app-clientesing.info Open in urlscan Pro
172.67.138.20 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://app-clientesing.info/html
Effective URL:
https://app-clientesing.info/html/index4
Submission: On November 29 via api (November 29th 2024, 4:03:17 pm UTC) from FR — Scanned from ES

Summary HTTP 5 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 5 HTTP transactions. The main IP is 172.67.138.20, located in United States and belongs to CLOUDFLARENET, US. The main domain is app-clientesing.info.
TLS certificate: Issued by WE1 on November 29th 2024. Valid for: 3 months.

This is the only time app-clientesing.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 6	172.67.138.20 172.67.138.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:93bc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	3

6 172.67.138.20 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

app-clientesing.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:93bc (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	app-clientesing.info 2 redirects app-clientesing.info	307 KB
1	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 2020
5	2

	Domain	Requested by
6	app-clientesing.info	2 redirects app-clientesing.info
1	kit.fontawesome.com	app-clientesing.info
5	2

This site contains no links.

Subject Issuer	Validity	Valid
app-clientesing.info WE1	`2024-11-29` - `2025-02-27`	3 months	crt.sh
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-30` - `2025-01-27`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://app-clientesing.info/html/index4
Frame ID: 43E399E08340AEB80A9897B2233F5554
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Acceso clientes, ING

Page URL History Show full URLs

https://app-clientesing.info/html HTTP 301
http://app-clientesing.info/html/ HTTP 307
https://app-clientesing.info/html/ HTTP 302
https://app-clientesing.info/html/index4 Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Page Statistics

