Report - ing.es-clienteacceso.info/

Report Overview

Submitted URL
ing.es-clienteacceso.info/
IP
172.67.212.186
ASN
#13335 CLOUDFLARENET
Submitted
2023-06-02 11:34:02
Access
public
Website Title
Final URL
Tags
ing_bank financial phishing
urlquery detections
Phishing - ING Group

Detections

urlquery
19
Network Intrusion Detection
0
Threat Detection Systems
24

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ing.es-clienteacceso.info	unknown	2023-06-01	2023-06-02	2023-06-02	6.3 kB	311 kB	172.67.212.186

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator
2023-06-01	medium	ing.es-clienteacceso.info/
2023-06-01	medium	ing.es-clienteacceso.info/
2023-06-01	medium	ing.es-clienteacceso.info/
2023-06-01	medium	ing.es-clienteacceso.info/
2023-06-01	medium	ing.es-clienteacceso.info/
2023-06-01	medium	ing.es-clienteacceso.info/
2023-06-01	medium	ing.es-clienteacceso.info/
2023-06-01	medium	ing.es-clienteacceso.info/
2023-06-01	medium	ing.es-clienteacceso.info/
2023-06-01	medium	ing.es-clienteacceso.info/
2023-06-01	medium	ing.es-clienteacceso.info/
2023-06-01	medium	ing.es-clienteacceso.info/

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	ing.es-clienteacceso.info/loginon.php	939 B	2023-04-27	2024-01-15
Pretty URL ing.es-clienteacceso.info/loginon.php IP 172.67.212.186 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-27 06:59:03 Last Seen2024-01-15 03:20:39 Times Seen33 Hash 8884ab65d326c1788b0172e8ae3136c7 f6b9680537a40b12eb83dd86c7ebde5e5d1c1b95 e9026d5d09c0ba42d73634f37601249c208fdc6dcc6da8876ce769b8e53d5cbf Loading...

	ing.es-clienteacceso.info/wp-content/jquery-3.5.1.min.js	90 kB	2023-03-07	2024-04-24
Pretty URL ing.es-clienteacceso.info/wp-content/jquery-3.5.1.min.js IP 172.67.212.186 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-24 23:28:14 Times Seen139036 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	ing.es-clienteacceso.info/wp-content/jquery.cookie.js	3.1 kB	2023-03-07	2024-04-24
Pretty URL ing.es-clienteacceso.info/wp-content/jquery.cookie.js IP 172.67.212.186 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:39 Last Seen2024-04-24 21:12:52 Times Seen9124 Hash d5528dde0006c78be04817327c2f9b6f 31e1bcc4cf805a2c2fee21f48ded1e598f64a2a8 b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8 Loading...

	ing.es-clienteacceso.info/wp-content/principal.js	29 kB	2023-05-10	2024-01-15
Pretty URL ing.es-clienteacceso.info/wp-content/principal.js IP 172.67.212.186 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-10 12:42:04 Last Seen2024-01-15 03:20:39 Times Seen41 Hash 21a2a6de63ecf9eb69fc16225a0429a9 b9b476b5f48b20cdb956282236fd9513180c3317 1f0b78ae3ba9a2b623b12300847a74adda9937f40757eb49126fe1fe40783171 Loading...

HTTP Transactions (12)

URL IP Response Size

ing.es-clienteacceso.info/wp-content/options.png

172.67.212.186

200 OK

9.9 kB

URL GET HTTP/3
ing.es-clienteacceso.info/wp-content/options.png
IP
172.67.212.186:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ing.es-clienteacceso.info/loginon.php
Certificate
IssuerLet's Encrypt
Subjectes-clienteacceso.info
FingerprintD0:49:9C:0E:89:F0:C4:3A:83:70:C9:A1:74:B2:83:64:85:1D:9C:49
ValidityThu, 01 Jun 2023 18:51:53 GMT - Wed, 30 Aug 2023 18:51:52 GMT

File type
PNG image data, 445 x 79, 8-bit/color RGBA, non-interlaced\012- data
Size
9.9 kB (9854 bytes)
Hash
330ed1899ab8fd48cd0198d4db335bf4
fa51bcda916844066f32b9da4301d2e4559dd11a
c486cddcf659e2791d5fbf1d80227468786dc18a6f6c55eb7ba951618e8a733c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - ING Group
urlquery	phishing	Phishing - ING Group
openphish	ING

HTTP Headers

GET /wp-content/options.png HTTP/1.1
Host: ing.es-clienteacceso.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ing.es-clienteacceso.info/loginon.php
Cookie: PHPSESSID=9a9hh58j7lht27fm2lugbn3sku
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 02 Jun 2023 11:33:47 GMT
content-type: image/png
content-length: 9854
last-modified: Thu, 01 Jun 2023 19:48:51 GMT
etag: "6478f623-267e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wnO0LHlFAHiAZzzdwKnvsMlU0NfWBXn2PrXKQtHvrWff9m6WmTJxeSyxmKzWNMHi2UChbt1kOS2DuzKGObvBFMG1qr5dS8HHFGzyDvliHrvNXaraF3%2FO6uqIvwYMpSBu2QNS8ndBOs4rYQZw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0f6227bf4eb4eb-OSL
alt-svc: h3=":443"; ma=86400

ing.es-clienteacceso.info/wp-content/main.css

172.67.212.186

200 OK

37 kB

URL GET HTTP/3
ing.es-clienteacceso.info/wp-content/main.css
IP
172.67.212.186:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ing.es-clienteacceso.info/loginon.php
Certificate
IssuerLet's Encrypt
Subjectes-clienteacceso.info
FingerprintD0:49:9C:0E:89:F0:C4:3A:83:70:C9:A1:74:B2:83:64:85:1D:9C:49
ValidityThu, 01 Jun 2023 18:51:53 GMT - Wed, 30 Aug 2023 18:51:52 GMT

File type
assembler source, ASCII text, with very long lines (638)
Size
37 kB (37387 bytes)
Hash
d603497224bad941f531ecf4160812f7
f92ead9fb7eba93cb5d025730773cac50df889f8
229dc1f197a988544212ef960f1ae713e5436e6caa1339d7c52d1e9057706f69

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - ING Group
urlquery	phishing	Phishing - ING Group
openphish	ING

HTTP Headers

GET /wp-content/main.css HTTP/1.1
Host: ing.es-clienteacceso.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ing.es-clienteacceso.info/loginon.php
Cookie: PHPSESSID=9a9hh58j7lht27fm2lugbn3sku
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 02 Jun 2023 11:33:47 GMT
content-type: text/css
last-modified: Thu, 01 Jun 2023 19:48:51 GMT
vary: Accept-Encoding
etag: W/"6478f623-922e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OX3d5c%2FVatD%2BN%2BqIrYgCVQQjrdveWifKOLc76oVDajtVmUrw5e3WKmDQ9r7rK2ScN4f0i7N%2FxEA7qeEpLgkEos2ZZFG8Vg8Z28oEGTVUoBsgp3j1dyI90XGQGGpq%2Bj%2B8RrdU30T2S%2BVcn9%2Bo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d0f6227bf45b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ing.es-clienteacceso.info/wp-content/jquery-3.5.1.min.js

172.67.212.186

200 OK

62 kB

URL GET HTTP/3
ing.es-clienteacceso.info/wp-content/jquery-3.5.1.min.js
IP
172.67.212.186:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ing.es-clienteacceso.info/loginon.php
Certificate
IssuerLet's Encrypt
Subjectes-clienteacceso.info
FingerprintD0:49:9C:0E:89:F0:C4:3A:83:70:C9:A1:74:B2:83:64:85:1D:9C:49
ValidityThu, 01 Jun 2023 18:51:53 GMT - Wed, 30 Aug 2023 18:51:52 GMT

File type
ASCII text, with very long lines (65451)
Size
62 kB (61584 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - ING Group
urlquery	phishing	Phishing - ING Group
openphish	ING

