foodationindia.com Open in urlscan Pro
138.201.207.99 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://houseplasterers.co.nz/399274056102638107234
Effective URL:
https://foodationindia.com/itmebaytop82734092734/
Submission: On March 11 via automatic, source openphish (March 11th 2024, 1:13:38 am UTC) — Scanned from NZ

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 10 HTTP transactions. The main IP is 138.201.207.99, located in Lübbecke, Germany and belongs to HETZNER-AS, DE. The main domain is foodationindia.com.
TLS certificate: Issued by R3 on January 23rd 2024. Valid for: 3 months.

This is the only time foodationindia.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: eBay (E-commerce)

Domain & IP information

	IP Address	AS Autonomous System
1 2	65.254.92.135 65.254.92.135	394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY)
1 9	138.201.207.99 138.201.207.99	24940 (HETZNER-AS) (HETZNER-AS)
1	2404:6800:400... 2404:6800:4006:80f::200a	15169 (GOOGLE) (GOOGLE)
10	3

2 65.254.92.135 (India) 1 redirects

ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: vs-kwizzytek1.au.syrahost.com

houseplasterers.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 138.201.207.99 (Lübbecke, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: hg.privatedns.in

foodationindia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4006:80f::200a (Sydney, Australia)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	foodationindia.com 1 redirects foodationindia.com	41 KB
2	houseplasterers.co.nz 1 redirects houseplasterers.co.nz	612 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30
10	3

	Domain	Requested by
9	foodationindia.com	1 redirects foodationindia.com
2	houseplasterers.co.nz	1 redirects
1	fonts.googleapis.com	foodationindia.com
10	3

This site contains no links.

Subject Issuer	Validity	Valid
houseplasterers.co.nz R3	`2024-02-11` - `2024-05-11`	3 months	crt.sh
foodationindia.com R3	`2024-01-23` - `2024-04-22`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://foodationindia.com/itmebaytop82734092734/
Frame ID: C3DD2DE13963C6A026A3DF02750B579F
Requests: 6 HTTP requests in this frame

Frame: https://foodationindia.com/itmebaytop82734092734/counter/counter1.php
Frame ID: 3B4AA1CED8168FBE74137C27ED8BE643
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://houseplasterers.co.nz/399274056102638107234 HTTP 301
https://houseplasterers.co.nz/399274056102638107234/ Page URL
https://foodationindia.com/itmebaytop82734092734 HTTP 301
https://foodationindia.com/itmebaytop82734092734/ Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

10
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

41 kB
Transfer

75 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://houseplasterers.co.nz/399274056102638107234 HTTP 301
https://houseplasterers.co.nz/399274056102638107234/ Page URL
https://foodationindia.com/itmebaytop82734092734 HTTP 301
https://foodationindia.com/itmebaytop82734092734/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://houseplasterers.co.nz/399274056102638107234 HTTP 301
https://houseplasterers.co.nz/399274056102638107234/

