bsinfo.be - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 4 HTTP transactions. The main IP is 193.105.73.103, located in Brussels, Belgium and belongs to VERIXI, BE. The main domain is bsinfo.be.
TLS certificate: Issued by R3 on November 27th 2023. Valid for: 3 months.

This is the only time bsinfo.be was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

	IP Address		AS Autonomous System
3	193.105.73.103 193.105.73.103		6696 (VERIXI) (VERIXI)
4	2

3 193.105.73.103 (Brussels, Belgium)

ASN6696 (VERIXI, BE)
PTR: hostnode3.behostings.net

bsinfo.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	bsinfo.be bsinfo.be	96 KB
0	googleapis.com Failed fonts.googleapis.com Failed
4	2

	Domain	Requested by
3	bsinfo.be	bsinfo.be
0	fonts.googleapis.com Failed	bsinfo.be
4	2

This site contains no links.

Subject Issuer	Validity	Valid
bsinfo.be R3	`2023-11-27` - `2024-02-25`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://bsinfo.be/cn/Newfolder/New%20folder/index.php?email={{email}}
Frame ID: DEBFB6AA3AD9C0352D6CA7CF47D052BC
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

163-126网易免费邮--中文邮箱第一品牌

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

4
Requests

75 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

96 kB
Transfer

96 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.php Show response bsinfo.be/cn/Newfolder/New%20folder/	1 KB 736 B	213ms 43ms	Document text/html	193.105.73.103 VERIXI
General Check archive.org Show headers Download Go to Full URL https://bsinfo.be/cn/Newfolder/New%20folder/index.php?email={{email}} Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 193.105.73.103 Brussels, Belgium, ASN6696 (VERIXI, BE), Reverse DNS hostnode3.behostings.net Software Apache/2 / PHP/7.4.33 Resource Hash `deec243decd87ed954cbf64c2e0a179eeec1616b1c7a8535211304db95c20afc` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding gzip content-length 611 content-type text/html; charset=UTF-8 date Fri, 19 Jan 2024 09:25:15 GMT server Apache/2 vary Accept-Encoding,User-Agent x-powered-by PHP/7.4.33
GET H2	200	style.css bsinfo.be/cn/Newfolder/New%20folder/	2 KB 738 B	43ms 43ms	Stylesheet text/css	193.105.73.103 VERIXI
General Check archive.org Show headers Download Go to Full URL https://bsinfo.be/cn/Newfolder/New%20folder/style.css Requested by Host: bsinfo.be URL: https://bsinfo.be/cn/Newfolder/New%20folder/index.php?email={{email}} Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 193.105.73.103 Brussels, Belgium, ASN6696 (VERIXI, BE), Reverse DNS hostnode3.behostings.net Software Apache/2 / Resource Hash `d79c162546f1b3d7e79c5d4557e619f9d990b2b044806ff058193e142e6c7f2c` Request headers accept-language de-DE,de;q=0.9 Referer https://bsinfo.be/cn/Newfolder/New%20folder/index.php?email={{email}} User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Fri, 19 Jan 2024 09:25:15 GMT content-encoding gzip last-modified Thu, 18 Jan 2024 02:02:32 GMT server Apache/2 etag "678-60f2ec1acd952-gzip" vary Accept-Encoding,User-Agent content-type text/css accept-ranges bytes content-length 650
GET		css fonts.googleapis.com/	0 0

GET H2	200	bg.png bsinfo.be/cn/Newfolder/New%20folder/	94 KB 95 KB	43ms 43ms	Image image/png	193.105.73.103 VERIXI
General Check archive.org Show headers Download Go to Show image Full URL https://bsinfo.be/cn/Newfolder/New%20folder/bg.png Requested by Host: bsinfo.be URL: https://bsinfo.be/cn/Newfolder/New%20folder/style.css Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 193.105.73.103 Brussels, Belgium, ASN6696 (VERIXI, BE), Reverse DNS hostnode3.behostings.net Software Apache/2 / Resource Hash `34aa021f8933baefa64cd07e049433d1052e6618713dfd7e5a77eefb4883ab90` Request headers accept-language de-DE,de;q=0.9 Referer https://bsinfo.be/cn/Newfolder/New%20folder/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Fri, 19 Jan 2024 09:25:15 GMT last-modified Thu, 18 Jan 2024 02:02:32 GMT server Apache/2 accept-ranges bytes etag "17736-60f2ec1acd56a" content-length 96054 content-type image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Oleo+Script

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://bsinfo.be/cn/Newfolder/New%20folder/index.php?email={{email}}(Line 6) Message: Mixed Content: The page at 'https://bsinfo.be/cn/Newfolder/New%20folder/index.php?email={{email}}' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Oleo+Script'. This request has been blocked; the content must be served over HTTPS.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bsinfo.be
fonts.googleapis.com
fonts.googleapis.com
193.105.73.103
34aa021f8933baefa64cd07e049433d1052e6618713dfd7e5a77eefb4883ab90
d79c162546f1b3d7e79c5d4557e619f9d990b2b044806ff058193e142e6c7f2c
deec243decd87ed954cbf64c2e0a179eeec1616b1c7a8535211304db95c20afc

bsinfo.be Open in urlscan Pro 193.105.73.103 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

4 Requests

75 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

96 kBTransfer

96 kBSize

0 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

bsinfo.be Open in urlscan Pro
193.105.73.103 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

75 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

96 kB
Transfer

96 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!