URL: http://beget51.cf/vystar/login/ses/session_index
Submission: On May 02 via automatic, source phishtank — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 162.240.68.191, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is beget51.cf.
This is the only time beget51.cf was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: VyStar Credit Union (Financial)

Domain & IP information

IP Address AS Autonomous System
10 162.240.68.191 46606 (UNIFIEDLA...)
11 2
Apex Domain
Subdomains
Transfer
10 beget51.cf
beget51.cf
260 KB
11 1
Domain Requested by
10 beget51.cf beget51.cf
11 1

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://beget51.cf/vystar/login/ses/session_index
Frame ID: 7ADBDA4A45F92F7DC335129FEA8126AE
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

VyStar Mobile Login

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

260 kB
Transfer

257 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request session_index
beget51.cf/vystar/login/ses/
13 KB
13 KB
Document
General
Full URL
http://beget51.cf/vystar/login/ses/session_index
Protocol
HTTP/1.1
Server
162.240.68.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
5819104.monkey.com
Software
Apache /
Resource Hash
012abedb46f4ad698f97c2f984f835903a01e2afd925a625cb022a3cd89a2da0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Upgrade, Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Mon, 02 May 2022 14:10:18 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Transfer-Encoding
chunked
Upgrade
h2,h2c
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
jQueryMobile.min.css
beget51.cf/vystar/login/ses/files/
69 KB
69 KB
Stylesheet
General
Full URL
http://beget51.cf/vystar/login/ses/files/jQueryMobile.min.css
Requested by
Host: beget51.cf
URL: http://beget51.cf/vystar/login/ses/session_index
Protocol
HTTP/1.1
Server
162.240.68.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
5819104.monkey.com
Software
Apache /
Resource Hash
7364b1852cf03e1500e4ad9f2bfdd175abd0be1a415177d085438fbe87c4c71c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://beget51.cf/vystar/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 14:10:18 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sun, 13 Feb 2022 04:02:40 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
70697
X-XSS-Protection
1; mode=block
Themeroller.min.css
beget51.cf/vystar/login/ses/files/
47 KB
48 KB
Stylesheet
General
Full URL
http://beget51.cf/vystar/login/ses/files/Themeroller.min.css
Requested by
Host: beget51.cf
URL: http://beget51.cf/vystar/login/ses/session_index
Protocol
HTTP/1.1
Server
162.240.68.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
5819104.monkey.com
Software
Apache /
Resource Hash
cbcfed9106ec2b84bda6356de485b01802e976b3cb6de39d1600068a15722e7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://beget51.cf/vystar/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 14:10:18 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sun, 13 Feb 2022 04:02:30 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=5, max=100
Content-Length
48549
X-XSS-Protection
1; mode=block
Core.min.css
beget51.cf/vystar/login/ses/files/
66 KB
66 KB
Stylesheet
General
Full URL
http://beget51.cf/vystar/login/ses/files/Core.min.css
Requested by
Host: beget51.cf
URL: http://beget51.cf/vystar/login/ses/session_index
Protocol
HTTP/1.1
Server
162.240.68.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
5819104.monkey.com
Software
Apache /
Resource Hash
039e134b9f856d3f76a929df28a71c68724535d39243a31568a1fa886af29d4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://beget51.cf/vystar/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 14:10:18 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sun, 13 Feb 2022 04:02:36 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=5, max=100
Content-Length
67255
X-XSS-Protection
1; mode=block
media.vs.touch.css
beget51.cf/vystar/login/ses/files/
17 KB
17 KB
Stylesheet
General
Full URL
http://beget51.cf/vystar/login/ses/files/media.vs.touch.css
Requested by
Host: beget51.cf
URL: http://beget51.cf/vystar/login/ses/session_index
Protocol
HTTP/1.1
Server
162.240.68.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
5819104.monkey.com
Software
Apache /
Resource Hash
dbb72ddab73623da5af3233de372fad8f89d8e1858982933eff9ed007aacd432
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://beget51.cf/vystar/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 14:10:18 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sun, 13 Feb 2022 04:13:26 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=5, max=100
Content-Length
17315
X-XSS-Protection
1; mode=block
style.vs.touch.css
beget51.cf/vystar/login/ses/files/
12 KB
12 KB
Stylesheet
General
Full URL
http://beget51.cf/vystar/login/ses/files/style.vs.touch.css
Requested by
Host: beget51.cf
URL: http://beget51.cf/vystar/login/ses/session_index
Protocol
HTTP/1.1
Server
162.240.68.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
5819104.monkey.com
Software
Apache /
Resource Hash
a9f99926757857ba33236ed1dad2c2bc57b8e85a3f16130bc411fea7258b754b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://beget51.cf/vystar/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 14:10:18 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sun, 13 Feb 2022 04:02:54 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=5, max=100
Content-Length
12120
X-XSS-Protection
1; mode=block
Registration.min.css
beget51.cf/vystar/login/ses/files/
19 KB
19 KB
Stylesheet
General
Full URL
http://beget51.cf/vystar/login/ses/files/Registration.min.css
Requested by
Host: beget51.cf
URL: http://beget51.cf/vystar/login/ses/session_index
Protocol
HTTP/1.1
Server
162.240.68.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
5819104.monkey.com
Software
Apache /
Resource Hash
6f84bd2fb3b6eea3564e247fd8ac594b70759370188fc8cec99a36c4a3168a7d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://beget51.cf/vystar/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 14:10:19 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 21 Feb 2022 04:21:30 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=5, max=100
Content-Length
19321
X-XSS-Protection
1; mode=block
logo.png
beget51.cf/vystar/login/ses/files/
9 KB
9 KB
Image
General
Full URL
http://beget51.cf/vystar/login/ses/files/logo.png
Requested by
Host: beget51.cf
URL: http://beget51.cf/vystar/login/ses/session_index
Protocol
HTTP/1.1
Server
162.240.68.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
5819104.monkey.com
Software
Apache /
Resource Hash
2fcf8c434487b487fe936839597f007f0faacc245ec28b957d2d1a81bb3d2110
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://beget51.cf/vystar/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 14:10:19 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sun, 13 Feb 2022 04:03:02 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
8802
X-XSS-Protection
1; mode=block
background.png
beget51.cf/vystar/login/ses/files/
0
0

