ics-cards.dubble-inloggen-betaling.net
Open in
urlscan Pro
94.46.15.240
Malicious Activity!
Public Scan
Effective URL: https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/
Submission: On January 07 via manual from NL
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on January 7th 2019. Valid for: 3 months.
This is the only time ics-cards.dubble-inloggen-betaling.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: International Card Services (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 170.84.209.80 170.84.209.80 | 7004 (CTC Trans...) (CTC Transmisiones Regionales S.A.) | |
15 | 94.46.15.240 94.46.15.240 | 24768 (ALMOUROLTEC) (ALMOUROLTEC) | |
16 | 2 |
ASN7004 (CTC Transmisiones Regionales S.A., CL)
PTR: 170-84-209-80.static.tie.cl
cursodemilagros.cl |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
dubble-inloggen-betaling.net
ics-cards.dubble-inloggen-betaling.net |
207 KB |
2 |
cursodemilagros.cl
1 redirects
cursodemilagros.cl |
687 B |
16 | 2 |
Domain | Requested by | |
---|---|---|
15 | ics-cards.dubble-inloggen-betaling.net |
ics-cards.dubble-inloggen-betaling.net
|
2 | cursodemilagros.cl | 1 redirects |
16 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cursodemilagros.cl cPanel, Inc. Certification Authority |
2018-12-30 - 2019-03-30 |
3 months | crt.sh |
ics-cards.dubble-inloggen-betaling.net Let's Encrypt Authority X3 |
2019-01-07 - 2019-04-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/
Frame ID: A80393BCC27F5C244C6DD7B357D7EF7A
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://cursodemilagros.cl/nlics
HTTP 301
https://cursodemilagros.cl/nlics/ Page URL
- https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://cursodemilagros.cl/nlics
HTTP 301
https://cursodemilagros.cl/nlics/ Page URL
- https://ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://cursodemilagros.cl/nlics HTTP 301
- https://cursodemilagros.cl/nlics/
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
cursodemilagros.cl/nlics/ Redirect Chain
|
163 B 433 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ |
33 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-ics.css
ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/ |
236 KB 32 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-style.css
ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/ |
211 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.js
ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/ |
265 KB 79 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d41e1eae596e167f975877da5b8658cc.woff2
ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-light-webfont/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5d4aa15f47dbbc8848e141699172fc7f.woff2
ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-regular-webfont/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
563323f220bd5d70a04d6a182b7011ce.woff
ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/icons/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8ba5c54d292507036373ed4ee0bb8c04.woff
ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-light-webfont/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d7cfa0e76cf13c91a985a876d5214044.woff
ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-regular-webfont/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dbbcb35279f322bf1497666016d4ab74.ttf
ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/icons/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0c62ecea9fbe2abf19c8fc1d8d3adc52.ttf
ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-light-webfont/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d9c89afb33c578f113762ea7872fb4e1.ttf
ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/login/assets/fonts/sunot-regular-webfont/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.woff
ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/fonts/ |
11 KB 11 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sunot-light-webfont.woff2
ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/fonts/ |
24 KB 24 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sunot-regular-webfont.woff2
ics-cards.dubble-inloggen-betaling.net/nl/InLoggen/ICS_files/fonts/ |
24 KB 24 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: International Card Services (Financial)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery function| reg_check0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cursodemilagros.cl
ics-cards.dubble-inloggen-betaling.net
170.84.209.80
94.46.15.240
223b0372d866ea75c858ebe866d1f7cc4904ca9a6a703328e084472acbd604ba
5c3d960d9ce4ea474f8dcf64ef769c301630e16e983dde081b431c07a5ce1dde
9641eef63c8c7d964a34e4322fc435327fbd8d903e3b057f9a150ff8eb2a752e
a89d0669bbb7bf743a643ab2be54f45fbd5576aaf83d7ae049dbe0374c9d98c1
c1f3874cc3f5467a309962d1f127dc7c0f5bfdba58e6084a779d4dacefcefb8d
d8231f32420dc458b2a7285736be68b26788704f46b652c44c7297cce29acb93
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
d91f25688cdae541c16ba2ea41c25a64cc0f974fd94b698882f2df549695c34c