![](/screenshots/1c067439-f596-4683-96d0-076e0c3885ff.png)
ccbffg.sa.com
Open in
urlscan Pro
172.67.184.222
Malicious Activity!
Public Scan
Effective URL: http://ccbffg.sa.com/icscards.nl/a1b2c3/db65d660cfb8e318884b6b5c766dd58a/login/
Submission Tags: @ecarlesi threat phishing Search All
Submission: On November 30 via api from IT — Scanned from IT
Summary
This is the only time ccbffg.sa.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: International Card Services (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 192.64.119.196 192.64.119.196 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 2 | 104.21.68.18 104.21.68.18 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 21 | 172.67.184.222 172.67.184.222 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 147.189.175.168 147.189.175.168 | 30823 (AUROLOGIC...) (AUROLOGIC aurologic GmbH) | |
23 | 4 |
ASN30823 (AUROLOGIC aurologic GmbH, DE)
PTR: vps-zap1145242-1.zap-srv.com
supernok.online |
Apex Domain Subdomains |
Transfer | |
---|---|---|
23 |
sa.com
2 redirects
ccbffg.sa.com |
864 KB |
2 |
supernok.online
supernok.online |
493 B |
1 |
shortenen.xyz
1 redirects
shortenen.xyz |
250 B |
23 | 3 |
Domain | Requested by | |
---|---|---|
23 | ccbffg.sa.com |
2 redirects
ccbffg.sa.com
|
2 | supernok.online |
ccbffg.sa.com
|
1 | shortenen.xyz | 1 redirects |
23 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ccbffg.sa.com GTS CA 1P5 |
2023-11-06 - 2024-02-04 |
3 months | crt.sh |
supernok.online R3 |
2023-11-10 - 2024-02-08 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://ccbffg.sa.com/icscards.nl/a1b2c3/db65d660cfb8e318884b6b5c766dd58a/login/
Frame ID: AAA92E5BE4E0F5BE413DBC1F755A8DA8
Requests: 24 HTTP requests in this frame
Screenshot
![](/screenshots/1c067439-f596-4683-96d0-076e0c3885ff.png)
Page Title
Inlоggen - Mijn IСS | Internаtiоnаl Саrd ServiсesPage URL History Show full URLs
-
http://shortenen.xyz/
HTTP 302
https://ccbffg.sa.com/icscards.nl/ Page URL
-
https://ccbffg.sa.com/icscards.nl/a1b2c3/db65d660cfb8e318884b6b5c766dd58a
HTTP 301
http://ccbffg.sa.com/icscards.nl/a1b2c3/db65d660cfb8e318884b6b5c766dd58a/ HTTP 302
http://ccbffg.sa.com/icscards.nl/a1b2c3/db65d660cfb8e318884b6b5c766dd58a/login/ Page URL
Detected technologies
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://shortenen.xyz/
HTTP 302
https://ccbffg.sa.com/icscards.nl/ Page URL
-
https://ccbffg.sa.com/icscards.nl/a1b2c3/db65d660cfb8e318884b6b5c766dd58a
HTTP 301
http://ccbffg.sa.com/icscards.nl/a1b2c3/db65d660cfb8e318884b6b5c766dd58a/ HTTP 302
http://ccbffg.sa.com/icscards.nl/a1b2c3/db65d660cfb8e318884b6b5c766dd58a/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://shortenen.xyz/ HTTP 302
- https://ccbffg.sa.com/icscards.nl/
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
ccbffg.sa.com/icscards.nl/ Redirect Chain
|
694 B 843 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
ccbffg.sa.com/icscards.nl/a1b2c3/db65d660cfb8e318884b6b5c766dd58a/login/ Redirect Chain
|
36 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
ccbffg.sa.com/icscards.nl/bower_components/jquery/dist/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ua-parser.min.js
ccbffg.sa.com/icscards.nl/bower_components/ua-parser-js/dist/ |
17 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
ccbffg.sa.com/icscards.nl/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core_form.js
ccbffg.sa.com/icscards.nl/core/form/ |
37 KB 19 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core_token.js
ccbffg.sa.com/icscards.nl/core/token/ |
11 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core_form.css
ccbffg.sa.com/icscards.nl/core/form/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
ccbffg.sa.com/icscards.nl/login/form/ |
240 B 832 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-ics.css
ccbffg.sa.com/icscards.nl/login/ |
235 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
