ScanMalware.com

Security Scan Report: backstage.ing.net

Redirected to: https://login.microsoftonline.com/587b6ea1-3db9-4fe1-a9d7-85d4c64ce5cc/oauth2/authorize?response_type=code&client_id=44f6435f-25f0-40fe-9ef5-dc5e400974c8&scope=openid&nonce=873d6b16-4ec4-4114-8d85-312902dc1685&redirect_uri=https%3a%2f%2fbackstage.ing.net%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fbackstage.ing.net%5c%2f%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%22ef55ceff-d837-4d94-9f79-9e2370a501da%22%7d%23EndOfStateParam%23&client-request-id=ef55ceff-d837-4d94-9f79-9e2370a501da&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=true

Submitted: Mar 30, 2026, 6:55:24 PMCompleted: Mar 30, 2026, 6:56:33 PMpubliccompleted
Loading additional data...

Summary

This website contacted 6 IPs in 3 countries across 7 domains to perform 1 HTTP transaction. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://backstage.ing.net

Effective URL: https://login.microsoftonline.com/587b6ea1-3db9-4fe1-a9d7-85d4c64ce5cc/oauth2/authorize?response_type=code&client_id=44f6435f-25f0-40fe-9ef5-dc5e400974c8&scope=openid&nonce=873d6b16-4ec4-4114-8d85-312902dc1685&redirect_uri=https%3a%2f%2fbackstage.ing.net%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fbackstage.ing.net%5c%2f%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%22ef55ceff-d837-4d94-9f79-9e2370a501da%22%7d%23EndOfStateParam%23&client-request-id=ef55ceff-d837-4d94-9f79-9e2370a501da&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=trueRedirected

The Cisco Umbrella rank of the primary domain is #462,619 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 80%

8
Risk Score

Page mimics ING login but forwards credentials to Microsoft; likely a phishing attempt – avoid entering credentials.

Risk Factors
Cross‑origin credential form collecting email and password
Brand impersonation: ING branding on a domain that redirects to Microsoft login
Low Cisco Umbrella ranking for a brand‑impersonating site
Highly obfuscated JavaScript (critical score)
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

The domain name 'backstage.ing.net' uses the network infrastructure generic top-level domain (.net); it also runs on subdomain 'backstage'. Count 3 characters in 'ing' containing one vowel alongside 2 consonants. Word splitting yields 1 word: ing. The median word length lands at three characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://backstage.ing.net

Page Load Overview

0.72s
Total Load Time
17
HTTP Requests
5
Domains
960 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:192 chars
Detector Agreement:67%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
713.69.109.131Netherlands
AS8075
213.107.246.44Ireland
AS20940
240.126.31.131GermanyUnknown
240.126.32.72Amsterdam, North Holland, Netherlands
AS8075Microsoft Corporation
223.207.210.137UnknownUnknown
298.67.183.227Frankfurt am Main, Hesse, Germany
AS8075Microsoft Corporation
176--

Detected Technologies4

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T114835CE97E722937824A45B5B5797E02BB7A5D038848DD70F19CC9882FFB74D8223607

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:j28GLG2H/u/X83u/LH/VT/u6/3hLoIyEk77gx2xpTvPoMmCBIEBpQiZ/JSC:K8B2WsSLJ32RAtC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:85566:LUBqooQwkCkAVFMAIGEcIBRAYABggowxUQofoSjYFWjADERODRwhAAWFSCBVNzBi0TFgxdpFgloQUEQIbeBDCeTEEARAKEKi

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:c0001818381c0000
Perceptual Hash:d9497372cc73890d
Difference Hash:80103233b2314c6c
Wavelet Hash:c0c038fdfffce400
Color Hash:#2dbcd2

Other Hashes

Crop Resistant:b2b0e2bc9382be9a,1ab2c0b2b2ea80da,80103233b2314c6c

Scan History

Scan history not available

Unable to load historical scan data