HTTP Headers

GET /wp-content/jquery-3.5.1.min.js HTTP/1.1
Host: ing.es-clienteacceso.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ing.es-clienteacceso.info/loginon.php
Cookie: PHPSESSID=9a9hh58j7lht27fm2lugbn3sku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 02 Jun 2023 11:33:47 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 01 Jun 2023 19:48:51 GMT
vary: Accept-Encoding
etag: W/"6478f623-15d84"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ilifwdgk74uZPumT6E8tGE6e%2Bwr%2FAR1CPuxsl6NotyY4eWmAhBedxdoMZinF853ZBwAmIlXSqXpC8%2B793afPPXU1bX2NInl3PKyu%2Flk8lcC2S2H4NucW0HU97mnxgKhWF0pjH%2FO5WXGRxO3A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d0f6227bf46b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ing.es-clienteacceso.info/

172.67.212.186

302 Found

15 kB

URL User Request GET HTTP/2
ing.es-clienteacceso.info/
IP
172.67.212.186:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectes-clienteacceso.info
FingerprintD0:49:9C:0E:89:F0:C4:3A:83:70:C9:A1:74:B2:83:64:85:1D:9C:49
ValidityThu, 01 Jun 2023 18:51:53 GMT - Wed, 30 Aug 2023 18:51:52 GMT

File type

Size
15 kB (15423 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	ING

HTTP Headers

GET / HTTP/1.1
Host: ing.es-clienteacceso.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 02 Jun 2023 11:33:46 GMT
content-type: text/html; charset=UTF-8
location: ./loginon.php
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=9a9hh58j7lht27fm2lugbn3sku; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qMqG0G4xGWx%2BNUdZyisx46Fn1isPV%2Fd3pVj5mV3tBSc8XRDE2okrHHt8Cpd0T967INhO9otvn3LMaN4leyJx%2FELlym8%2FyG%2Frz4b52WCWGEdWHRGJjq016qMNKu%2BXoOn%2FjwhSAzEI2pek6GSm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d0f621c8d0fb515-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ing.es-clienteacceso.info/loginon.php

172.67.212.186

200 OK

15 kB

URL User Request GET HTTP/2
ing.es-clienteacceso.info/loginon.php
IP
172.67.212.186:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectes-clienteacceso.info
FingerprintD0:49:9C:0E:89:F0:C4:3A:83:70:C9:A1:74:B2:83:64:85:1D:9C:49
ValidityThu, 01 Jun 2023 18:51:53 GMT - Wed, 30 Aug 2023 18:51:52 GMT

File type

Size
15 kB (15423 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	ING

HTTP Headers

GET /loginon.php HTTP/1.1
Host: ing.es-clienteacceso.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=9a9hh58j7lht27fm2lugbn3sku
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 02 Jun 2023 11:33:46 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AM9wK%2FU0rt%2BwqbRJgHu5SDiNMcEDgcrPPJw%2BYu3JgcxOzRi7JVPMPiKFBOv%2Bap0gpTI6vruL11WKh22vB3yllFY7kSUn1cJS2GzXhKGlUGSKYHnsd2KYWEw%2F9PxZn61na1KAhUwLOGzfqQQE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d0f6224a8b4b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ing.es-clienteacceso.info/wp-content/jquery.cookie.js

172.67.212.186

200 OK

3.1 kB

URL GET HTTP/3
ing.es-clienteacceso.info/wp-content/jquery.cookie.js
IP
172.67.212.186:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ing.es-clienteacceso.info/loginon.php
Certificate
IssuerLet's Encrypt
Subjectes-clienteacceso.info
FingerprintD0:49:9C:0E:89:F0:C4:3A:83:70:C9:A1:74:B2:83:64:85:1D:9C:49
ValidityThu, 01 Jun 2023 18:51:53 GMT - Wed, 30 Aug 2023 18:51:52 GMT

File type
ASCII text, with very long lines (3441), with no line terminators
Size
3.1 kB (3121 bytes)
Hash
c70a657c6ff1764a238929b6e46fb8e4
e2a8eb96b388abf14690ea14fe4af3f600296235
466840a5176a0d6bd70e2d5ade5928ad656ca6b9cd3040a241e33478c63f5813

