ccifach.meetonline24.link
Open in
urlscan Pro
178.162.199.80
Malicious Activity!
Public Scan
Effective URL: https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN
Submission: On March 19 via manual from FR — Scanned from FR
Summary
TLS certificate: Issued by R3 on January 24th 2024. Valid for: 3 months.
This is the only time ccifach.meetonline24.link was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 59.120.118.168 59.120.118.168 | 3462 (HINET Dat...) (HINET Data Communication Business Group) | |
7 | 178.162.199.80 178.162.199.80 | 28753 (LEASEWEB-...) (LEASEWEB-DE-FRA-10) | |
7 | 1 |
ASN3462 (HINET Data Communication Business Group, TW)
PTR: 59-120-118-168.hinet-ip.hinet.net
ppt.cc |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
meetonline24.link
ccifach.meetonline24.link |
472 KB |
1 |
ppt.cc
1 redirects
ppt.cc — Cisco Umbrella Rank: 502646 |
316 B |
7 | 2 |
Domain | Requested by | |
---|---|---|
7 | ccifach.meetonline24.link |
ccifach.meetonline24.link
|
1 | ppt.cc | 1 redirects |
7 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
meetonline24.link R3 |
2024-01-24 - 2024-04-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN
Frame ID: A6E5481E8F6C6959D7E5D558BA9801CC
Requests: 7 HTTP requests in this frame
Screenshot
Page Title
Connexion InternetPage URL History Show full URLs
-
https://ppt.cc/f51GIx
HTTP 302
https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ppt.cc/f51GIx
HTTP 302
https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
ffd2152f931a9
ccifach.meetonline24.link/s/ Redirect Chain
|
47 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.css
ccifach.meetonline24.link/bundle/4/assets/css/ |
26 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
ccifach.meetonline24.link/bundle/4/assets/css/ |
2 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-2.js
ccifach.meetonline24.link/bundle/4/assets/js/ |
84 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js.js
ccifach.meetonline24.link/bundle/4/assets/js/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
body.jpg
ccifach.meetonline24.link/bundle/4/assets/img/ |
338 KB 338 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
track.php
ccifach.meetonline24.link/ |
0 254 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery string| cf boolean| exitPopunder string| fpDataEncoded function| sendTrack function| Fingerprint2 function| fingerprintGo function| collectTrackParams function| closingConfirm function| handleError function| getParameterByName function| collectParams function| checkRequired function| setLeadInfo function| setCF3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ppt.cc/ | Name: PHPSESSID Value: k7olmna4jqi5fo1lphl7nmkbp5 |