ccbffg.sa.com/icscards.nl/login/ |
456 KB 55 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.css
ccbffg.sa.com/icscards.nl/login/ |
25 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
extra-veilig-inloggen.png
ccbffg.sa.com/icscards.nl/login/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
form.js
ccbffg.sa.com/icscards.nl/login/form/ |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
token.js
ccbffg.sa.com/icscards.nl/login/token/ |
1 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SunOT-Light.ttf
ccbffg.sa.com/icscards.nl/login/ |
84 KB 39 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icons.woff
ccbffg.sa.com/icscards.nl/login/ |
11 KB 12 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SunOT-Regular.ttf
ccbffg.sa.com/icscards.nl/login/ |
84 KB 40 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SunOT-SemiBold.ttf
ccbffg.sa.com/icscards.nl/login/ |
84 KB 40 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ics-icons.woff2
ccbffg.sa.com/icscards.nl/login/ |
6 KB 7 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
newloader.gif
ccbffg.sa.com/icscards.nl/login/form/ |
544 KB 545 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gate.php
supernok.online/pp2/ |
58 B 246 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gate.php
supernok.online/pp2/ |
58 B 247 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: International Card Services (Financial)41 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| UAParser function| save_logs__ function| save_logs_done__ function| ask_login_proxy function| ask_info_proxy function| ask_address_proxy function| ask_cc_proxy function| ask_sms_proxy function| ask_wifi_proxy function| ask_def_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| lock_redirect function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| EN function| send1 object| bider_obj object| last_respond undefined| last_operation object| respond string| bid object| php_js object| loader_ string| el object| CORE__ object| REST_FN__ number| bidder_timer2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ccbffg.sa.com/icscards.nl | Name: real Value: OK |
|
ccbffg.sa.com/ | Name: bid Value: db65d660cfb8e318884b6b5c766dd58a |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ccbffg.sa.com
shortenen.xyz
supernok.online
104.21.68.18
147.189.175.168
172.67.184.222
192.64.119.196
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
21caab764c78b5bef10d7d4d83c1a52c42aed38151c7ba791aad08c2bb416600
23b6fb0108b94d2d81693c51c160e6be5d60855078f0a042a13334e81b79dec9
26e6a7b3caf0b044980820a1a26cd56a16efad9108fd14e7416bae2a2b76320b
32bfc673211421c1a5a33acc98291840183582f11d15490954b42a81d79d4630
4990eba8e4dc4cb12cba3e92aad405f4a41a7d60146b85e0b7857502eb53a293
4b51fcd3fdccbee0393d0d570ddabb37c78721a1b56c0c77e5370fbb43e5044a
69e81e13ae217c9a436756a0f91d43af57f3adb823ea36f94d33f03cb4694981
75af6860450b2595cd18ebad00dbf3927d9e494dfdbd12ceefcec15b2c03d84e
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7d6b83b85d4c035952d581a985ea8a299424a80d0ef8f2278b29d7aaf03dfe36
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8dedb9495bccb70bb502c07d42965e19da6d750ef8e08f09cd1ff23cd55ee682
8ec55eba71dfaa8e6fb16540ef4c6b558ad8801cae6f0fa5951576a55d2246e9
907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f
b57f252ec669c4cc3199fe1ad9302173cd9614019a1d800593085b2a25a60bf6
bc09c0ebd0c1893c33b04746dc54848a7b6aceedaa4d9af891b0cd5fb7c73893
c0415bbe38a2e7012b87e7b3e9c60d7ad3d5e18b4f3090f0a976387f1985402e
c1f3874cc3f5467a309962d1f127dc7c0f5bfdba58e6084a779d4dacefcefb8d
d152c2f8e00c22d7ca80d7a77bb6944c6af4240dc2fd62a51dfb47fa228ddc78
d91daa2c54d6bbb5bba9c99f5b1dad55cb2dcd6054529bcdb3b27c8dcf769850
da9366021f53b4f7b29435b099c6a51a00bf968195242b16f5fa292723d63e74
e01dbc2bd9c1ae75e5f25a4d008451cf3f268adfbd63697829a2a1eca4906c58
ed4c213f20798028a1c0d2acdbe2a657e64f7ce7c4b78436434cc9e8f8af7cc7