meine-ing.app
Open in
urlscan Pro
172.67.195.174
Malicious Activity!
Public Scan
Effective URL: https://meine-ing.app/orra/information/itan
Submission: On December 17 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by WE1 on December 16th 2024. Valid for: 3 months.
This is the only time meine-ing.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ING Group (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 5 | 172.67.195.174 172.67.195.174 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2a02:26f0:480... 2a02:26f0:480:ba2::18de | 20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.) | |
3 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
13 | 4 |
ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
cdn.ing.de |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
meine-ing.app
1 redirects
meine-ing.app |
8 KB |
4 |
ing.de
cdn.ing.de — Cisco Umbrella Rank: 330108 |
166 KB |
3 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 225 |
241 KB |
0 |
wikipedia.de
Failed
www.wikipedia.de Failed |
|
13 | 4 |
Domain | Requested by | |
---|---|---|
5 | meine-ing.app |
1 redirects
meine-ing.app
|
4 | cdn.ing.de |
meine-ing.app
cdn.ing.de |
3 | cdnjs.cloudflare.com |
meine-ing.app
cdnjs.cloudflare.com |
0 | www.wikipedia.de Failed | |
13 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
meine-ing.app WE1 |
2024-12-16 - 2025-03-16 |
3 months | crt.sh |
www.ing-diba.de HydrantID Server CA O1 |
2024-09-20 - 2025-10-20 |
a year | crt.sh |
cdnjs.cloudflare.com WE1 |
2024-11-26 - 2025-02-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://meine-ing.app/orra/information/itan
Frame ID: B072162210EEA497065C9E73E121FFB0
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
ING LoginPage URL History Show full URLs
- https://meine-ing.app/ Page URL
-
http://meine-ing.app/start/itan
HTTP 307
https://meine-ing.app/start/itan HTTP 302
http://meine-ing.app/orra/information/itan HTTP 307
https://meine-ing.app/orra/information/itan Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://meine-ing.app/ Page URL
-
http://meine-ing.app/start/itan
HTTP 307
https://meine-ing.app/start/itan HTTP 302
http://meine-ing.app/orra/information/itan HTTP 307
https://meine-ing.app/orra/information/itan Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://meine-ing.app/favicon.ico HTTP 302
- https://www.wikipedia.de/
- https://meine-ing.app/favicon.ico HTTP 302
- https://www.wikipedia.de/
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
/
meine-ing.app/ |
164 B 825 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
itan
meine-ing.app/orra/information/ Redirect Chain
|
12 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
www.wikipedia.de/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.ibbr.css
cdn.ing.de/ing-feat-uilib-de/7.10.1/stylesheets/ |
698 KB 100 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/ |
82 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
info.js
meine-ing.app/js/orra/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ING_Deutschland_NoClaim.svg
cdn.ing.de/ing-feat-uilib-de/7.10.1/images/ |
16 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
INGMeWeb-Bold.woff2
cdn.ing.de/ing-feat-uilib-de/7.10.1/stylesheets/webfonts/ |
30 KB 30 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
INGMeWeb-Regular.woff2
cdn.ing.de/ing-feat-uilib-de/7.10.1/stylesheets/webfonts/ |
29 KB 30 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/webfonts/ |
122 KB 123 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/webfonts/ |
103 KB 103 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
www.wikipedia.de/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
online
meine-ing.app/user/ |
0 0 |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.wikipedia.de
- URL
- https://www.wikipedia.de/
- Domain
- www.wikipedia.de
- URL
- https://www.wikipedia.de/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ING Group (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
meine-ing.app/ | Name: PHPSESSID Value: 142as1q7c4jircbnm4qnrcrhae |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.ing.de
cdnjs.cloudflare.com
meine-ing.app
www.wikipedia.de
www.wikipedia.de
104.17.24.14
172.67.195.174
2a02:26f0:480:ba2::18de
2051bdb87956ea59024d284614de68cb5dd7852deeb3ae8e46f82203d844fc1b
33a252d6393cbd6debe0ac517229c7aa258a0ee68fc0253f8be6a7cee8b65ee9
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
6bcde1fbefc1029ee1f42846b4b2cf6deb261760c28bad57f42a2058b0cfb96b
7e66d580dc7ffe48ccaa8c3209508ed993e50ff0376d6757803266c02fce8753
94e1bbc1c2a41ebc73fa5253fd563256c0035b4d69181e48f9aef9e474a11251
9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf
a361e7885c36bacb3fd9cb068da207c3b9329962cac022d06e28923939f575e8
af45cc4896081793ba38201196efc6a768277c5cb9b72c6f6fcc21fcb2184914
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155