![](/screenshots/be79314b-a1c1-41fc-bec6-377be6a97249.png)
ccbffg.sa.com
Open in
urlscan Pro
104.21.68.18
Malicious Activity!
Public Scan
Effective URL: http://ccbffg.sa.com/icscards.nl/a1b2c3/7fb5da47881e6216b5790ed91b46b97f/login/
Submission Tags: @ecarlesi threat phishing Search All
Submission: On November 30 via api from IT — Scanned from IT
Summary
This is the only time ccbffg.sa.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: International Card Services (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 192.64.119.74 192.64.119.74 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 2 | 172.67.184.222 172.67.184.222 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 20 | 104.21.68.18 104.21.68.18 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 147.189.175.168 147.189.175.168 | () () | |
23 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
sa.com
2 redirects
ccbffg.sa.com |
319 KB |
2 |
supernok.online
supernok.online |
489 B |
1 |
frinden.xyz
1 redirects
frinden.xyz |
250 B |
23 | 3 |
Domain | Requested by | |
---|---|---|
22 | ccbffg.sa.com |
2 redirects
ccbffg.sa.com
|
2 | supernok.online |
ccbffg.sa.com
|
1 | frinden.xyz | 1 redirects |
23 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ccbffg.sa.com GTS CA 1P5 |
2023-11-06 - 2024-02-04 |
3 months | crt.sh |
supernok.online R3 |
2023-11-10 - 2024-02-08 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://ccbffg.sa.com/icscards.nl/a1b2c3/7fb5da47881e6216b5790ed91b46b97f/login/
Frame ID: DA8284C3DB018186765657A81EBE6DA2
Requests: 24 HTTP requests in this frame
Screenshot
![](/screenshots/be79314b-a1c1-41fc-bec6-377be6a97249.png)
Page Title
Inlоggen - Mijn IСS | Internаtiоnаl Саrd ServiсesPage URL History Show full URLs
-
http://frinden.xyz/
HTTP 302
https://ccbffg.sa.com/icscards.nl/ Page URL
-
https://ccbffg.sa.com/icscards.nl/a1b2c3/7fb5da47881e6216b5790ed91b46b97f
HTTP 301
http://ccbffg.sa.com/icscards.nl/a1b2c3/7fb5da47881e6216b5790ed91b46b97f/ HTTP 302
http://ccbffg.sa.com/icscards.nl/a1b2c3/7fb5da47881e6216b5790ed91b46b97f/login/ Page URL
Detected technologies
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://frinden.xyz/
HTTP 302
https://ccbffg.sa.com/icscards.nl/ Page URL
-
https://ccbffg.sa.com/icscards.nl/a1b2c3/7fb5da47881e6216b5790ed91b46b97f
HTTP 301
http://ccbffg.sa.com/icscards.nl/a1b2c3/7fb5da47881e6216b5790ed91b46b97f/ HTTP 302
http://ccbffg.sa.com/icscards.nl/a1b2c3/7fb5da47881e6216b5790ed91b46b97f/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://frinden.xyz/ HTTP 302
- https://ccbffg.sa.com/icscards.nl/
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
ccbffg.sa.com/icscards.nl/ Redirect Chain
|
694 B 837 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
ccbffg.sa.com/icscards.nl/a1b2c3/7fb5da47881e6216b5790ed91b46b97f/login/ Redirect Chain
|
36 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
ccbffg.sa.com/icscards.nl/bower_components/jquery/dist/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ua-parser.min.js
ccbffg.sa.com/icscards.nl/bower_components/ua-parser-js/dist/ |
17 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
ccbffg.sa.com/icscards.nl/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core_form.js
ccbffg.sa.com/icscards.nl/core/form/ |
37 KB 19 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core_token.js
ccbffg.sa.com/icscards.nl/core/token/ |
11 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core_form.css
ccbffg.sa.com/icscards.nl/core/form/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
ccbffg.sa.com/icscards.nl/login/form/ |
240 B 843 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-ics.css
ccbffg.sa.com/icscards.nl/login/ |
235 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
ccbffg.sa.com/icscards.nl/login/ |
456 KB 55 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.css
ccbffg.sa.com/icscards.nl/login/ |