|
.meetonline24.link/ | Name: s Value: 27EgsBy0MFWi7cTlH%2Fy3QPvz7By6UYa7x40vadbGQyGaZfPninWJjRGXpuNLvNTrZh7pK%2B%2FXUTCr0jRM4u%2BmmCB%2BJvkRH6NV%2FTdQQiJjYdGljCWsp7aA8Nbh180GbeEMNcBDuxy8Soxo5Ae6LsnEtwiVk3dNI6SGJqfpIr2oAAeGSKA6qBeaFMSHlC3yEmwOO9uj1lJRZt79lZcL9WX9%2F1vqfj0vswQBeuQjQmsdFP0PL8eIhgGe0q7QOcmu5uRpE6laozelDr%2Boi%2F2uxWmeeJ4YLoYszVkDF4i9lgifiQxYFiwU9tmnLs71weOBBmWI2g%2FOFZKiKHFukwUo%2B%2BwpbYkwDpN9i7JRTEgCPSdZkJggTHfrOiWG6KuVWFyiVD0jV7kTW%2FmGufdQhtJyOZdzfjg82hjlrWo9aW9qC%2BLzgPy6bwpVg2Nv8eq2CO0k7WA76z2%2BG3yiMyaqKxYnvOYTvEPe4CusH%2Bb11tR1SKyiltEvIV9tAK38GMfF1Omwkt%2B6JTGn%2BeJfr6jzcXe2DboFFCGnIxONaTrjrlkLi3UcWgbsVHxLKeFs7EB7XkDAGzu0lzTtAipRf9SPq2oZn28%2Fdb9U8nukB4ImLHBGqIg0q40Z1GAzyPhNMxQCa1kfdDi1S8r4fiB9zg6Ee8ht5cFKxqXuGSfXqfl1bKovNyM7uEL2alB2QfYO8NjcpCDBQs8HnlSxUR0%2FSV7HaIrVEd1kI8B5NG3m6hjeAHRAmvT3YxRYIGvO8gfNyCn4zmzTSdMzTr30uOc6W3MsVU9G%2FQWdJSKxjPzj75Wbr37tUFONohSao0FmacNP%2BAeGib4037U9yko9Iayt%2FGq8%2BIRKe%2BllBAqBVqukZjFQnEYdEYd5jv9m5wKo2QBvS8nJO39DzbXvb4a%2BOqdSWp6osoPJHKMQlDUpB4lO%2FMdhHBHLB%2FENUGi%2BGW2cBReNFmzUQFavMWCwEVwhYLrVEHVfkNDUn6aDIoPf%2Bok9fdrndKzS3z8VChc7VRZS8NpP51fnmI0HJ9XdHAmT115%2F31IO13dE7syEGkV%2FTnixNHdFbxb%2FBFARok6mrX48SBBYS8%2Fo%2FvYh93bLbNbk804JLcI6Ot%2FnirePG8NfSvgtPlUzaz8Q7wMsT7ShgXNxkEAaJwRw%2FJrVEY7z0CYIb5S%2B7pZdrNRo7sz4BfNXs%2BwaX5j9NGBbb%2B5ugXNVCcJo15iQAHOsBgafIAB%2BP4ppcz6zZvSqcPvup%2Bb4HIC6u3zDwewnuN73b5l0gmdjohC9pV1Zg5BBY004lOcxtUWWy5ois1HrePXKJWSHYcAGh5FW5RNg2jDuuMcMX9IAYFO%2B%2BQfMElrOnrj74wPmwt%2Fegu4Ls7ET3w7xiJnRZoHAarBkrbyiz5fhGzz7U5EjZBxviiyhsOa6szXwgxMehWA4JOinUsHySEi8vTbspiziSBBWzhGvYylYJw7GXfknsph2W10gTs1yS6RFu6IooaxZjDQ8TvR0JUQ37UIILv%2Fi%2Fbeguh6aUOXGDRsuVVB5607Wl7SljxQ3skPHNghYBCXwa89fGuagvnAs0sJE5eyeP1PZ73nSCGTRLbIpap96SnkQea92475o2ESzXDR7gT88ReMLqBS6lN2jAP31b9yBydAnAKEvfcTRwUXNyTrlOmtHOq3i%2FVkTOUi%2BJ2VLkPJbor16VsFa3Nh%2BNrraDKiWWV%2BDjHwaVmTu6h6rjI27%2FTercuqCtee%2BPrnum01DO5W8LVSueZ%2BfoLjBAImPeHJ5X4f%2FNzDOVM3EW79gCSNIkPEY07%2F1iFFGFjayk20vfN5%2Bt2ljyujfirbmTbGw0lkh6orMSxly5p%2FUdJg7GoCz |
|
ccifach.meetonline24.link/ | Name: CF Value: C/qXJMEi7ePVRY84GG8zfQ__ |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ccifach.meetonline24.link
ppt.cc
178.162.199.80
59.120.118.168
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
150c1ca57f6f6e5e26725950acab9bb6a9dffedeead12dfcd329344a8fd57a5b
874c4caed753f9aac0999abd80227f190ce106720436e01ffaa12b7f66ac5193
90a56286eea4bba2e50504cdd94c3021eb6a41a792950db345ba54083989bf70
a97b3a6a51a87af2cf849ac895c62960a6a15e0c41e6b9a4b4316aac4a3f7d24
d20b06d72585a42c2facc26bf6fb9b15c155c2bd73e466e24405bdf90cab7172
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855