ics-cards.dubble-inloggen-betaling.net Open in urlscan Pro
94.46.15.240 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cursodemilagros.cl/nlics
Effective URL:
https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/
Submission: On January 07 via manual (January 7th 2019, 12:12:32 pm UTC) from NL

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 16 HTTP transactions. The main IP is 94.46.15.240, located in Portugal and belongs to ALMOUROLTEC, PT. The main domain is ics-cards.dubble-inloggen-betaling.net.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 7th 2019. Valid for: 3 months.

This is the only time ics-cards.dubble-inloggen-betaling.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: International Card Services (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 2	170.84.209.80 170.84.209.80	7004 (CTC Trans...) (CTC Transmisiones Regionales S.A.)
15	94.46.15.240 94.46.15.240	24768 (ALMOUROLTEC) (ALMOUROLTEC)
16	2

2 170.84.209.80 (Chile) 1 redirects

ASN7004 (CTC Transmisiones Regionales S.A., CL)
PTR: 170-84-209-80.static.tie.cl

cursodemilagros.cl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 94.46.15.240 (Portugal)

ASN24768 (ALMOUROLTEC, PT)

ics-cards.dubble-inloggen-betaling.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	dubble-inloggen-betaling.net ics-cards.dubble-inloggen-betaling.net	207 KB
2	cursodemilagros.cl 1 redirects cursodemilagros.cl	687 B
16	2

	Domain	Requested by
15	ics-cards.dubble-inloggen-betaling.net	ics-cards.dubble-inloggen-betaling.net
2	cursodemilagros.cl	1 redirects
16	2

This site contains no links.

Subject Issuer	Validity	Valid
cursodemilagros.cl cPanel, Inc. Certification Authority	`2018-12-30` - `2019-03-30`	3 months	crt.sh
ics-cards.dubble-inloggen-betaling.net Let's Encrypt Authority X3	`2019-01-07` - `2019-04-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/
Frame ID: A80393BCC27F5C244C6DD7B357D7EF7A
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://cursodemilagros.cl/nlics HTTP 301
https://cursodemilagros.cl/nlics/ Page URL
https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

208 kB
Transfer

804 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cursodemilagros.cl/nlics HTTP 301
https://cursodemilagros.cl/nlics/ Page URL
https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://cursodemilagros.cl/nlics HTTP 301
https://cursodemilagros.cl/nlics/

