56u.981.mytemp.website Open in urlscan Pro
92.205.173.144 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/li4OuHp8Vt
Effective URL:
https://56u.981.mytemp.website/Finx/index1.html
Submission: On December 27 via automatic, source phishtank (December 27th 2024, 7:12:58 am UTC) — Scanned from DE

Summary HTTP 224 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 14 IPs in 4 countries across 12 domains to perform 224 HTTP transactions. The main IP is 92.205.173.144, located in France and belongs to GODADDY-SXB Host Europe GmbH, DE. The main domain is 56u.981.mytemp.website.
TLS certificate: Issued by R10 on December 14th 2024. Valid for: 3 months.

This is the only time 56u.981.mytemp.website was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Israel Credit Cards (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	162.159.140.229 162.159.140.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
170	92.205.173.144 92.205.173.144	21499 (GODADDY-S...) (GODADDY-SXB Host Europe GmbH)
4	157.240.0.6 157.240.0.6	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
20	34.49.114.20 34.49.114.20	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	142.250.185.67 142.250.185.67	15169 (GOOGLE) (GOOGLE)
2 4	23.38.98.114 23.38.98.114	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
2	157.240.253.35 157.240.253.35	32934 (FACEBOOK) (FACEBOOK)
1	142.250.186.164 142.250.186.164	15169 (GOOGLE) (GOOGLE)
4	2a02:26f0:480... 2a02:26f0:480:36::212:4008	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
4	2a02:26f0:480... 2a02:26f0:480:58c::228b	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
224	14

1 162.159.140.229 (None, )

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

170 92.205.173.144 (France)

ASN21499 (GODADDY-SXB Host Europe GmbH, DE)
PTR: 144.173.205.92.host.secureserver.net

56u.981.mytemp.website	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 34.49.114.20 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 20.114.49.34.bc.googleusercontent.com

fecdn.user1st.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.38.98.114 (Frankfurt am Main, Germany) 2 redirects

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-38-98-114.deploy.static.akamaitechnologies.com

img1.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.253.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-fra5.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.164 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:480:36::212:4008 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

events.api.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:480:58c::228b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

csp.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
170	mytemp.website 56u.981.mytemp.website	439 KB
20	user1st.info fecdn.user1st.info — Cisco Umbrella Rank: 86632	8 KB
8	secureserver.net events.api.secureserver.net — Cisco Umbrella Rank: 13900 csp.secureserver.net — Cisco Umbrella Rank: 13675	1 KB
4	wsimg.com 2 redirects img1.wsimg.com — Cisco Umbrella Rank: 10742	22 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	356 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 192	107 KB
3	gstatic.com www.gstatic.com fonts.gstatic.com	12 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 120	213 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36	22 KB
1	google.com www.google.com — Cisco Umbrella Rank: 3
1	t.co t.co — Cisco Umbrella Rank: 904	816 B
0	Failed function sub() { [native code] }. Failed
224	12

	Domain	Requested by
170	56u.981.mytemp.website	t.co 56u.981.mytemp.website
20	fecdn.user1st.info	56u.981.mytemp.website fecdn.user1st.info
4	csp.secureserver.net	img1.wsimg.com
4	events.api.secureserver.net	img1.wsimg.com
4	img1.wsimg.com	2 redirects 56u.981.mytemp.website
4	www.googletagmanager.com	56u.981.mytemp.website www.googletagmanager.com
4	connect.facebook.net	56u.981.mytemp.website connect.facebook.net
2	www.facebook.com	56u.981.mytemp.website
2	www.gstatic.com	56u.981.mytemp.website
2	www.google-analytics.com	56u.981.mytemp.website www.google-analytics.com
1	www.google.com	www.googletagmanager.com
1	fonts.gstatic.com	56u.981.mytemp.website
1	t.co
0	invalid Failed	56u.981.mytemp.website
224	14

This site contains links to these domains. Also see Links.

Domain
loan-cal.cal-online.co.il

Subject Issuer	Validity	Valid
t.co E6	`2024-11-26` - `2025-02-24`	3 months	crt.sh
56u.981.mytemp.website R10	`2024-12-14` - `2025-03-14`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-10-05` - `2025-01-03`	3 months	crt.sh
*.google-analytics.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
user1st.info WR3	`2024-11-28` - `2025-02-26`	3 months	crt.sh
*.gstatic.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
*.google.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
*.api.secureserver.net Starfield Secure Certificate Authority - G2	`2024-07-15` - `2025-08-16`	a year	crt.sh
*.secureserver.net Starfield Secure Certificate Authority - G2	`2024-10-17` - `2025-11-18`	a year	crt.sh

This page contains 19 frames:

Primary Page: https://56u.981.mytemp.website/Finx/index1.html
Frame ID: 75FC504D24301A6679DC93BC494A9A3A
Requests: 201 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: B415052D7114F147600CCBB4F1AC2357
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 9DBC3CBBF51605AFC84AD6144CE6673B
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 00F1E4DB7C22BF4E397C3550C037B578
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 29F7894DBC0DE773E83F3719E8350340
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 8E6D06BFBE1990804C68C7BBAD529D40
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: EA950955B7FCA6CC8EEC14DD1EC30EEB
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: C5A005C8303EB8A9C9271749976B3EF3
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: BBE007C17C992BB2E07235C6D7A895E2
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 76BCB5323A1FE928CE1590F1B55E85B5
Requests: 1 HTTP requests in this frame

Frame: https://56u.981.mytemp.website/Finx/loan-cal.cal-online.co.il_files/Activation.html
Frame ID: 0692CF9D7AA94B92A8BC6E0C6736CC9C
Requests: 7 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: F788F9CDD7CB2AAE547E8C6C0CDE12CB
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 138AA21EB8D04A33112EC5A5C59EB5B3
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 2CD719F78A9753AA20446EBDB4993C68
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: E180E6F6254A9CA56457A7E5B726DEBB
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 29BC4D61ABB3B76316F67AD6981B7E5A
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: A3FDE461930F32E1C6BE93BED8A8C51D
Requests: 1 HTTP requests in this frame

Frame: https://fecdn.user1st.info/CommFrame/Activation?ver=2.1.6.6
Frame ID: 34FF1FCB0B05DD0EE1A8CE187C1A5540
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2F56u.981.mytemp.website
Frame ID: 538D23E5C83256BC7125954C29C69198
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://t.co/li4OuHp8Vt Page URL
https://56u.981.mytemp.website/Finx/index1.html Page URL