urlscan.io logo urlscan.io
SecurityTrails logo

csam-myebox-site.com Open in urlscan Pro
47.241.144.63  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.esmerarte.com/wp-admin/infodata.php?r=bD1odHRwOi8vcXVpdHJhbmFzYm90bmEudGs=
Effective URL: https://csam-myebox-site.com/CSAM/login.html
Submission: On September 03 via api from BE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 7 domains to perform 16 HTTP transactions. The main IP is 47.241.144.63, located in San Mateo, United States and belongs to CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN. The main domain is csam-myebox-site.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 3rd 2020. Valid for: 3 months.
This is the only time csam-myebox-site.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

IP Address AS Autonomous System
1 2 154.56.134.226 201446 (PROFESION...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 47.241.144.63 45102 (CNNIC-ALI...)
5 193.191.245.173 2611 (BELNET)
1 151.101.112.193 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
16 6
2    154.56.134.226 (Olvera, Spain)

ASN201446 (PROFESIONALHOSTING, ES)
PTR: dns134226.phdns18.es
www.esmerarte.com
1    2606:4700:3031::6812:3808 (United States)

ASN13335 (CLOUDFLARENET, US)
quitranasbotna.tk
1    47.241.144.63 (San Mateo, United States)

ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)
csam-myebox-site.com
5    193.191.245.173 (Belgium)

ASN2611 (BELNET, BE)
PTR: idp.iamfas.belgium.be
idp.iamfas.belgium.be
1    151.101.112.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
i.imgur.com
1    2a00:1450:4001:81e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
encrypted-tbn0.gstatic.com
Domain Requested by
5 idp.iamfas.belgium.be csam-myebox-site.com
idp.iamfas.belgium.be
2 www.esmerarte.com 1 redirects
1 encrypted-tbn0.gstatic.com csam-myebox-site.com
1 i.imgur.com csam-myebox-site.com
1 csam-myebox-site.com
1 quitranasbotna.tk 1 redirects
0 localhost Failed csam-myebox-site.com
16 7

This site contains no links.

Subject Issuer Validity Valid
esmerarte.com
Let's Encrypt Authority X3		 2020-08-10 -
2020-11-08		 3 months crt.sh
csam-myebox-site.com
Let's Encrypt Authority X3		 2020-09-03 -
2020-12-02		 3 months crt.sh
idp.iamfas.belgium.be
TERENA SSL CA 3		 2018-11-22 -
2020-12-02		 2 years crt.sh
*.imgur.com
DigiCert SHA2 Secure Server CA		 2020-01-15 -
2022-03-16		 2 years crt.sh
*.gstatic.com
GTS CA 1O1		 2020-08-19 -
2020-11-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://csam-myebox-site.com/CSAM/login.html
Frame ID: 45B90295AAEF88B4682EE9465E33461C
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://www.esmerarte.com/wp-admin/infodata.php?r=bD1odHRwOi8vcXVpdHJhbmFzYm90bmEudGs= HTTP 301
    https://www.esmerarte.com/wp-admin/infodata.php?r=bD1odHRwOi8vcXVpdHJhbmFzYm90bmEudGs= Page URL
  2. http://quitranasbotna.tk/ HTTP 302
    https://csam-myebox-site.com/CSAM/login.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

16
Requests

56 %
HTTPS

33 %
IPv6

7
Domains

7
Subdomains

6
IPs

4
Countries

214 kB
Transfer

610 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.esmerarte.com/wp-admin/infodata.php?r=bD1odHRwOi8vcXVpdHJhbmFzYm90bmEudGs= HTTP 301
    https://www.esmerarte.com/wp-admin/infodata.php?r=bD1odHRwOi8vcXVpdHJhbmFzYm90bmEudGs= Page URL
  2. http://quitranasbotna.tk/ HTTP 302
    https://csam-myebox-site.com/CSAM/login.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://www.esmerarte.com/wp-admin/infodata.php?r=bD1odHRwOi8vcXVpdHJhbmFzYm90bmEudGs= HTTP 301
  • https://www.esmerarte.com/wp-admin/infodata.php?r=bD1odHRwOi8vcXVpdHJhbmFzYm90bmEudGs=

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
infodata.php
www.esmerarte.com/wp-admin/
Redirect Chain
  • http://www.esmerarte.com/wp-admin/infodata.php?r=bD1odHRwOi8vcXVpdHJhbmFzYm90bmEudGs=
  • https://www.esmerarte.com/wp-admin/infodata.php?r=bD1odHRwOi8vcXVpdHJhbmFzYm90bmEudGs=
68 B
424 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.esmerarte.com/wp-admin/infodata.php?r=bD1odHRwOi8vcXVpdHJhbmFzYm90bmEudGs=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
154.56.134.226 Olvera, Spain, ASN201446 (PROFESIONALHOSTING, ES),
Reverse DNS
dns134226.phdns18.es
Software
Apache / PHP/7.1.33 PleskLin
Resource Hash
936d3488d2b8382eb0658eb89a0af92187e465a1a9d70d50034efa0dfa69f06b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

Host
www.esmerarte.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 03 Sep 2020 16:59:14 GMT
Server
Apache
X-Powered-By
PHP/7.1.33 PleskLin
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
MS-Author-Via
DAV
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Thu, 03 Sep 2020 16:59:14 GMT
Server
Apache
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
Location
https://www.esmerarte.com/wp-admin/infodata.php?r=bD1odHRwOi8vcXVpdHJhbmFzYm90bmEudGs=
Content-Length
294
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
Primary Request login.html
csam-myebox-site.com/CSAM/
Redirect Chain
  • http://quitranasbotna.tk/
  • https://csam-myebox-site.com/CSAM/login.html
157 KB
109 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://csam-myebox-site.com/CSAM/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.241.144.63 San Mateo, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
Apache/2.4.18 (Ubuntu) /
Resource Hash
8563993482fc6c6cd9c231f8133d074fb115ff01e540e2767325655676098784

Request headers

Host
csam-myebox-site.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.esmerarte.com/wp-admin/infodata.php?r=bD1odHRwOi8vcXVpdHJhbmFzYm90bmEudGs=

Response headers

Date
Thu, 03 Sep 2020 16:59:16 GMT
Server
Apache/2.4.18 (Ubuntu)
Last-Modified
Thu, 03 Sep 2020 15:42:59 GMT
ETag
"275de-5ae6a9b53325e-gzip"
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Encoding
gzip
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html

Redirect headers

Date
Thu, 03 Sep 2020 16:59:15 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=dba918178f90b9f25f00f83f2a9656acc1599152355; expires=Sat, 03-Oct-20 16:59:15 GMT; path=/; domain=.quitranasbotna.tk; HttpOnly; SameSite=Lax _subid=1uemks79nr;Expires=Sunday, 04-Oct-2020 16:58:57 GMT;Max-Age=2678400;Path=/ 4640b=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjdcIjoxNTk5MTUyMzM3fSxcImNhbXBhaWduc1wiOntcIjRcIjoxNTk5MTUyMzM3fSxcInRpbWVcIjoxNTk5MTUyMzM3fSJ9.YWuihMwt4Wj4z19dW9-kD5C6ghURxwDHZMvifNjcfQ4;Expires=Sunday, 04-Oct-2020 16:58:57 GMT;Max-Age=2678400;Path=/
Cache-Control
no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires
0
Last-Modified
Thu, 03 Sep 2020 16:58:57 GMT
Location
https://csam-myebox-site.com/CSAM/login.html
Pragma
no-cache
Vary
Accept-Encoding
Access-Control-Allow-Origin
*
CF-Cache-Status
DYNAMIC
cf-request-id
04f681904300003237aeaa2200000001
Server
cloudflare
CF-RAY
5cd1052d3e3a3237-FRA
general.css
idp.iamfas.belgium.be/fasui/resources/css/ 		233 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://idp.iamfas.belgium.be/fasui/resources/css/general.css?v=20190916135530
Requested by
Host: csam-myebox-site.com
URL: https://csam-myebox-site.com/CSAM/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.191.245.173 , Belgium, ASN2611 (BELNET, BE),
Reverse DNS
idp.iamfas.belgium.be
Software
/
Resource Hash
c854e87766c69eae1a650da0245ab2583fe49ce330433e50f87e2e4c00a4b886

Request headers

Referer
https://csam-myebox-site.com/CSAM/login.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Sep 2020 16:59:16 GMT
Content-Encoding
gzip
Last-Modified
Wed, 01 Jul 2020 11:59:34 GMT
ETag
W/"238879-1593604774000"
Vary
Accept-Encoding
Content-Type
text/css;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=100
Expires
0
general2.css
idp.iamfas.belgium.be/fasui/resources/css/ 		11 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://idp.iamfas.belgium.be/fasui/resources/css/general2.css?v=20190916135530
Requested by
Host: csam-myebox-site.com
URL: https://csam-myebox-site.com/CSAM/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.191.245.173 , Belgium, ASN2611 (BELNET, BE),
Reverse DNS
idp.iamfas.belgium.be
Software
/
Resource Hash
f41ec24e6d389becfe0831a9b7087e4e8b35bda2dfec6f29729b06b890209e4d

Request headers

Referer
https://csam-myebox-site.com/CSAM/login.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Sep 2020 16:59:16 GMT
Content-Encoding
gzip
Last-Modified
Wed, 01 Jul 2020 11:59:34 GMT
ETag
W/"10825-1593604774000"
Vary
Accept-Encoding
Content-Type
text/css;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=100
Expires
0
fedict-iam-front-vendor.css
idp.iamfas.belgium.be/fasui/resources/css/ 		62 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://idp.iamfas.belgium.be/fasui/resources/css/fedict-iam-front-vendor.css?v=20190916135530
Requested by
Host: csam-myebox-site.com
URL: https://csam-myebox-site.com/CSAM/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.191.245.173 , Belgium, ASN2611 (BELNET, BE),
Reverse DNS
idp.iamfas.belgium.be
Software
/
Resource Hash
7f34863dc974f04cc022c8ca1ad5bf56693997f647da8872f9c6a615e9b1cb89

Request headers

Referer
https://csam-myebox-site.com/CSAM/login.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Sep 2020 16:59:16 GMT
Content-Encoding
gzip
Last-Modified
Mon, 24 Oct 2016 15:52:54 GMT
ETag
W/"63531-1477324374000"
Vary
Accept-Encoding
Content-Type
text/css;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=99
Expires
0
style.css
localhost/content/ingbetaalverzoek/css/ 		0
0
be-logo.png
idp.iamfas.belgium.be/fasui/resources/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idp.iamfas.belgium.be/fasui/resources/images/be-logo.png?v=20190916135530
Requested by
Host: csam-myebox-site.com
URL: https://csam-myebox-site.com/CSAM/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.191.245.173 , Belgium, ASN2611 (BELNET, BE),
Reverse DNS
idp.iamfas.belgium.be
Software
/
Resource Hash
5c922be9379c017ddc1e449d102a04991c546bb922b0d08163e9049cad57166c

Request headers

Referer
https://csam-myebox-site.com/CSAM/login.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Sep 2020 16:59:16 GMT
Last-Modified
Wed, 01 Jul 2020 11:59:34 GMT
ETag
W/"3142-1593604774000"
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=99
Content-Length
3142
Expires
0
logo-csam-white-background.png
idp.iamfas.belgium.be/fasui/resources/images/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idp.iamfas.belgium.be/fasui/resources/images/logo-csam-white-background.png?v=20190916135530
Requested by
Host: csam-myebox-site.com
URL: https://csam-myebox-site.com/CSAM/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.191.245.173 , Belgium, ASN2611 (BELNET, BE),
Reverse DNS
idp.iamfas.belgium.be
Software
/
Resource Hash
0e2b3b3bbb0313fc69ae42dff78b053c0dfe207a2e20851972f87029e43e8bdc

Request headers

Referer
https://csam-myebox-site.com/CSAM/login.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Sep 2020 16:59:16 GMT
Last-Modified
Wed, 01 Jul 2020 11:59:34 GMT
ETag
W/"8116-1593604774000"
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=98
Content-Length
8116
Expires
0
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
282a91f39aa41aafd3e90e64cf3a600f806e1a019f9075acc75f42dd475d1d0c

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f6feee1ba452536b2959447d5996ddc72329ce138594081c81bc422873341689

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		17 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a11523d8d9b247faab200bd3d51688352418c17341cf2da98db5beb8c1742cc7

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
roboto-v15-latin-700.woff2
idp.iamfas.belgium.be/fasui/resources/fonts/ 		0
0
roboto-v15-latin-regular.woff2
idp.iamfas.belgium.be/fasui/resources/fonts/ 		0
0
roboto-v15-latin-700.woff
idp.iamfas.belgium.be/fasui/resources/fonts/ 		0
0
truncated
/ 		21 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
46398f6374e7f7afd4384087d40fc17b640714a90fb7267aeb8b4ebb60cc7df1

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		23 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1457925150992ddbb523a5bb1bf16a7ab9743bd16286fb4f7d4c033fc958e5ae

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
roboto-v15-latin-regular.woff
idp.iamfas.belgium.be/fasui/resources/fonts/ 		0
0
roboto-v15-latin-700.ttf
idp.iamfas.belgium.be/fasui/resources/fonts/ 		0
0
uzE4HKm.png
i.imgur.com/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/uzE4HKm.png
Requested by
Host: csam-myebox-site.com
URL: https://csam-myebox-site.com/CSAM/login.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
9ec2a2c5f8b69c8e8f9cdcdbab3ce60bb5bb14d72ffb157f9d12ae86f23aa7b6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://csam-myebox-site.com/CSAM/login.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Sep 2020 16:59:17 GMT
x-content-type-options
nosniff
age
4669
x-cache
HIT, HIT
status
200
content-length
22470
x-served-by
cache-bwi5147-BWI, cache-hhn4082-HHN
last-modified
Thu, 03 Sep 2020 15:41:28 GMT
server
cat factory 1.0
x-timer
S1599152358.503306,VS0,VE1
etag
"04137af01ec4783e63b9356384092d43"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
truncated
/ 		19 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f9f8fd5c837d08b8e24059ada189e30c358cc5aad2b13a5cc43cdfde474d2f46

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
images
encrypted-tbn0.gstatic.com/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://encrypted-tbn0.gstatic.com/images?q=tbn%3AANd9GcSnanfGWmsDk_YP3ttaVc5vVX7WqJ9b9BA_Wg&usqp=CAU
Requested by
Host: csam-myebox-site.com
URL: https://csam-myebox-site.com/CSAM/login.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
66ddb617fa620c61d32512ad79657717e6b81bcfc0d4fa0b59d5fbe36a23915e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://csam-myebox-site.com/CSAM/login.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Sep 2020 16:59:17 GMT
x-content-type-options
nosniff
last-modified
Fri, 20 Sep 2019 05:41:46 GMT
server
sffe
status
200
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8033
x-xss-protection
0
expires
Fri, 03 Sep 2021 16:59:17 GMT
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
54e5e667d74e28275add58f598f5fec4496ff5ec52713f4dd6bad2390c0b8a68

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0d48975b5e09b20b8d7795052820c17a1169303170ba16e9cc405add13d28b24

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
roboto-v15-latin-regular.ttf
idp.iamfas.belgium.be/fasui/resources/fonts/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
localhost
URL
http://localhost/content/ingbetaalverzoek/css/style.css
Domain
idp.iamfas.belgium.be
URL
https://idp.iamfas.belgium.be/fasui/resources/fonts/roboto-v15-latin-700.woff2
Domain
idp.iamfas.belgium.be
URL
https://idp.iamfas.belgium.be/fasui/resources/fonts/roboto-v15-latin-regular.woff2
Domain
idp.iamfas.belgium.be
URL
https://idp.iamfas.belgium.be/fasui/resources/fonts/roboto-v15-latin-700.woff
Domain
idp.iamfas.belgium.be
URL
https://idp.iamfas.belgium.be/fasui/resources/fonts/roboto-v15-latin-regular.woff
Domain
idp.iamfas.belgium.be
URL
https://idp.iamfas.belgium.be/fasui/resources/fonts/roboto-v15-latin-700.ttf
Domain
idp.iamfas.belgium.be
URL
https://idp.iamfas.belgium.be/fasui/resources/fonts/roboto-v15-latin-regular.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| savepage_ShadowLoader

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

csam-myebox-site.com
encrypted-tbn0.gstatic.com
i.imgur.com
idp.iamfas.belgium.be
localhost
quitranasbotna.tk
www.esmerarte.com
idp.iamfas.belgium.be
localhost
151.101.112.193
154.56.134.226
193.191.245.173
2606:4700:3031::6812:3808
2a00:1450:4001:81e::200e
47.241.144.63
0d48975b5e09b20b8d7795052820c17a1169303170ba16e9cc405add13d28b24
0e2b3b3bbb0313fc69ae42dff78b053c0dfe207a2e20851972f87029e43e8bdc
1457925150992ddbb523a5bb1bf16a7ab9743bd16286fb4f7d4c033fc958e5ae
282a91f39aa41aafd3e90e64cf3a600f806e1a019f9075acc75f42dd475d1d0c
46398f6374e7f7afd4384087d40fc17b640714a90fb7267aeb8b4ebb60cc7df1
54e5e667d74e28275add58f598f5fec4496ff5ec52713f4dd6bad2390c0b8a68
5c922be9379c017ddc1e449d102a04991c546bb922b0d08163e9049cad57166c
66ddb617fa620c61d32512ad79657717e6b81bcfc0d4fa0b59d5fbe36a23915e
7f34863dc974f04cc022c8ca1ad5bf56693997f647da8872f9c6a615e9b1cb89
8563993482fc6c6cd9c231f8133d074fb115ff01e540e2767325655676098784
936d3488d2b8382eb0658eb89a0af92187e465a1a9d70d50034efa0dfa69f06b
9ec2a2c5f8b69c8e8f9cdcdbab3ce60bb5bb14d72ffb157f9d12ae86f23aa7b6
a11523d8d9b247faab200bd3d51688352418c17341cf2da98db5beb8c1742cc7
c854e87766c69eae1a650da0245ab2583fe49ce330433e50f87e2e4c00a4b886
f41ec24e6d389becfe0831a9b7087e4e8b35bda2dfec6f29729b06b890209e4d
f6feee1ba452536b2959447d5996ddc72329ce138594081c81bc422873341689
f9f8fd5c837d08b8e24059ada189e30c358cc5aad2b13a5cc43cdfde474d2f46