fakemail.hu - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 195.56.77.123, located in Tatabánya, Hungary and belongs to GTSCE GTS Central Europe Antel Germany, CZ. The main domain is fakemail.hu.
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 30th 2022. Valid for: 3 months.

This is the only time fakemail.hu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Scotiabank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
5	195.56.77.123 195.56.77.123		5588 (GTSCE GTS...) (GTSCE GTS Central Europe Antel Germany)
5	1

5 195.56.77.123 (Tatabánya, Hungary)

ASN5588 (GTSCE GTS Central Europe Antel Germany, CZ)
PTR: signum3.icd.hu

fakemail.hu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	fakemail.hu fakemail.hu	11 KB
5	1

	Domain	Requested by
5	fakemail.hu	fakemail.hu
5	1

This site contains no links.

Subject Issuer	Validity	Valid
fakemail.hu cPanel, Inc. Certification Authority	`2022-11-30` - `2023-02-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://fakemail.hu/indexb.php
Frame ID: 40C7FFFD7D83DAFD1DC077AB5341ECAE
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Inicio

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

11 kB
Transfer

14 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request indexb.php Show response fakemail.hu/	4 KB 2 KB	159ms 48ms	Document text/html	195.56.77.123 GTSCE GTS Central...
General Check archive.org Show headers Download Go to Full URL https://fakemail.hu/indexb.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 195.56.77.123 Tatabánya, Hungary, ASN5588 (GTSCE GTS Central Europe Antel Germany, CZ), Reverse DNS signum3.icd.hu Software LiteSpeed / Resource Hash `76a5cf4e706156b6c16ffb9b3a9bf8582fd3a342a0e27b7daaa9136e9dfc15a0` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-encoding gzip content-type text/html; charset=UTF-8 date Sat, 21 Jan 2023 14:38:38 GMT server LiteSpeed vary Accept-Encoding
GET H2	200	logof.png fakemail.hu/im/	1 KB 1 KB	41ms 39ms	Image image/png	195.56.77.123 GTSCE GTS Central...
General Check archive.org Show headers Download Go to Show image Full URL https://fakemail.hu/im/logof.png Requested by Host: fakemail.hu URL: https://fakemail.hu/indexb.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 195.56.77.123 Tatabánya, Hungary, ASN5588 (GTSCE GTS Central Europe Antel Germany, CZ), Reverse DNS signum3.icd.hu Software LiteSpeed / Resource Hash `a7911bad92850eb0994555bb0b074b74dcda38baa08d77acb016d48e3dc40d4d` Request headers accept-language fr-FR,fr;q=0.9 Referer https://fakemail.hu/indexb.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers date Sat, 21 Jan 2023 14:38:38 GMT last-modified Sun, 17 Apr 2022 21:05:28 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 accept-ranges bytes content-length 1047 expires Sat, 28 Jan 2023 14:38:38 GMT
GET H2	200	logoa.png fakemail.hu/im/	2 KB 2 KB	40ms 40ms	Image image/png	195.56.77.123 GTSCE GTS Central...
General Check archive.org Show headers Download Go to Show image Full URL https://fakemail.hu/im/logoa.png Requested by Host: fakemail.hu URL: https://fakemail.hu/indexb.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 195.56.77.123 Tatabánya, Hungary, ASN5588 (GTSCE GTS Central Europe Antel Germany, CZ), Reverse DNS signum3.icd.hu Software LiteSpeed / Resource Hash `4a285ba6ec4cb66e6697421e555a89f6c8b74d5c66278063e5cf03e8d56cdf9a` Request headers accept-language fr-FR,fr;q=0.9 Referer https://fakemail.hu/indexb.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers date Sat, 21 Jan 2023 14:38:38 GMT last-modified Sun, 17 Apr 2022 21:05:28 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 accept-ranges bytes content-length 2523 expires Sat, 28 Jan 2023 14:38:38 GMT
GET H2	200	logog.png fakemail.hu/im/	3 KB 3 KB	40ms 40ms	Image image/png	195.56.77.123 GTSCE GTS Central...
General Check archive.org Show headers Download Go to Show image Full URL https://fakemail.hu/im/logog.png Requested by Host: fakemail.hu URL: https://fakemail.hu/indexb.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 195.56.77.123 Tatabánya, Hungary, ASN5588 (GTSCE GTS Central Europe Antel Germany, CZ), Reverse DNS signum3.icd.hu Software LiteSpeed / Resource Hash `39e2fdab31c527d2f066129f7b64c10dfead961a9e28dedf18116ba9739dedd3` Request headers accept-language fr-FR,fr;q=0.9 Referer https://fakemail.hu/indexb.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers date Sat, 21 Jan 2023 14:38:38 GMT last-modified Sun, 17 Apr 2022 21:05:28 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 accept-ranges bytes content-length 3257 expires Sat, 28 Jan 2023 14:38:38 GMT
GET H2	200	logob.png fakemail.hu/im/	3 KB 3 KB	42ms 42ms	Image image/png	195.56.77.123 GTSCE GTS Central...
General Check archive.org Show headers Download Go to Show image Full URL https://fakemail.hu/im/logob.png Requested by Host: fakemail.hu URL: https://fakemail.hu/indexb.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 195.56.77.123 Tatabánya, Hungary, ASN5588 (GTSCE GTS Central Europe Antel Germany, CZ), Reverse DNS signum3.icd.hu Software LiteSpeed / Resource Hash `4431f315b6ba320602e1f3f387bb3c52b0838d685a13f2d68f91a89de4ea1c84` Request headers accept-language fr-FR,fr;q=0.9 Referer https://fakemail.hu/indexb.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers date Sat, 21 Jan 2023 14:38:39 GMT last-modified Wed, 20 Jul 2022 16:40:18 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 accept-ranges bytes content-length 2782 expires Sat, 28 Jan 2023 14:38:39 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Scotiabank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fakemail.hu
195.56.77.123
39e2fdab31c527d2f066129f7b64c10dfead961a9e28dedf18116ba9739dedd3
4431f315b6ba320602e1f3f387bb3c52b0838d685a13f2d68f91a89de4ea1c84
4a285ba6ec4cb66e6697421e555a89f6c8b74d5c66278063e5cf03e8d56cdf9a
76a5cf4e706156b6c16ffb9b3a9bf8582fd3a342a0e27b7daaa9136e9dfc15a0
a7911bad92850eb0994555bb0b074b74dcda38baa08d77acb016d48e3dc40d4d

fakemail.hu Open in urlscan Pro 195.56.77.123 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

11 kBTransfer

14 kBSize

0 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

fakemail.hu Open in urlscan Pro
195.56.77.123 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

11 kB
Transfer

14 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!