urlscan.io logo urlscan.io
SecurityTrails logo

faxsecuremes.esclick.me Open in urlscan Pro
2a05:d018:ac8:b920:fcf8:f80:3f9c:4c3b  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://faxsecuremes.esclick.me/iWF1z8BUqeq
Submission Tags: @jcybersec_
Submission: On July 11 via api from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 4 countries across 3 domains to perform 4 HTTP transactions. The main IP is 2a05:d018:ac8:b920:fcf8:f80:3f9c:4c3b, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is faxsecuremes.esclick.me.
This is the only time faxsecuremes.esclick.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: OneDrive (Online)

Domain & IP information

IP Address AS Autonomous System
1 2a05:d018:ac8... 16509 (AMAZON-02)
1 23.8.1.152 20940 (AKAMAI-ASN1)
2 151.101.112.193 54113 (FASTLY)
1 1 151.101.16.193 54113 (FASTLY)
4 3
Apex Domain
Subdomains		 Transfer
3 imgur.com
i.imgur.com
imgur.com
10 KB
1 campaign-archive.com
us19.campaign-archive.com
2 KB
1 esclick.me
faxsecuremes.esclick.me
8 KB
4 3
Domain Requested by
2 i.imgur.com faxsecuremes.esclick.me
1 imgur.com 1 redirects
1 us19.campaign-archive.com faxsecuremes.esclick.me
1 faxsecuremes.esclick.me
4 4

This site contains links to these domains. Also see Links.

Domain
translate.google.com
nsu1.cf
Subject Issuer Validity Valid
wildcardsan2.mailchimp.com
DigiCert SHA2 Secure Server CA		 2019-07-09 -
2020-10-07		 a year crt.sh
*.imgur.com
DigiCert SHA2 Secure Server CA		 2020-01-15 -
2022-03-16		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://faxsecuremes.esclick.me/iWF1z8BUqeq
Frame ID: 6CDC7DD2E0FE0D1EC539B589D434B5E1
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

4
Requests

75 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

3
IPs

4
Countries

19 kB
Transfer

88 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://imgur.com/HnZMc3w.png HTTP 301
  • https://i.imgur.com/HnZMc3w.png

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request iWF1z8BUqeq
faxsecuremes.esclick.me/ 		73 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://faxsecuremes.esclick.me/iWF1z8BUqeq
Protocol
HTTP/1.1
Server
2a05:d018:ac8:b920:fcf8:f80:3f9c:4c3b Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
7d34650633ad142a44d09a7904757ce57c88593485211c9a575ebe127101545c

Request headers

Host
faxsecuremes.esclick.me
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 11 Jul 2020 10:35:44 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Server
nginx
Vary
Accept-Encoding
Referer
http://esputnik.com
Content-Encoding
gzip
archivebar-desktop.css
us19.campaign-archive.com/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://us19.campaign-archive.com/css/archivebar-desktop.css
Requested by
Host: faxsecuremes.esclick.me
URL: http://faxsecuremes.esclick.me/iWF1z8BUqeq
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.1.152 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a23-8-1-152.deploy.static.akamaitechnologies.com
Software
openresty /
Resource Hash
f5757a2fa0f0ae8f63c1c38afe86ff1987e183801a8059d65c450c220d0422bf

Request headers

Referer
http://faxsecuremes.esclick.me/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 11 Jul 2020 10:35:45 GMT
content-encoding
gzip
last-modified
Fri, 31 Jan 2020 19:01:15 GMT
server
openresty
etag
"1829-59d7432ad5631"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=77573
accept-ranges
bytes
content-length
1741
ABLSNx7.png
i.imgur.com/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/ABLSNx7.png
Requested by
Host: faxsecuremes.esclick.me
URL: http://faxsecuremes.esclick.me/iWF1z8BUqeq
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
a1934ad750e71c2824622cc225e9bfa36ea7e3d5de6307ab7edc7823cfc2c45c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://faxsecuremes.esclick.me/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 11 Jul 2020 10:35:45 GMT
x-content-type-options
nosniff
age
1395606
x-cache
HIT, HIT
status
200
content-length
3842
x-served-by
cache-bwi5140-BWI, cache-hhn4072-HHN
last-modified
Thu, 30 Apr 2020 19:14:26 GMT
server
cat factory 1.0
x-timer
S1594463745.000541,VS0,VE1
etag
"0f7838ec6210da1e93359c2cd3587a0a"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
HnZMc3w.png
i.imgur.com/
Redirect Chain
  • https://imgur.com/HnZMc3w.png
  • https://i.imgur.com/HnZMc3w.png
5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/HnZMc3w.png
Requested by
Host: faxsecuremes.esclick.me
URL: http://faxsecuremes.esclick.me/iWF1z8BUqeq
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
1ec874ea99ca886deef2774e13064ba6b7afbc5163f1e0597ca4359c51b3be60
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://faxsecuremes.esclick.me/iWF1z8BUqeq
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 11 Jul 2020 10:35:45 GMT
x-content-type-options
nosniff
age
1572712
x-cache
HIT, HIT
status
200
content-length
5312
x-served-by
cache-bwi5144-BWI, cache-hhn4072-HHN
last-modified
Thu, 30 Apr 2020 19:10:10 GMT
server
cat factory 1.0
x-timer
S1594463745.067242,VS0,VE1
etag
"3132f19a3767d2d38194ab5bb46f3f87"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1

Redirect headers

date
Sat, 11 Jul 2020 10:35:45 GMT
server
cat factory 1.0
x-timer
S1594463745.002731,VS0,VE0
status
301
x-frame-options
DENY
x-cache
HIT
location
https://i.imgur.com/HnZMc3w.png
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials
false
x-cache-hits
0
accept-ranges
bytes
access-control-allow-origin
https://imgur.com
content-length
0
retry-after
0
x-served-by
cache-lcy19249-LCY

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OneDrive (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies