ing-es.one |
my.ing-es.one
|
1 | code.jquery.com |
my.ing-es.one
|
1 | europe-southwest1-decent-being-423303-g1.cloudfunctions.net | |
12 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
misc.google.com GTS CA 1C3 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
ing-es.one GTS CA 1P5 |
2024-05-17 - 2024-08-15 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://my.ing-es.one/
Frame ID: 1818EAB8C0802CE1D2880DC1391F8B05
Requests: 12 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://europe-southwest1-decent-being-423303-g1.cloudfunctions.net/atualizaciontelefono/087643815/ HTTP 307
- https://europe-southwest1-decent-being-423303-g1.cloudfunctions.net/atualizaciontelefono/087643815/
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
europe-southwest1-decent-being-423303-g1.cloudfunctions.net/atualizaciontelefono/087643815/ Redirect Chain
|
0 202 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
my.ing-es.one/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app.js
my.ing-es.one/static/js/ |
9 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.css
my.ing-es.one/static/css/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
e3f40009f3551a33351ee943b8654cbb.svg
my.ing-es.one/static/img/ |
37 KB 9 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
phone.png
my.ing-es.one/static/img/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ing-lion-reversed.svg
my.ing-es.one/static/img/ |
27 KB 12 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
question-solid.svg
my.ing-es.one/static/img/ |
610 B 877 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
arrow.png
my.ing-es.one/static/img/ |
442 B 903 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
INGMeWeb-Regular.woff2.ttf
my.ing-es.one/static/fonts/ |
70 KB 36 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon16.png
my.ing-es.one/static/img/ |
467 B 927 B |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ING Group (Banking)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| bolinhas function| verificarCamposPreenchidos function| verificarEAlternar undefined| socket function| iniciarVerificacao function| atualizarStatusCmd1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
my.ing-es.one/ | Name: session Value: .eJw9T9luwjAQ_JWVn0AiyfrIUfPUUpUiCqpEKh6RE5zWShqjHOql_juLemhfZmdnRrNf7Kbzb73tmGaLl86_WjZjCzd8MN2OTUPYj-3Q_a-3ZrC5I5VmPI0wjgQKBRFwqaXUIib3nakv59V2ScvqkaBA5JqbKtMKBWqDUumrLE20liTZDZT5l_9EVQ7m2bYD-Tb-0zWNieIQYbJ37ZGawjYHjiHOgYhEzeE9UVO4Pp0au7fF2g1RLNNQJjBZ3-ebhxk0rrawtGXtp_DzYcSFCvEysDOV6dyvhbr0tu-NP4z9SLSnCsizwlRVEaCMy0AJrILMFDwQiTzGPE25TUv2fQaBLFyO.ZkeG1Q.6AW5-ePq3r1nuVXGcm0R_nD-axw |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
europe-southwest1-decent-being-423303-g1.cloudfunctions.net
my.ing-es.one
172.67.132.9
2001:4860:4802:36::36
2606:4700:3037::6815:474
2a04:4e42::649
0d5b3041f54d40189f7d2460558f4be41571d4540d41a69a15dcca00868c2d3d
1062898ee90d706d4c2da807ae0c8f1662a3c73b956e7ed8254b2cd4220ac194
1a77d762d62e1948dd5c2346672422e68cea346657fe350c42a30705721100cf
4776253b113849490ce80f896b27c42b1ababdbda439c26c9b7b5adb8ab97ee7
691d574b1fbc16bd826f86b816019ac47370a0a0c4a3265399ec6264f8287979
6b3c4d3e255d73ca9e57959f5860c8357dbfad51249a6ee5a969c0d75f38f462
7122373b0c91db1bd50e34a6709c47d26010ad37e8230d10e1cab5b72da00d4f
9e1a37b95093d60f23028c3698d8f8d7c0591211add4d854ac1925a75a0ca006
bd2ff8320e28bc589578b9e0da39077842de0d536bb89077da549ed42a96c5ab
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed2d083453ac7e194d0eb8717b1011b5f55a24e7b8a8ac93338bdd1e5d58645b
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e