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - ING Group
urlquery	phishing	Phishing - ING Group
openphish	ING

HTTP Headers

GET /wp-content/jquery.cookie.js HTTP/1.1
Host: ing.es-clienteacceso.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ing.es-clienteacceso.info/loginon.php
Cookie: PHPSESSID=9a9hh58j7lht27fm2lugbn3sku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 02 Jun 2023 11:33:47 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 01 Jun 2023 19:48:51 GMT
vary: Accept-Encoding
etag: W/"6478f623-c31"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZLDdMB%2FtLqgymqx0wW7sYkhCujaXP96qWRL7vAzPs3FPMUw%2B25GqecaFfatekFC0NmDsy13l6WQE7aOJDAK1iUqZPLcNMJRQqpoZ6TqvpO7eb7dOCAj9Pd0GPleX%2FFecLEMBzEzMXuEi%2FC6A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d0f6227bf4cb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ing.es-clienteacceso.info/wp-content/INGMeWeb-Regular.woff2

172.67.212.186

200 OK

30 kB

URL GET HTTP/3
ing.es-clienteacceso.info/wp-content/INGMeWeb-Regular.woff2
IP
172.67.212.186:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ing.es-clienteacceso.info/loginon.php
Certificate
IssuerLet's Encrypt
Subjectes-clienteacceso.info
FingerprintD0:49:9C:0E:89:F0:C4:3A:83:70:C9:A1:74:B2:83:64:85:1D:9C:49
ValidityThu, 01 Jun 2023 18:51:53 GMT - Wed, 30 Aug 2023 18:51:52 GMT

File type
Web Open Font Format (Version 2), TrueType, length 29616, version 1.0\012- data
Size
30 kB (29616 bytes)
Hash
97205b19383b6a85ef38eb0997c23c35
f7e0af7cfde57e454dde3a2a0c878cc37de5841e
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - ING Group
urlquery	phishing	Phishing - ING Group
openphish	ING

HTTP Headers

GET /wp-content/INGMeWeb-Regular.woff2 HTTP/1.1
Host: ing.es-clienteacceso.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ing.es-clienteacceso.info/wp-content/main.css
Cookie: PHPSESSID=9a9hh58j7lht27fm2lugbn3sku
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 02 Jun 2023 11:33:48 GMT
content-type: font/woff2
content-length: 29616
last-modified: Thu, 01 Jun 2023 19:48:51 GMT
etag: "6478f623-73b0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2iHi61feVimdAcVvYzzfiSaQJZqtkp%2BCJ7G%2Fa9cIioiU%2F7kqdaYa60Y6QXWFWwlMslC4UyPc1iVqntGou%2FPw3gybFrCajPntVsclM%2FVMOiNdHe9FcaOmAyLCOMXUDMLuHnwtvVMknpMGhR7S"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0f622c2ca5b4eb-OSL
alt-svc: h3=":443"; ma=86400

ing.es-clienteacceso.info/wp-content/INGMeWeb-Bold.woff2

172.67.212.186

200 OK

30 kB

URL GET HTTP/3
ing.es-clienteacceso.info/wp-content/INGMeWeb-Bold.woff2
IP
172.67.212.186:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ing.es-clienteacceso.info/loginon.php
Certificate
IssuerLet's Encrypt
Subjectes-clienteacceso.info
FingerprintD0:49:9C:0E:89:F0:C4:3A:83:70:C9:A1:74:B2:83:64:85:1D:9C:49
ValidityThu, 01 Jun 2023 18:51:53 GMT - Wed, 30 Aug 2023 18:51:52 GMT

File type
Web Open Font Format (Version 2), TrueType, length 30456, version 1.0\012- data
Size
30 kB (30456 bytes)
Hash
126c1fdeee5cc17fef5f5909ebb5c86f
e2676a4a0c0f88ad2f33fe8acefc038073785de3
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - ING Group
urlquery	phishing	Phishing - ING Group
openphish	ING

