ccifach.meetonline24.link

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 178.162.199.80, located in Germany and belongs to LEASEWEB-DE-FRA-10, DE. The main domain is ccifach.meetonline24.link.
TLS certificate: Issued by R3 on January 24th 2024. Valid for: 3 months.

This is the only time ccifach.meetonline24.link was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	59.120.118.168 59.120.118.168	3462 (HINET Dat...) (HINET Data Communication Business Group)
7	178.162.199.80 178.162.199.80	28753 (LEASEWEB-...) (LEASEWEB-DE-FRA-10)
7	1

1 59.120.118.168 (Kaohsiung City, Taiwan) 1 redirects

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 59-120-118-168.hinet-ip.hinet.net

ppt.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 178.162.199.80 (Germany)

ASN28753 (LEASEWEB-DE-FRA-10, DE)

ccifach.meetonline24.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	meetonline24.link ccifach.meetonline24.link	472 KB
1	ppt.cc 1 redirects ppt.cc — Cisco Umbrella Rank: 502646	316 B
7	2

	Domain	Requested by
7	ccifach.meetonline24.link	ccifach.meetonline24.link
1	ppt.cc	1 redirects
7	2

This site contains no links.

Subject Issuer	Validity	Valid
meetonline24.link R3	`2024-01-24` - `2024-04-23`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN
Frame ID: A6E5481E8F6C6959D7E5D558BA9801CC
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Connexion Internet

Page URL History Show full URLs

https://ppt.cc/f51GIx HTTP 302
https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

472 kB
Transfer

498 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ppt.cc/f51GIx HTTP 302
https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request ffd2152f931a9 Show response ccifach.meetonline24.link/s/ Redirect Chain https://ppt.cc/f51GIx https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN	47 KB 19 KB	986ms 287ms	Document text/html	178.162.199.80 LEASEWEB-DE-FRA-10
General Check archive.org Show headers Download Go to Full URL https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 178.162.199.80 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE), Reverse DNS Software openresty/1.19.3.1 / Resource Hash `90a56286eea4bba2e50504cdd94c3021eb6a41a792950db345ba54083989bf70` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers Cache-Control no-cache, no-store, must-revalidate Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Tue, 19 Mar 2024 05:51:12 GMT Expires 0 Pragma no-cache Server openresty/1.19.3.1 Transfer-Encoding chunked Vary Accept-Encoding Redirect headers cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 content-encoding gzip content-type text/html; charset=UTF-8 date Tue, 19 Mar 2024 05:51:11 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN pragma no-cache server PPT.cc vary Accept-Encoding
GET H/1.1	200 OK	font-awesome.css ccifach.meetonline24.link/bundle/4/assets/css/	26 KB 26 KB	25ms 24ms	Stylesheet text/css	178.162.199.80 LEASEWEB-DE-FRA-10
General Check archive.org Show headers Download Go to Full URL https://ccifach.meetonline24.link/bundle/4/assets/css/font-awesome.css Requested by Host: ccifach.meetonline24.link URL: https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 178.162.199.80 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE), Reverse DNS Software openresty/1.19.3.1 / Resource Hash `d20b06d72585a42c2facc26bf6fb9b15c155c2bd73e466e24405bdf90cab7172` Request headers accept-language fr-FR,fr;q=0.9 Referer https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Tue, 19 Mar 2024 05:51:13 GMT Last-Modified Mon, 26 Sep 2022 10:51:12 GMT Server openresty/1.19.3.1 ETag "63318420-6845" Vary Accept-Encoding Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 26693
GET H/1.1	200 OK	css.css ccifach.meetonline24.link/bundle/4/assets/css/	2 KB 3 KB	48ms 23ms	Stylesheet text/css	178.162.199.80 LEASEWEB-DE-FRA-10
General Check archive.org Show headers Download Go to Full URL https://ccifach.meetonline24.link/bundle/4/assets/css/css.css Requested by Host: ccifach.meetonline24.link URL: https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 178.162.199.80 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE), Reverse DNS Software openresty/1.19.3.1 / Resource Hash `150c1ca57f6f6e5e26725950acab9bb6a9dffedeead12dfcd329344a8fd57a5b` Request headers accept-language fr-FR,fr;q=0.9 Referer https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Tue, 19 Mar 2024 05:51:13 GMT Last-Modified Mon, 26 Sep 2022 10:51:12 GMT Server openresty/1.19.3.1 ETag "63318420-8ff" Vary Accept-Encoding Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 2303
GET H/1.1	200 OK	jquery-2.js Show response ccifach.meetonline24.link/bundle/4/assets/js/	84 KB 84 KB	93ms 46ms	Script application/javascript	178.162.199.80 LEASEWEB-DE-FRA-10
General Check archive.org Show headers Download Go to Full URL https://ccifach.meetonline24.link/bundle/4/assets/js/jquery-2.js Requested by Host: ccifach.meetonline24.link URL: https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 178.162.199.80 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE), Reverse DNS Software openresty/1.19.3.1 / Resource Hash `05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e` Request headers Referer https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN Origin https://ccifach.meetonline24.link accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Tue, 19 Mar 2024 05:51:13 GMT Last-Modified Mon, 26 Sep 2022 10:51:15 GMT Server openresty/1.19.3.1 ETag "63318423-14e4a" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 85578
GET H/1.1	200 OK	js.js Show response ccifach.meetonline24.link/bundle/4/assets/js/	1 KB 1 KB	70ms 23ms	Script application/javascript	178.162.199.80 LEASEWEB-DE-FRA-10
General Check archive.org Show headers Download Go to Full URL https://ccifach.meetonline24.link/bundle/4/assets/js/js.js Requested by Host: ccifach.meetonline24.link URL: https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 178.162.199.80 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE), Reverse DNS Software openresty/1.19.3.1 / Resource Hash `874c4caed753f9aac0999abd80227f190ce106720436e01ffaa12b7f66ac5193` Request headers accept-language fr-FR,fr;q=0.9 Referer https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Tue, 19 Mar 2024 05:51:13 GMT Last-Modified Mon, 26 Sep 2022 10:51:15 GMT Server openresty/1.19.3.1 ETag "63318423-45c" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 1116
GET H/1.1	200 OK	body.jpg ccifach.meetonline24.link/bundle/4/assets/img/	338 KB 338 KB	24ms 24ms	Image image/jpeg	178.162.199.80 LEASEWEB-DE-FRA-10