5
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

306 kB
Transfer

1181 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://app-clientesing.info/html HTTP 301
http://app-clientesing.info/html/ HTTP 307
https://app-clientesing.info/html/ HTTP 302
https://app-clientesing.info/html/index4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request index4 Show response app-clientesing.info/html/ Redirect Chain https://app-clientesing.info/html http://app-clientesing.info/html/ https://app-clientesing.info/html/ https://app-clientesing.info/html/index4	634 KB 282 KB	219ms 219ms	Document text/html	172.67.138.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-clientesing.info/html/index4 Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.138.20 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a05c2e3569a17b76a45c4ba418dfe950d494ad5008d055cf6ab12b17899ae20c` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 8ea3d38ece5ecc05-MAD content-encoding zstd content-type text/html; charset=UTF-8 date Fri, 29 Nov 2024 16:03:11 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KFApmLc26WJUaDap6zbU267t1gOsffv0rno1JKqkSd3U9dUWcVFhj0oli378X6iox5Nf%2BbO%2BjEqka5xSrO9AkMVQgtXfVyB9mYNUD5mh93jInjm14q2YMeWuin51k3pxjTkzVRS88Q%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=48815&min_rtt=39573&rtt_var=8946&sent=19&recv=16&lost=0&retrans=0&sent_bytes=7238&recv_bytes=5574&delivery_rate=50765&cwnd=12000&unsent_bytes=0&cid=52eb45a286080a41&ts=1489&x=1" cfHdrFlush;dur=0 vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 8ea3d3887daccc05-MAD content-type text/html; charset=UTF-8 date Fri, 29 Nov 2024 16:03:11 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location ./index4 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QZPPAfjrA6oK6KmQpEeMTLePV1A3rLCK0MPEUhx164kdmHaJg9RyhInFTjZJsSwsvKgDaRi8EOnlj3TdZiFUKPF5el8A0GnCIl%2B2Bndsbxj7Kv0Fyc35aOi9AdKsG1871H8kU1h2JQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=50135&min_rtt=44567&rtt_var=8408&sent=15&recv=13&lost=0&retrans=0&sent_bytes=5182&recv_bytes=5031&delivery_rate=390&cwnd=12000&unsent_bytes=0&cid=52eb45a286080a41&ts=1273&x=1" cfHdrFlush;dur=0
GET H3	200	style.css app-clientesing.info/html/css/	44 KB 19 KB	80ms 79ms	Stylesheet text/css	172.67.138.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-clientesing.info/html/css/style.css Requested by Host: app-clientesing.info URL: https://app-clientesing.info/html/index4 Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.138.20 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ac1f522aabfdad4c5de0e182acc2d9cc262d38085d7d2fb8489698e5e92da1ef` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Referer https://app-clientesing.info/html/index4 Response headers content-encoding gzip cf-cache-status HIT etag W/"6749d67c-b021" age 947 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FwemYZrkIcv8cY4NC6MRNdnEgaS03Q5mVD%2B9z36rNqVkfnvZJ6WuW%2B7lIrLQRzQYYI0q9Os1el9B1y9GhhJT0kPct3Oi98GVbWxUv7ZwJwG6pvslJErDMfscHwE1S%2BccDzfg4Cruqw%3D%3D"}],"group":"cf-nel","max_age":604800} expires Thu, 31 Dec 2037 23:55:55 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=49070&min_rtt=39573&rtt_var=7219&sent=21&recv=17&lost=0&retrans=0&sent_bytes=8354&recv_bytes=5961&delivery_rate=4739&cwnd=12000&unsent_bytes=0&cid=52eb45a286080a41&ts=1572&x=1", cfHdrFlush;dur=0 date Fri, 29 Nov 2024 16:03:12 GMT content-type text/css last-modified Fri, 29 Nov 2024 14:58:04 GMT vary Accept-Encoding cache-control max-age=315360000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8ea3d39038c8cc05-MAD server cloudflare
GET H2	403	1b308ca3c0.js kit.fontawesome.com/	0 0	404ms 286ms	Script text/plain	2606:4700:4400::ac40:93bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kit.fontawesome.com/1b308ca3c0.js Requested by Host: app-clientesing.info URL: https://app-clientesing.info/html/index4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Origin https://app-clientesing.info Referer https://app-clientesing.info/ Response headers access-control-max-age 3000 x-request-id GAx759iCYkAwNZmlkPGB cache-control max-age=0, private, must-revalidate cf-cache-status MISS access-control-allow-methods GET, OPTIONS cf-ray 8ea3d3919a555e1d-MAD access-control-allow-origin * content-length 9 date Fri, 29 Nov 2024 16:03:12 GMT vary Accept-Encoding server cloudflare access-control-allow-headers accept, accept-langauge, content-language, content-type, fa-kit-token
GET DATA	200 OK	truncated /	468 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f672788b4391c191399d0f623cd6a64689153b06ddce04daf37639bab7ee55c3` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Referer Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9e1a37b95093d60f23028c3698d8f8d7c0591211add4d854ac1925a75a0ca006` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4c693a6a0203f5a10fd1dec67a50a26c56577ed65b979d296e433fc537275c64` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Referer Response headers Content-Type image/svg+xml
GET H3	200	arrow.png app-clientesing.info/html/imagenes/	442 B 1 KB	76ms 76ms	Image image/png	172.67.138.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://app-clientesing.info/html/imagenes/arrow.png Requested by Host: app-clientesing.info URL: https://app-clientesing.info/html/index4 Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.138.20 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0d5b3041f54d40189f7d2460558f4be41571d4540d41a69a15dcca00868c2d3d` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Referer https://app-clientesing.info/html/index4 Response headers cf-cache-status HIT etag "6749d67d-1ba" age 947 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WXaRx1gs%2Fk61U3IKrazsEd0B%2BVgDlb9H8FDzGltz0ycesva9bGtbGZliKzTwVhlnBVP878oJ0X8UgWfzihQp09mdvKHF%2B%2FonMSLvxLx%2FmzLqPxybyjt01a%2BcuKyEKgXpgyl0mtp4kg%3D%3D"}],"group":"cf-nel","max_age":604800} expires Thu, 31 Dec 2037 23:55:55 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=55721&min_rtt=32806&rtt_var=2815&sent=293&recv=98&lost=7&retrans=7&sent_bytes=330788&recv_bytes=10077&delivery_rate=98018&cwnd=68880&unsent_bytes=0&cid=52eb45a286080a41&ts=2281&x=1", cfHdrFlush;dur=0 date Fri, 29 Nov 2024 16:03:12 GMT content-type image/png last-modified Fri, 29 Nov 2024 14:58:05 GMT vary Accept-Encoding cache-control max-age=315360000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8ea3d394afc6cc05-MAD accept-ranges bytes content-length 442 server cloudflare
GET DATA	200 OK	truncated /	27 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6b3c4d3e255d73ca9e57959f5860c8357dbfad51249a6ee5a969c0d75f38f462` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Referer Response headers Content-Type image/svg+xml
GET H3	200	favicon.ico app-clientesing.info/html/imagenes/	4 KB 4 KB	74ms 74ms	Other image/x-icon	172.67.138.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-clientesing.info/html/imagenes/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.138.20 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a12b74568c0776358f2ff26213881adb74f667dabe484335d8e138bc5e98441e` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Referer https://app-clientesing.info/html/index4 Response headers content-encoding gzip cf-cache-status HIT etag W/"6749d67d-10be" age 879 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g8t4ABRNorruaqPTc6%2ByVmgb14mxm6tSZF3B5IIXe12Auk2tGa1lf2AU4U5Hr7%2Fp3LJ5MrVAIu2fuExQdC1ksifW2cyZr9kzPLUEjpYPoOmNS2mce1XC2aLUx%2BhdjGWEkHq%2FS496Dw%3D%3D"}],"group":"cf-nel","max_age":604800} expires Thu, 31 Dec 2037 23:55:55 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=54915&min_rtt=32806&rtt_var=3724&sent=295&recv=99&lost=7&retrans=7&sent_bytes=331966&recv_bytes=10509&delivery_rate=14646&cwnd=68880&unsent_bytes=0&cid=52eb45a286080a41&ts=2358&x=1", cfHdrFlush;dur=0 date Fri, 29 Nov 2024 16:03:12 GMT content-type image/x-icon last-modified Fri, 29 Nov 2024 14:58:05 GMT vary Accept-Encoding cache-control max-age=315360000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8ea3d395288bcc05-MAD server cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			app-clientesing.info/	1969-12-31 23:59:59	Name: PHPSESSID Value: 9fh2ln07crkrm6oqio7ic6ckip

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://kit.fontawesome.com/1b308ca3c0.js Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app-clientesing.info
kit.fontawesome.com
172.67.138.20
2606:4700:4400::ac40:93bc
0d5b3041f54d40189f7d2460558f4be41571d4540d41a69a15dcca00868c2d3d
4c693a6a0203f5a10fd1dec67a50a26c56577ed65b979d296e433fc537275c64
6b3c4d3e255d73ca9e57959f5860c8357dbfad51249a6ee5a969c0d75f38f462
9e1a37b95093d60f23028c3698d8f8d7c0591211add4d854ac1925a75a0ca006
a05c2e3569a17b76a45c4ba418dfe950d494ad5008d055cf6ab12b17899ae20c
a12b74568c0776358f2ff26213881adb74f667dabe484335d8e138bc5e98441e
ac1f522aabfdad4c5de0e182acc2d9cc262d38085d7d2fb8489698e5e92da1ef
f672788b4391c191399d0f623cd6a64689153b06ddce04daf37639bab7ee55c3

app-clientesing.info Open in urlscan Pro 172.67.138.20 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

306 kBTransfer

1181 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

app-clientesing.info Open in urlscan Pro
172.67.138.20 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

306 kB
Transfer

1181 kB
Size

1
Cookies

5 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!