icons-36-white.png
beget51.cf/vystar/login/ses/files/
4 KB
4 KB
Image
General
Full URL
http://beget51.cf/vystar/login/ses/files/icons-36-white.png
Requested by
Host: beget51.cf
URL: http://beget51.cf/vystar/login/ses/files/media.vs.touch.css
Protocol
HTTP/1.1
Server
162.240.68.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
5819104.monkey.com
Software
Apache /
Resource Hash
ebed7c7172e03719d0e21b48f6ebc5e54344edb8c3543c25cb06b99b5475d434
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://beget51.cf/vystar/login/ses/files/media.vs.touch.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 14:10:22 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sun, 13 Feb 2022 04:03:12 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
3861
X-XSS-Protection
1; mode=block
icons-18-white.png
beget51.cf/vystar/login/ses/files/
2 KB
2 KB
Image
General
Full URL
http://beget51.cf/vystar/login/ses/files/icons-18-white.png
Requested by
Host: beget51.cf
URL: http://beget51.cf/vystar/login/ses/files/media.vs.touch.css
Protocol
HTTP/1.1
Server
162.240.68.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
5819104.monkey.com
Software
Apache /
Resource Hash
adf87a014a01854adce433560ffeb164570052b9c0b50f38915f8338d93cd5ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://beget51.cf/vystar/login/ses/files/media.vs.touch.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 14:10:22 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sun, 13 Feb 2022 04:03:16 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1988
X-XSS-Protection
1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
beget51.cf
URL
http://beget51.cf/vystar/login/ses/files/background.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: VyStar Credit Union (Financial)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block