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response cursodemilagros.cl/nlics/ Redirect Chain https://cursodemilagros.cl/nlics https://cursodemilagros.cl/nlics/	163 B 433 B	213ms 212ms	Document text/html	170.84.209.80 CTC Transmisiones...
General Check archive.org Show headers Download Go to Full URL https://cursodemilagros.cl/nlics/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 170.84.209.80 , Chile, ASN7004 (CTC Transmisiones Regionales S.A., CL), Reverse DNS 170-84-209-80.static.tie.cl Software Apache / Resource Hash `9641eef63c8c7d964a34e4322fc435327fbd8d903e3b057f9a150ff8eb2a752e` Request headers Host cursodemilagros.cl Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 07 Jan 2019 12:12:15 GMT Server Apache Last-Modified Mon, 07 Jan 2019 03:26:33 GMT Accept-Ranges bytes Vary Accept-Encoding Content-Encoding gzip Content-Length 145 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html Redirect headers Date Mon, 07 Jan 2019 12:12:15 GMT Server Apache Location https://cursodemilagros.cl/nlics/ Content-Length 241 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=iso-8859-1
GET H2	200	Primary Request / Show response ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/	33 KB 9 KB	370ms 92ms	Document text/html	94.46.15.240 ALMOUROLTEC
General Check archive.org Show headers Download Go to Full URL https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.46.15.240 , Portugal, ASN24768 (ALMOUROLTEC, PT), Reverse DNS Software nginx / Resource Hash `223b0372d866ea75c858ebe866d1f7cc4904ca9a6a703328e084472acbd604ba` Request headers :method GET :authority ics-cards.dubble-inloggen-betaling.net :scheme https :path /nl/InLoggen/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 referer https://cursodemilagros.cl/nlics/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://cursodemilagros.cl/nlics/ Response headers status 200 server nginx date Mon, 07 Jan 2019 12:12:17 GMT content-type text/html vary Accept-Encoding last-modified Wed, 26 Dec 2018 02:35:06 GMT content-encoding gzip
GET H2	200	main-ics.css ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/	236 KB 32 KB	54ms 53ms	Stylesheet text/css	94.46.15.240 ALMOUROLTEC
General Check archive.org Show headers Download Go to Full URL https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/main-ics.css Requested by Host: ics-cards.dubble-inloggen-betaling.net URL: https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.46.15.240 , Portugal, ASN24768 (ALMOUROLTEC, PT), Reverse DNS Software nginx / Resource Hash `a89d0669bbb7bf743a643ab2be54f45fbd5576aaf83d7ae049dbe0374c9d98c1` Request headers :path /nl/InLoggen/ICS_files/main-ics.css pragma no-cache accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority ics-cards.dubble-inloggen-betaling.net referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ :scheme https :method GET Referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers x-type static date Mon, 07 Jan 2019 12:12:17 GMT content-encoding gzip last-modified Fri, 30 Nov 2018 00:50:24 GMT server nginx vary Accept-Encoding x-cache HIT content-type text/css status 200
GET H2	200	login-style.css ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/	211 KB 28 KB	106ms 106ms	Stylesheet text/css	94.46.15.240 ALMOUROLTEC
General Check archive.org Show headers Download Go to Full URL https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login-style.css Requested by Host: ics-cards.dubble-inloggen-betaling.net URL: https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.46.15.240 , Portugal, ASN24768 (ALMOUROLTEC, PT), Reverse DNS Software nginx / Resource Hash `5c3d960d9ce4ea474f8dcf64ef769c301630e16e983dde081b431c07a5ce1dde` Request headers :path /nl/InLoggen/ICS_files/login-style.css pragma no-cache accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority ics-cards.dubble-inloggen-betaling.net referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ :scheme https :method GET Referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers x-type static date Mon, 07 Jan 2019 12:12:17 GMT content-encoding gzip last-modified Fri, 30 Nov 2018 00:48:04 GMT server nginx vary Accept-Encoding x-cache HIT content-type text/css status 200
GET H2	200	jquery-3.js Show response ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/	265 KB 79 KB	107ms 106ms	Script application/javascript	94.46.15.240 ALMOUROLTEC
General Check archive.org Show headers Download Go to Full URL https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/jquery-3.js Requested by Host: ics-cards.dubble-inloggen-betaling.net URL: https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.46.15.240 , Portugal, ASN24768 (ALMOUROLTEC, PT), Reverse DNS Software nginx / Resource Hash `d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad` Request headers :path /nl/InLoggen/ICS_files/jquery-3.js pragma no-cache accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority ics-cards.dubble-inloggen-betaling.net referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ :scheme https :method GET Referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers x-type static date Mon, 07 Jan 2019 12:12:17 GMT content-encoding gzip last-modified Fri, 30 Nov 2018 00:48:04 GMT server nginx vary Accept-Encoding x-cache HIT content-type application/javascript status 200