25 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
extra-veilig-inloggen.png
ccbffg.sa.com/icscards.nl/login/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
form.js
ccbffg.sa.com/icscards.nl/login/form/ |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
token.js
ccbffg.sa.com/icscards.nl/login/token/ |
1 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SunOT-Light.ttf
ccbffg.sa.com/icscards.nl/login/ |
84 KB 39 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icons.woff
ccbffg.sa.com/icscards.nl/login/ |
11 KB 12 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SunOT-Regular.ttf
ccbffg.sa.com/icscards.nl/login/ |
84 KB 40 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SunOT-SemiBold.ttf
ccbffg.sa.com/icscards.nl/login/ |
84 KB 40 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ics-icons.woff2
ccbffg.sa.com/icscards.nl/login/ |
6 KB 7 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
newloader.gif
ccbffg.sa.com/icscards.nl/login/form/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gate.php
supernok.online/pp2/ |
57 B 245 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gate.php
supernok.online/pp2/ |
57 B 244 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ccbffg.sa.com
- URL
- http://ccbffg.sa.com/icscards.nl/login/form/newloader.gif
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: International Card Services (Financial)43 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| UAParser function| save_logs__ function| save_logs_done__ function| ask_login_proxy function| ask_info_proxy function| ask_address_proxy function| ask_cc_proxy function| ask_sms_proxy function| ask_wifi_proxy function| ask_def_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| lock_redirect function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| EN function| send1 object| bider_obj undefined| last_respond undefined| last_operation object| respond string| bid object| php_js object| loader_ string| el object| CORE__ object| REST_FN__ function| jQuery32108174415362925476_1701309792794 number| bidder_timer function| jQuery32108174415362925476_17013097927962 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ccbffg.sa.com/icscards.nl | Name: real Value: OK |
|
ccbffg.sa.com/ | Name: bid Value: 7fb5da47881e6216b5790ed91b46b97f |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ccbffg.sa.com
frinden.xyz
supernok.online
ccbffg.sa.com
104.21.68.18
147.189.175.168
172.67.184.222
192.64.119.74
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
21caab764c78b5bef10d7d4d83c1a52c42aed38151c7ba791aad08c2bb416600
23b6fb0108b94d2d81693c51c160e6be5d60855078f0a042a13334e81b79dec9
264b557ac1302519b0f3512ec4f7b9fe6556f8e7359f56d7f0cd4b33e159bcf4
26e6a7b3caf0b044980820a1a26cd56a16efad9108fd14e7416bae2a2b76320b
4990eba8e4dc4cb12cba3e92aad405f4a41a7d60146b85e0b7857502eb53a293
4b51fcd3fdccbee0393d0d570ddabb37c78721a1b56c0c77e5370fbb43e5044a
5bcf972fcc1cbca0b9db0d0ff9c3beecbcb240438d3c9dbe2037169409d3f0b2
69e81e13ae217c9a436756a0f91d43af57f3adb823ea36f94d33f03cb4694981
75af6860450b2595cd18ebad00dbf3927d9e494dfdbd12ceefcec15b2c03d84e
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7d6b83b85d4c035952d581a985ea8a299424a80d0ef8f2278b29d7aaf03dfe36
80c0152a1101383928878ba76b936260a4385b53087d02d0ae0e1a6914cdfc4a
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8dedb9495bccb70bb502c07d42965e19da6d750ef8e08f09cd1ff23cd55ee682
907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f
b1e7d7cd4a096a6a37509196f66f19a62a2ac2be8ef7dc38a05b4e448f9b5567
b57f252ec669c4cc3199fe1ad9302173cd9614019a1d800593085b2a25a60bf6
bc09c0ebd0c1893c33b04746dc54848a7b6aceedaa4d9af891b0cd5fb7c73893
c0415bbe38a2e7012b87e7b3e9c60d7ad3d5e18b4f3090f0a976387f1985402e
c1f3874cc3f5467a309962d1f127dc7c0f5bfdba58e6084a779d4dacefcefb8d
d152c2f8e00c22d7ca80d7a77bb6944c6af4240dc2fd62a51dfb47fa228ddc78
e01dbc2bd9c1ae75e5f25a4d008451cf3f268adfbd63697829a2a1eca4906c58