General Check archive.org Show headers Download Go to Show image Full URL https://ccifach.meetonline24.link/bundle/4/assets/img/body.jpg Requested by Host: ccifach.meetonline24.link URL: https://ccifach.meetonline24.link/bundle/4/assets/css/css.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 178.162.199.80 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE), Reverse DNS Software openresty/1.19.3.1 / Resource Hash `a97b3a6a51a87af2cf849ac895c62960a6a15e0c41e6b9a4b4316aac4a3f7d24` Request headers accept-language fr-FR,fr;q=0.9 Referer https://ccifach.meetonline24.link/bundle/4/assets/css/css.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Tue, 19 Mar 2024 05:51:13 GMT Last-Modified Mon, 26 Sep 2022 10:51:14 GMT Server openresty/1.19.3.1 ETag "63318422-54747" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 345927
POST H/1.1	200 OK	track.php Show response ccifach.meetonline24.link/	0 254 B	133ms 132ms	XHR text/html	178.162.199.80 LEASEWEB-DE-FRA-10
General Check archive.org Show headers Download Go to Full URL https://ccifach.meetonline24.link/track.php Requested by Host: ccifach.meetonline24.link URL: https://ccifach.meetonline24.link/bundle/4/assets/js/jquery-2.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 178.162.199.80 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE), Reverse DNS Software openresty/1.19.3.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept / Referer https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN X-Requested-With XMLHttpRequest accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Date Tue, 19 Mar 2024 05:51:13 GMT Content-Encoding gzip Server openresty/1.19.3.1 Connection keep-alive Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ppt.cc/	1969-12-31 23:59:59	Name: PHPSESSID Value: k7olmna4jqi5fo1lphl7nmkbp5
.meetonline24.link/	1970-01-20 19:15:13	Name: s Value: 27EgsBy0MFWi7cTlH%2Fy3QPvz7By6UYa7x40vadbGQyGaZfPninWJjRGXpuNLvNTrZh7pK%2B%2FXUTCr0jRM4u%2BmmCB%2BJvkRH6NV%2FTdQQiJjYdGljCWsp7aA8Nbh180GbeEMNcBDuxy8Soxo5Ae6LsnEtwiVk3dNI6SGJqfpIr2oAAeGSKA6qBeaFMSHlC3yEmwOO9uj1lJRZt79lZcL9WX9%2F1vqfj0vswQBeuQjQmsdFP0PL8eIhgGe0q7QOcmu5uRpE6laozelDr%2Boi%2F2uxWmeeJ4YLoYszVkDF4i9lgifiQxYFiwU9tmnLs71weOBBmWI2g%2FOFZKiKHFukwUo%2B%2BwpbYkwDpN9i7JRTEgCPSdZkJggTHfrOiWG6KuVWFyiVD0jV7kTW%2FmGufdQhtJyOZdzfjg82hjlrWo9aW9qC%2BLzgPy6bwpVg2Nv8eq2CO0k7WA76z2%2BG3yiMyaqKxYnvOYTvEPe4CusH%2Bb11tR1SKyiltEvIV9tAK38GMfF1Omwkt%2B6JTGn%2BeJfr6jzcXe2DboFFCGnIxONaTrjrlkLi3UcWgbsVHxLKeFs7EB7XkDAGzu0lzTtAipRf9SPq2oZn28%2Fdb9U8nukB4ImLHBGqIg0q40Z1GAzyPhNMxQCa1kfdDi1S8r4fiB9zg6Ee8ht5cFKxqXuGSfXqfl1bKovNyM7uEL2alB2QfYO8NjcpCDBQs8HnlSxUR0%2FSV7HaIrVEd1kI8B5NG3m6hjeAHRAmvT3YxRYIGvO8gfNyCn4zmzTSdMzTr30uOc6W3MsVU9G%2FQWdJSKxjPzj75Wbr37tUFONohSao0FmacNP%2BAeGib4037U9yko9Iayt%2FGq8%2BIRKe%2BllBAqBVqukZjFQnEYdEYd5jv9m5wKo2QBvS8nJO39DzbXvb4a%2BOqdSWp6osoPJHKMQlDUpB4lO%2FMdhHBHLB%2FENUGi%2BGW2cBReNFmzUQFavMWCwEVwhYLrVEHVfkNDUn6aDIoPf%2Bok9fdrndKzS3z8VChc7VRZS8NpP51fnmI0HJ9XdHAmT115%2F31IO13dE7syEGkV%2FTnixNHdFbxb%2FBFARok6mrX48SBBYS8%2Fo%2FvYh93bLbNbk804JLcI6Ot%2FnirePG8NfSvgtPlUzaz8Q7wMsT7ShgXNxkEAaJwRw%2FJrVEY7z0CYIb5S%2B7pZdrNRo7sz4BfNXs%2BwaX5j9NGBbb%2B5ugXNVCcJo15iQAHOsBgafIAB%2BP4ppcz6zZvSqcPvup%2Bb4HIC6u3zDwewnuN73b5l0gmdjohC9pV1Zg5BBY004lOcxtUWWy5ois1HrePXKJWSHYcAGh5FW5RNg2jDuuMcMX9IAYFO%2B%2BQfMElrOnrj74wPmwt%2Fegu4Ls7ET3w7xiJnRZoHAarBkrbyiz5fhGzz7U5EjZBxviiyhsOa6szXwgxMehWA4JOinUsHySEi8vTbspiziSBBWzhGvYylYJw7GXfknsph2W10gTs1yS6RFu6IooaxZjDQ8TvR0JUQ37UIILv%2Fi%2Fbeguh6aUOXGDRsuVVB5607Wl7SljxQ3skPHNghYBCXwa89fGuagvnAs0sJE5eyeP1PZ73nSCGTRLbIpap96SnkQea92475o2ESzXDR7gT88ReMLqBS6lN2jAP31b9yBydAnAKEvfcTRwUXNyTrlOmtHOq3i%2FVkTOUi%2BJ2VLkPJbor16VsFa3Nh%2BNrraDKiWWV%2BDjHwaVmTu6h6rjI27%2FTercuqCtee%2BPrnum01DO5W8LVSueZ%2BfoLjBAImPeHJ5X4f%2FNzDOVM3EW79gCSNIkPEY07%2F1iFFGFjayk20vfN5%2Bt2ljyujfirbmTbGw0lkh6orMSxly5p%2FUdJg7GoCz
ccifach.meetonline24.link/	1969-12-31 23:59:59	Name: CF Value: C/qXJMEi7ePVRY84GG8zfQ__

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://ccifach.meetonline24.link/s/ffd2152f931a9?track=GIBRAN&ext_click_id=GIBRAN(Line 6) Message: The value "false" for key "user-scalable" is invalid, and has been ignored.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ccifach.meetonline24.link
ppt.cc
178.162.199.80
59.120.118.168
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
150c1ca57f6f6e5e26725950acab9bb6a9dffedeead12dfcd329344a8fd57a5b
874c4caed753f9aac0999abd80227f190ce106720436e01ffaa12b7f66ac5193
90a56286eea4bba2e50504cdd94c3021eb6a41a792950db345ba54083989bf70
a97b3a6a51a87af2cf849ac895c62960a6a15e0c41e6b9a4b4316aac4a3f7d24
d20b06d72585a42c2facc26bf6fb9b15c155c2bd73e466e24405bdf90cab7172
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

ccifach.meetonline24.link Open in urlscan Pro 178.162.199.80 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

472 kBTransfer

498 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

16 JavaScript Global Variables

3 Cookies

1 Console Messages

Indicators

ccifach.meetonline24.link Open in urlscan Pro
178.162.199.80 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

472 kB
Transfer

498 kB
Size

3
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!