GET H2	404	d41e1eae596e167f975877da5b8658cc.woff2 ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-light-webfont/	0 0	49ms 48ms	Font text/html	94.46.15.240 ALMOUROLTEC
General Check archive.org Show headers Download Go to Full URL https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-light-webfont/d41e1eae596e167f975877da5b8658cc.woff2 Requested by Host: ics-cards.dubble-inloggen-betaling.net URL: https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.46.15.240 , Portugal, ASN24768 (ALMOUROLTEC, PT), Reverse DNS Software nginx / Resource Hash Request headers :path /nl/InLoggen/ICS_files/login/assets/fonts/sunot-light-webfont/d41e1eae596e167f975877da5b8658cc.woff2 pragma no-cache origin https://ics-cards.dubble-inloggen-betaling.net accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority ics-cards.dubble-inloggen-betaling.net referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login-style.css :scheme https :method GET User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login-style.css Origin https://ics-cards.dubble-inloggen-betaling.net Response headers status 404 date Mon, 07 Jan 2019 12:12:17 GMT content-encoding gzip server nginx vary Accept-Encoding content-type text/html; charset=iso-8859-1
GET H2	404	5d4aa15f47dbbc8848e141699172fc7f.woff2 ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-regular-webfont/	0 0	49ms 49ms	Font text/html	94.46.15.240 ALMOUROLTEC
General Check archive.org Show headers Download Go to Full URL https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-regular-webfont/5d4aa15f47dbbc8848e141699172fc7f.woff2 Requested by Host: ics-cards.dubble-inloggen-betaling.net URL: https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.46.15.240 , Portugal, ASN24768 (ALMOUROLTEC, PT), Reverse DNS Software nginx / Resource Hash Request headers :path /nl/InLoggen/ICS_files/login/assets/fonts/sunot-regular-webfont/5d4aa15f47dbbc8848e141699172fc7f.woff2 pragma no-cache origin https://ics-cards.dubble-inloggen-betaling.net accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority ics-cards.dubble-inloggen-betaling.net referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login-style.css :scheme https :method GET User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login-style.css Origin https://ics-cards.dubble-inloggen-betaling.net Response headers status 404 date Mon, 07 Jan 2019 12:12:17 GMT content-encoding gzip server nginx vary Accept-Encoding content-type text/html; charset=iso-8859-1
GET H2	404	563323f220bd5d70a04d6a182b7011ce.woff ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/icons/	0 0	50ms 49ms	Font text/html	94.46.15.240 ALMOUROLTEC
General Check archive.org Show headers Download Go to Full URL https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/icons/563323f220bd5d70a04d6a182b7011ce.woff Requested by Host: ics-cards.dubble-inloggen-betaling.net URL: https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.46.15.240 , Portugal, ASN24768 (ALMOUROLTEC, PT), Reverse DNS Software nginx / Resource Hash Request headers :path /nl/InLoggen/ICS_files/login/assets/fonts/icons/563323f220bd5d70a04d6a182b7011ce.woff pragma no-cache origin https://ics-cards.dubble-inloggen-betaling.net accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority ics-cards.dubble-inloggen-betaling.net referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login-style.css :scheme https :method GET User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login-style.css Origin https://ics-cards.dubble-inloggen-betaling.net Response headers status 404 date Mon, 07 Jan 2019 12:12:17 GMT content-encoding gzip server nginx vary Accept-Encoding content-type text/html; charset=iso-8859-1
GET H2	404	8ba5c54d292507036373ed4ee0bb8c04.woff ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-light-webfont/	0 0	49ms 49ms	Font text/html	94.46.15.240 ALMOUROLTEC
General Check archive.org Show headers Download Go to Full URL https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-light-webfont/8ba5c54d292507036373ed4ee0bb8c04.woff Requested by Host: ics-cards.dubble-inloggen-betaling.net URL: https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.46.15.240 , Portugal, ASN24768 (ALMOUROLTEC, PT), Reverse DNS Software nginx / Resource Hash Request headers :path /nl/InLoggen/ICS_files/login/assets/fonts/sunot-light-webfont/8ba5c54d292507036373ed4ee0bb8c04.woff pragma no-cache origin https://ics-cards.dubble-inloggen-betaling.net accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority ics-cards.dubble-inloggen-betaling.net referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login-style.css :scheme https :method GET User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login-style.css Origin https://ics-cards.dubble-inloggen-betaling.net Response headers status 404 date Mon, 07 Jan 2019 12:12:17 GMT content-encoding gzip server nginx vary Accept-Encoding content-type text/html; charset=iso-8859-1