HTTP Headers

GET /wp-content/INGMeWeb-Bold.woff2 HTTP/1.1
Host: ing.es-clienteacceso.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ing.es-clienteacceso.info/wp-content/main.css
Cookie: PHPSESSID=9a9hh58j7lht27fm2lugbn3sku
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 02 Jun 2023 11:33:48 GMT
content-type: font/woff2
content-length: 30456
last-modified: Thu, 01 Jun 2023 19:48:51 GMT
etag: "6478f623-76f8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0aQgeNjkbwbAT7k%2Fo9BGqB%2Bgq4mh9Wlz3%2Bot9UHDIb7sdZ0UMV1qddykTOQb4xjzip2jb2xw4g0UUy8iulVHra5CS8%2BfBdmi5UkwgewG4LqCYJfon33cTePXvit04wxsHcwR9Gn7ol4mNDn0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0f622c3cb3b4eb-OSL
alt-svc: h3=":443"; ma=86400

ing.es-clienteacceso.info/wp-content/favicon.ico

172.67.212.186

200 OK

4.3 kB

URL GET HTTP/3
ing.es-clienteacceso.info/wp-content/favicon.ico
IP
172.67.212.186:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ing.es-clienteacceso.info/loginon.php
Certificate
IssuerLet's Encrypt
Subjectes-clienteacceso.info
FingerprintD0:49:9C:0E:89:F0:C4:3A:83:70:C9:A1:74:B2:83:64:85:1D:9C:49
ValidityThu, 01 Jun 2023 18:51:53 GMT - Wed, 30 Aug 2023 18:51:52 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Size
4.3 kB (4286 bytes)
Hash
a2025d9c341a20513167370800eea233
f4ab651a1d7f681b5aec6c2a7f6b000ce5f83524
a12b74568c0776358f2ff26213881adb74f667dabe484335d8e138bc5e98441e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - ING Group
urlquery	phishing	Phishing - ING Group
openphish	ING

HTTP Headers

GET /wp-content/favicon.ico HTTP/1.1
Host: ing.es-clienteacceso.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ing.es-clienteacceso.info/loginon.php
Cookie: PHPSESSID=9a9hh58j7lht27fm2lugbn3sku
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 02 Jun 2023 11:33:48 GMT
content-type: image/x-icon
last-modified: Thu, 01 Jun 2023 19:48:51 GMT
etag: W/"6478f623-10be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VD%2B7x1I%2BaNN9z47%2BVUr%2B%2BlQLF6eHY1vBUyJoWg6iaadp525MwGs2BiKrmf7TcsvKnfsjR%2BVkrscXvH3y%2BRJnqC%2BRixZ2dBim504Y8uC6vYYrSebBaTioIjCi1UzudpSqJJOrifXZg7Krhz48"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0f62301a2eb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ing.es-clienteacceso.info/wp-content/principal.js

172.67.212.186

200 OK

29 kB

URL GET HTTP/3
ing.es-clienteacceso.info/wp-content/principal.js
IP
172.67.212.186:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ing.es-clienteacceso.info/loginon.php
Certificate
IssuerLet's Encrypt
Subjectes-clienteacceso.info
FingerprintD0:49:9C:0E:89:F0:C4:3A:83:70:C9:A1:74:B2:83:64:85:1D:9C:49
ValidityThu, 01 Jun 2023 18:51:53 GMT - Wed, 30 Aug 2023 18:51:52 GMT

File type

Size
29 kB (29197 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	ING

HTTP Headers

GET /wp-content/principal.js HTTP/1.1
Host: ing.es-clienteacceso.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ing.es-clienteacceso.info/loginon.php
Cookie: PHPSESSID=9a9hh58j7lht27fm2lugbn3sku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 02 Jun 2023 11:33:47 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 01 Jun 2023 19:48:51 GMT
vary: Accept-Encoding
etag: W/"6478f623-720d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZjP%2B%2BhiOuEnrM1c5W02J4gexGCAihrVa%2BQaN7YrstOqHjdGo6nprol04hywuLNCwHgdBjgGDEQ92PHlRvKsFOQRMtRpVWh7E9h1lPBdoekVElKWR2pSQia9iL9p0qdmxaZEEc9sib0WXYNPy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d0f6227bf52b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ing.es-clienteacceso.info/wp-content/lion-reversed.svg

172.67.212.186

200 OK

28 kB

URL GET HTTP/3
ing.es-clienteacceso.info/wp-content/lion-reversed.svg
IP
172.67.212.186:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ing.es-clienteacceso.info/loginon.php
Certificate
IssuerLet's Encrypt
Subjectes-clienteacceso.info
FingerprintD0:49:9C:0E:89:F0:C4:3A:83:70:C9:A1:74:B2:83:64:85:1D:9C:49
ValidityThu, 01 Jun 2023 18:51:53 GMT - Wed, 30 Aug 2023 18:51:52 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (10685)
Size
28 kB (27717 bytes)
Hash
fcc1889b9ff054ccc3edbca148a17426
3a4a3246a94e32c6eb92dfff62763dead15dda22
6b3c4d3e255d73ca9e57959f5860c8357dbfad51249a6ee5a969c0d75f38f462

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - ING Group
urlquery	phishing	Phishing - ING Group
openphish	ING

HTTP Headers

GET /wp-content/lion-reversed.svg HTTP/1.1
Host: ing.es-clienteacceso.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ing.es-clienteacceso.info/wp-content/main.css
Cookie: PHPSESSID=9a9hh58j7lht27fm2lugbn3sku
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 02 Jun 2023 11:33:47 GMT
content-type: image/svg+xml
last-modified: Thu, 01 Jun 2023 19:48:51 GMT
vary: Accept-Encoding
etag: W/"6478f623-6c45"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9sgX6FCeoTX5Tpa9xMc9vkJ18mfzfGSHfT2Dkan56QT8CL4UA1Jso0koEyFn3aB5rctvR21%2FcfHoBXgz7P3RqCwjRVCQpSUQXYK95s5CMeq3moB%2B1ENoFYs5EBgSSxZv%2FRwzyCCK9HRhKzOl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d0f622bfc75b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ing.es-clienteacceso.info/wp-content/logo.svg

172.67.212.186

200 OK

38 kB

URL GET HTTP/3
ing.es-clienteacceso.info/wp-content/logo.svg
IP
172.67.212.186:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ing.es-clienteacceso.info/loginon.php
Certificate
IssuerLet's Encrypt
Subjectes-clienteacceso.info
FingerprintD0:49:9C:0E:89:F0:C4:3A:83:70:C9:A1:74:B2:83:64:85:1D:9C:49
ValidityThu, 01 Jun 2023 18:51:53 GMT - Wed, 30 Aug 2023 18:51:52 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (32870)
Size
38 kB (38293 bytes)
Hash
e3f40009f3551a33351ee943b8654cbb
2416af536a34a5c50e1475e0bebcd9bbbe0d3b9b
1a77d762d62e1948dd5c2346672422e68cea346657fe350c42a30705721100cf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - ING Group
urlquery	phishing	Phishing - ING Group
openphish	ING

HTTP Headers

GET /wp-content/logo.svg HTTP/1.1
Host: ing.es-clienteacceso.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ing.es-clienteacceso.info/wp-content/main.css
Cookie: PHPSESSID=9a9hh58j7lht27fm2lugbn3sku
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 02 Jun 2023 11:33:47 GMT
content-type: image/svg+xml
last-modified: Thu, 01 Jun 2023 19:48:51 GMT
vary: Accept-Encoding
etag: W/"6478f623-9595"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6pwLv%2BEQCxHdWNImN4hnmKlpItnWHUJwYOPefHzdJkBTgTjFUd95Gy3oLwtaT1e0jSW42wcdDjRYXbr7yelQtmvwSo0HenLsGv9A3LcTLB8TDf3iuqNpbbuos5VOu%2B8wJ2RQXSF%2Fy5fErPfn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d0f622c2c9eb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate