56u.981.mytemp.website Open in urlscan Pro
92.205.173.144 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://56u.981.mytemp.website/Finx/index1.html
Submission: On December 27 via automatic, source phishtank (December 27th 2024, 7:12:52 am UTC) — Scanned from FR

Summary HTTP 222 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 11 domains to perform 222 HTTP transactions. The main IP is 92.205.173.144, located in France and belongs to GODADDY-SXB Host Europe GmbH, DE. The main domain is 56u.981.mytemp.website.
TLS certificate: Issued by R10 on December 14th 2024. Valid for: 3 months.

This is the only time 56u.981.mytemp.website was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Israel Credit Cards (Banking)

Domain & IP information

	IP Address	AS Autonomous System
169	92.205.173.144 92.205.173.144	21499 (GODADDY-S...) (GODADDY-SXB Host Europe GmbH)
4	157.240.0.6 157.240.0.6	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
20	34.49.114.20 34.49.114.20	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	142.250.185.67 142.250.185.67	15169 (GOOGLE) (GOOGLE)
2 4	23.38.98.114 23.38.98.114	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
2	157.240.253.35 157.240.253.35	32934 (FACEBOOK) (FACEBOOK)
1	142.250.186.164 142.250.186.164	15169 (GOOGLE) (GOOGLE)
4	2a02:26f0:480... 2a02:26f0:480:36::212:401b	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
4	2a02:26f0:480... 2a02:26f0:480:58c::228b	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
222	13

169 92.205.173.144 (France)

ASN21499 (GODADDY-SXB Host Europe GmbH, DE)
PTR: 144.173.205.92.host.secureserver.net

56u.981.mytemp.website	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 34.49.114.20 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 20.114.49.34.bc.googleusercontent.com

fecdn.user1st.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.38.98.114 (Frankfurt am Main, Germany) 2 redirects

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-38-98-114.deploy.static.akamaitechnologies.com

img1.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.253.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-fra5.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.164 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:480:36::212:401b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

events.api.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:480:58c::228b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

csp.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
169	mytemp.website 56u.981.mytemp.website	438 KB
20	user1st.info fecdn.user1st.info — Cisco Umbrella Rank: 86632	8 KB
8	secureserver.net events.api.secureserver.net — Cisco Umbrella Rank: 13900 csp.secureserver.net — Cisco Umbrella Rank: 13675	1 KB
4	wsimg.com 2 redirects img1.wsimg.com — Cisco Umbrella Rank: 10742	22 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	356 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 192	107 KB
3	gstatic.com www.gstatic.com fonts.gstatic.com	12 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 120	214 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36	22 KB
1	google.com www.google.com — Cisco Umbrella Rank: 3
0	Failed function sub() { [native code] }. Failed
222	11

	Domain	Requested by
169	56u.981.mytemp.website	56u.981.mytemp.website
20	fecdn.user1st.info	56u.981.mytemp.website fecdn.user1st.info
4	csp.secureserver.net	img1.wsimg.com
4	events.api.secureserver.net	img1.wsimg.com
4	img1.wsimg.com	2 redirects 56u.981.mytemp.website
4	www.googletagmanager.com	56u.981.mytemp.website www.googletagmanager.com
4	connect.facebook.net	56u.981.mytemp.website connect.facebook.net
2	www.facebook.com	56u.981.mytemp.website
2	www.gstatic.com	56u.981.mytemp.website
2	www.google-analytics.com	56u.981.mytemp.website www.google-analytics.com
1	www.google.com	www.googletagmanager.com
1	fonts.gstatic.com	56u.981.mytemp.website
0	invalid Failed	56u.981.mytemp.website
222	13

This site contains links to these domains. Also see Links.

Domain
loan-cal.cal-online.co.il

Subject Issuer	Validity	Valid
56u.981.mytemp.website R10	`2024-12-14` - `2025-03-14`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-10-05` - `2025-01-03`	3 months	crt.sh
*.google-analytics.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
user1st.info WR3	`2024-11-28` - `2025-02-26`	3 months	crt.sh
*.gstatic.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
*.google.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
*.api.secureserver.net Starfield Secure Certificate Authority - G2	`2024-07-15` - `2025-08-16`	a year	crt.sh
*.secureserver.net Starfield Secure Certificate Authority - G2	`2024-10-17` - `2025-11-18`	a year	crt.sh

This page contains 19 frames:

Primary Page: https://56u.981.mytemp.website/Finx/index1.html
Frame ID: 823CBFF71D9A4EDEFF40113484BDD1D2
Requests: 199 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 693B19A913920E0222A733C01F3B3E6A
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: EB42A84C67CFF7DF8FCF38D502C264F4
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 6F40DCC797B7967E77624C69232C776A
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 1D0EEE04034E460CCC43BCEE360863CA
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 4AB5AD280625A61256F90298D61B966B
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: CB1813A892AC0C504B7D9F034DFD97F9
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 8CB9D96A1313F74F2030EBB5BD5094D2
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: A44501EB8FDBDF36DAEF045F0EF4199C
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: DC8D156A9F1C03F5A34163CADD39FB90
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: A5114ED7AC36FBAF87DEAA46B4251645
Requests: 1 HTTP requests in this frame

Frame: https://56u.981.mytemp.website/Finx/loan-cal.cal-online.co.il_files/Activation.html
Frame ID: 75469FE7828FCFB0695E8C90C0299A12
Requests: 7 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: EFDE1131B570B14E0B34C992E598229E
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 567875D0AD881194D79301B7D2AB1527
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 1C15673C7526526C21343E86C4169893
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 7E8F57A31F5E72A957BF8077637BFC78
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 6AB1EFBD019C0CED1AF9D44EDD2F42ED
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: CF8B441AB2D0681E7A099BF754FEC09F
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2F56u.981.mytemp.website
Frame ID: 911CA4FCFAF65E1B51CDAE4ECAD9EDE1
Requests: 1 HTTP requests in this frame