GET H2	404	d7cfa0e76cf13c91a985a876d5214044.woff ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-regular-webfont/	0 0	49ms 49ms	Font text/html	94.46.15.240 ALMOUROLTEC
General Check archive.org Show headers Download Go to Full URL https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-regular-webfont/d7cfa0e76cf13c91a985a876d5214044.woff Requested by Host: ics-cards.dubble-inloggen-betaling.net URL: https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.46.15.240 , Portugal, ASN24768 (ALMOUROLTEC, PT), Reverse DNS Software nginx / Resource Hash Request headers :path /nl/InLoggen/ICS_files/login/assets/fonts/sunot-regular-webfont/d7cfa0e76cf13c91a985a876d5214044.woff pragma no-cache origin https://ics-cards.dubble-inloggen-betaling.net accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority ics-cards.dubble-inloggen-betaling.net referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login-style.css :scheme https :method GET User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login-style.css Origin https://ics-cards.dubble-inloggen-betaling.net Response headers status 404 date Mon, 07 Jan 2019 12:12:17 GMT content-encoding gzip server nginx vary Accept-Encoding content-type text/html; charset=iso-8859-1
GET H2	404	dbbcb35279f322bf1497666016d4ab74.ttf ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/icons/	0 0	49ms 48ms	Font text/html	94.46.15.240 ALMOUROLTEC
General Check archive.org Show headers Download Go to Full URL https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/icons/dbbcb35279f322bf1497666016d4ab74.ttf Requested by Host: ics-cards.dubble-inloggen-betaling.net URL: https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.46.15.240 , Portugal, ASN24768 (ALMOUROLTEC, PT), Reverse DNS Software nginx / Resource Hash Request headers :path /nl/InLoggen/ICS_files/login/assets/fonts/icons/dbbcb35279f322bf1497666016d4ab74.ttf pragma no-cache origin https://ics-cards.dubble-inloggen-betaling.net accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority ics-cards.dubble-inloggen-betaling.net referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login-style.css :scheme https :method GET User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login-style.css Origin https://ics-cards.dubble-inloggen-betaling.net Response headers status 404 date Mon, 07 Jan 2019 12:12:17 GMT content-encoding gzip server nginx vary Accept-Encoding content-type text/html; charset=iso-8859-1
GET H2	404	0c62ecea9fbe2abf19c8fc1d8d3adc52.ttf ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-light-webfont/	0 0	49ms 49ms	Font text/html	94.46.15.240 ALMOUROLTEC
General Check archive.org Show headers Download Go to Full URL https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-light-webfont/0c62ecea9fbe2abf19c8fc1d8d3adc52.ttf Requested by Host: ics-cards.dubble-inloggen-betaling.net URL: https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.46.15.240 , Portugal, ASN24768 (ALMOUROLTEC, PT), Reverse DNS Software nginx / Resource Hash Request headers :path /nl/InLoggen/ICS_files/login/assets/fonts/sunot-light-webfont/0c62ecea9fbe2abf19c8fc1d8d3adc52.ttf pragma no-cache origin https://ics-cards.dubble-inloggen-betaling.net accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority ics-cards.dubble-inloggen-betaling.net referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login-style.css :scheme https :method GET User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login-style.css Origin https://ics-cards.dubble-inloggen-betaling.net Response headers status 404 date Mon, 07 Jan 2019 12:12:17 GMT content-encoding gzip server nginx vary Accept-Encoding content-type text/html; charset=iso-8859-1
GET H2	404	d9c89afb33c578f113762ea7872fb4e1.ttf ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-regular-webfont/	0 0	50ms 49ms	Font text/html	94.46.15.240 ALMOUROLTEC
General Check archive.org Show headers Download Go to Full URL https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-regular-webfont/d9c89afb33c578f113762ea7872fb4e1.ttf Requested by Host: ics-cards.dubble-inloggen-betaling.net URL: https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.46.15.240 , Portugal, ASN24768 (ALMOUROLTEC, PT), Reverse DNS Software nginx / Resource Hash Request headers :path /nl/InLoggen/ICS_files/login/assets/fonts/sunot-regular-webfont/d9c89afb33c578f113762ea7872fb4e1.ttf pragma no-cache origin https://ics-cards.dubble-inloggen-betaling.net accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority ics-cards.dubble-inloggen-betaling.net referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login-style.css :scheme https :method GET User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login-style.css Origin https://ics-cards.dubble-inloggen-betaling.net Response headers status 404 date Mon, 07 Jan 2019 12:12:17 GMT content-encoding gzip server nginx vary Accept-Encoding content-type text/html; charset=iso-8859-1
GET H2	200	icons.woff ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/fonts/	11 KB 11 KB	49ms 49ms	Font font/woff	94.46.15.240 ALMOUROLTEC
General Check archive.org Show headers Download Go to Full URL https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/fonts/icons.woff Requested by Host: ics-cards.dubble-inloggen-betaling.net URL: https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.46.15.240 , Portugal, ASN24768 (ALMOUROLTEC, PT), Reverse DNS Software nginx / Resource Hash `c1f3874cc3f5467a309962d1f127dc7c0f5bfdba58e6084a779d4dacefcefb8d` Request headers :path /nl/InLoggen/ICS_files/fonts/icons.woff pragma no-cache origin https://ics-cards.dubble-inloggen-betaling.net accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority ics-cards.dubble-inloggen-betaling.net referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/main-ics.css :scheme https :method GET User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/main-ics.css Origin https://ics-cards.dubble-inloggen-betaling.net Response headers status 200 date Mon, 07 Jan 2019 12:12:17 GMT last-modified Thu, 29 Nov 2018 19:21:48 GMT server nginx accept-ranges bytes content-length 11160 content-type font/woff
GET H2	200	sunot-light-webfont.woff2 ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/fonts/	24 KB 24 KB	50ms 50ms	Font font/woff2	94.46.15.240 ALMOUROLTEC
General Check archive.org Show headers Download Go to Full URL https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/fonts/sunot-light-webfont.woff2 Requested by Host: ics-cards.dubble-inloggen-betaling.net URL: https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.46.15.240 , Portugal, ASN24768 (ALMOUROLTEC, PT), Reverse DNS Software nginx / Resource Hash `d8231f32420dc458b2a7285736be68b26788704f46b652c44c7297cce29acb93` Request headers :path /nl/InLoggen/ICS_files/fonts/sunot-light-webfont.woff2 pragma no-cache origin https://ics-cards.dubble-inloggen-betaling.net accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority ics-cards.dubble-inloggen-betaling.net referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/main-ics.css :scheme https :method GET User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/main-ics.css Origin https://ics-cards.dubble-inloggen-betaling.net Response headers status 200 date Mon, 07 Jan 2019 12:12:17 GMT last-modified Fri, 30 Nov 2018 00:23:40 GMT server nginx accept-ranges bytes content-length 24488 content-type font/woff2
GET H2	200	sunot-regular-webfont.woff2 ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/fonts/	24 KB 24 KB	49ms 49ms	Font font/woff2	94.46.15.240 ALMOUROLTEC
General Check archive.org Show headers Download Go to Full URL https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/fonts/sunot-regular-webfont.woff2 Requested by Host: ics-cards.dubble-inloggen-betaling.net URL: https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.46.15.240 , Portugal, ASN24768 (ALMOUROLTEC, PT), Reverse DNS Software nginx / Resource Hash `d91f25688cdae541c16ba2ea41c25a64cc0f974fd94b698882f2df549695c34c` Request headers :path /nl/InLoggen/ICS_files/fonts/sunot-regular-webfont.woff2 pragma no-cache origin https://ics-cards.dubble-inloggen-betaling.net accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority ics-cards.dubble-inloggen-betaling.net referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/main-ics.css :scheme https :method GET User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/main-ics.css Origin https://ics-cards.dubble-inloggen-betaling.net Response headers status 200 date Mon, 07 Jan 2019 12:12:17 GMT last-modified Fri, 30 Nov 2018 00:24:24 GMT server nginx accept-ranges bytes content-length 24504 content-type font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: International Card Services (Financial)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cursodemilagros.cl
ics-cards.dubble-inloggen-betaling.net
170.84.209.80
94.46.15.240
223b0372d866ea75c858ebe866d1f7cc4904ca9a6a703328e084472acbd604ba
5c3d960d9ce4ea474f8dcf64ef769c301630e16e983dde081b431c07a5ce1dde
9641eef63c8c7d964a34e4322fc435327fbd8d903e3b057f9a150ff8eb2a752e
a89d0669bbb7bf743a643ab2be54f45fbd5576aaf83d7ae049dbe0374c9d98c1
c1f3874cc3f5467a309962d1f127dc7c0f5bfdba58e6084a779d4dacefcefb8d
d8231f32420dc458b2a7285736be68b26788704f46b652c44c7297cce29acb93
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
d91f25688cdae541c16ba2ea41c25a64cc0f974fd94b698882f2df549695c34c

ics-cards.dubble-inloggen-betaling.net Open in urlscan Pro 94.46.15.240 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

208 kBTransfer

804 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

ics-cards.dubble-inloggen-betaling.net Open in urlscan Pro
94.46.15.240 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

208 kB
Transfer

804 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!