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response houseplasterers.co.nz/399274056102638107234/ Redirect Chain https://houseplasterers.co.nz/399274056102638107234 https://houseplasterers.co.nz/399274056102638107234/	93 B 339 B	90ms 90ms	Document text/html	65.254.92.135 PUBLIC-DOMAIN-REG...
General Check archive.org Show headers Download Go to Full URL https://houseplasterers.co.nz/399274056102638107234/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 65.254.92.135 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US), Reverse DNS vs-kwizzytek1.au.syrahost.com Software Apache / Resource Hash `5f23952c228161d2aa6d42ad9c8a40b44a13f6161bc4a14d062eaa0108c30e9f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 accept-language en-NZ,en;q=0.9 Response headers Connection Keep-Alive Content-Encoding gzip Content-Length 104 Content-Type text/html; charset=UTF-8 Date Mon, 11 Mar 2024 01:13:30 GMT Keep-Alive timeout=5, max=99 Server Apache Vary Accept-Encoding Redirect headers Connection Keep-Alive Content-Length 260 Content-Type text/html; charset=iso-8859-1 Date Mon, 11 Mar 2024 01:13:30 GMT Keep-Alive timeout=5, max=100 Location https://houseplasterers.co.nz/399274056102638107234/ Server Apache
GET H2	200	Primary Request / Show response foodationindia.com/itmebaytop82734092734/ Redirect Chain https://foodationindia.com/itmebaytop82734092734 https://foodationindia.com/itmebaytop82734092734/	8 KB 3 KB	343ms 343ms	Document text/html	138.201.207.99 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://foodationindia.com/itmebaytop82734092734/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 138.201.207.99 Lübbecke, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS hg.privatedns.in Software nginx / Resource Hash `e6c67ad165e02d6512d133cbb26ec4063a8be85a5d727bee3ed4164b35f99e13` Request headers Referer https://houseplasterers.co.nz/399274056102638107234/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 accept-language en-NZ,en;q=0.9 Response headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-encoding gzip content-length 2983 content-type text/html; charset=UTF-8 date Mon, 11 Mar 2024 01:13:34 GMT server nginx vary Accept-Encoding x-turbo-charged-by LiteSpeed Redirect headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 707 content-type text/html date Mon, 11 Mar 2024 01:13:34 GMT location https://foodationindia.com/itmebaytop82734092734/ server nginx x-turbo-charged-by LiteSpeed
GET H2	400	css fonts.googleapis.com/	0 0	635ms 243ms	Stylesheet text/html	2404:6800:4006:80f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=MarketSans Requested by Host: foodationindia.com URL: https://foodationindia.com/itmebaytop82734092734/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4006:80f::200a Sydney, Australia, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash Request headers accept-language en-NZ,en;q=0.9 Referer https://foodationindia.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers
GET H2	200	logo.png foodationindia.com/itmebaytop82734092734/	2 KB 3 KB	311ms 310ms	Image image/png	138.201.207.99 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://foodationindia.com/itmebaytop82734092734/logo.png Requested by Host: foodationindia.com URL: https://foodationindia.com/itmebaytop82734092734/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 138.201.207.99 Lübbecke, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS hg.privatedns.in Software nginx / Resource Hash `c4bb6d764f00d10e2f3448ce1d9eca1e1ffa8238a30e41aba201655a41e959c0` Request headers accept-language en-NZ,en;q=0.9 Referer https://foodationindia.com/itmebaytop82734092734/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Mon, 11 Mar 2024 01:13:34 GMT last-modified Mon, 05 Sep 2022 04:41:22 GMT server nginx content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 2224 expires Mon, 18 Mar 2024 01:13:34 GMT
GET H2	200	signin.png foodationindia.com/itmebaytop82734092734/	9 KB 10 KB	311ms 311ms	Image image/png	138.201.207.99 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://foodationindia.com/itmebaytop82734092734/signin.png Requested by Host: foodationindia.com URL: https://foodationindia.com/itmebaytop82734092734/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 138.201.207.99 Lübbecke, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS hg.privatedns.in Software nginx / Resource Hash `cccba13b939908d83a7ec394ee263e225d0098574100fa2534877400d8562684` Request headers accept-language en-NZ,en;q=0.9 Referer https://foodationindia.com/itmebaytop82734092734/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Mon, 11 Mar 2024 01:13:34 GMT last-modified Mon, 05 Sep 2022 05:03:06 GMT server nginx content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 9500 expires Mon, 18 Mar 2024 01:13:34 GMT
GET H3	200	MarketSans.ttf foodationindia.com/itmebaytop82734092734/	54 KB 24 KB	309ms 308ms	Font font/ttf	138.201.207.99 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://foodationindia.com/itmebaytop82734092734/MarketSans.ttf Requested by Host: foodationindia.com URL: https://foodationindia.com/itmebaytop82734092734/ Protocol H3 Security QUIC, , AES_128_GCM Server 138.201.207.99 Lübbecke, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS hg.privatedns.in Software LiteSpeed / Resource Hash `f97997c252780639d228d05ccc0430d60c7ae22b0d7f70cd420bca3b245f95a9` Request headers Referer https://foodationindia.com/itmebaytop82734092734/ Origin https://foodationindia.com accept-language en-NZ,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Mon, 11 Mar 2024 01:13:35 GMT content-encoding br last-modified Mon, 05 Sep 2022 06:25:40 GMT server LiteSpeed vary Accept-Encoding content-type font/ttf cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 24468 expires Mon, 18 Mar 2024 01:13:35 GMT
GET H3	200	counter1.php Show response foodationindia.com/itmebaytop82734092734/counter/ Frame 3B4A	231 B 143 B	340ms 339ms	Document text/html	138.201.207.99 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://foodationindia.com/itmebaytop82734092734/counter/counter1.php Requested by Host: foodationindia.com URL: https://foodationindia.com/itmebaytop82734092734/ Protocol H3 Security QUIC, , AES_128_GCM Server 138.201.207.99 Lübbecke, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS hg.privatedns.in Software LiteSpeed / Resource Hash `2912ae226f73e77a7ce9699d260f7f348c548145d64dcce9c67f4216ec9a99ea` Request headers Referer https://foodationindia.com/itmebaytop82734092734/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 accept-language en-NZ,en;q=0.9 Response headers content-encoding gzip content-length 106 content-type text/html; charset=UTF-8 date Mon, 11 Mar 2024 01:13:35 GMT server LiteSpeed vary Accept-Encoding
GET H3	200	3.GIF foodationindia.com/itmebaytop82734092734/counter/digits/1/ Frame 3B4A	141 B 183 B	309ms 308ms	Image image/gif	138.201.207.99 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://foodationindia.com/itmebaytop82734092734/counter/digits/1/3.GIF Requested by Host: foodationindia.com URL: https://foodationindia.com/itmebaytop82734092734/counter/counter1.php Protocol H3 Security QUIC, , AES_128_GCM Server 138.201.207.99 Lübbecke, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS hg.privatedns.in Software LiteSpeed / Resource Hash `74768b90cf9aab770795d4864b6cff46d00958858b2938bcaff94c463729dd10` Request headers accept-language en-NZ,en;q=0.9 Referer https://foodationindia.com/itmebaytop82734092734/counter/counter1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Mon, 11 Mar 2024 01:13:35 GMT last-modified Tue, 27 Feb 2018 12:09:16 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 accept-ranges bytes content-length 141 expires Mon, 18 Mar 2024 01:13:35 GMT
GET H3	200	2.GIF foodationindia.com/itmebaytop82734092734/counter/digits/1/ Frame 3B4A	145 B 165 B	309ms 309ms	Image image/gif	138.201.207.99 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://foodationindia.com/itmebaytop82734092734/counter/digits/1/2.GIF Requested by Host: foodationindia.com URL: https://foodationindia.com/itmebaytop82734092734/counter/counter1.php Protocol H3 Security QUIC, , AES_128_GCM Server 138.201.207.99 Lübbecke, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS hg.privatedns.in Software LiteSpeed / Resource Hash `3f9491e08d81e7ed47f0c93138189ba42a99a48d6ec86ab47a742c3b9bb2872f` Request headers accept-language en-NZ,en;q=0.9 Referer https://foodationindia.com/itmebaytop82734092734/counter/counter1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Mon, 11 Mar 2024 01:13:35 GMT last-modified Tue, 27 Feb 2018 12:09:16 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 accept-ranges bytes content-length 145 expires Mon, 18 Mar 2024 01:13:35 GMT
GET H3	200	6.GIF foodationindia.com/itmebaytop82734092734/counter/digits/1/ Frame 3B4A	142 B 184 B	308ms 308ms	Image image/gif	138.201.207.99 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://foodationindia.com/itmebaytop82734092734/counter/digits/1/6.GIF Requested by Host: foodationindia.com URL: https://foodationindia.com/itmebaytop82734092734/counter/counter1.php Protocol H3 Security QUIC, , AES_128_GCM Server 138.201.207.99 Lübbecke, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS hg.privatedns.in Software LiteSpeed / Resource Hash `52668877e284856ff8e44449e3a7de6176f5dddb69f5f0ba43bc621a3bf6ba3a` Request headers accept-language en-NZ,en;q=0.9 Referer https://foodationindia.com/itmebaytop82734092734/counter/counter1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Mon, 11 Mar 2024 01:13:35 GMT last-modified Tue, 27 Feb 2018 12:09:18 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 accept-ranges bytes content-length 142 expires Mon, 18 Mar 2024 01:13:35 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: eBay (E-commerce)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://fonts.googleapis.com/css?family=MarketSans Message: Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
foodationindia.com
houseplasterers.co.nz
138.201.207.99
2404:6800:4006:80f::200a
65.254.92.135
2912ae226f73e77a7ce9699d260f7f348c548145d64dcce9c67f4216ec9a99ea
3f9491e08d81e7ed47f0c93138189ba42a99a48d6ec86ab47a742c3b9bb2872f
52668877e284856ff8e44449e3a7de6176f5dddb69f5f0ba43bc621a3bf6ba3a
5f23952c228161d2aa6d42ad9c8a40b44a13f6161bc4a14d062eaa0108c30e9f
74768b90cf9aab770795d4864b6cff46d00958858b2938bcaff94c463729dd10
c4bb6d764f00d10e2f3448ce1d9eca1e1ffa8238a30e41aba201655a41e959c0
cccba13b939908d83a7ec394ee263e225d0098574100fa2534877400d8562684
e6c67ad165e02d6512d133cbb26ec4063a8be85a5d727bee3ed4164b35f99e13
f97997c252780639d228d05ccc0430d60c7ae22b0d7f70cd420bca3b245f95a9

foodationindia.com Open in urlscan Pro 138.201.207.99 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

41 kBTransfer

75 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

foodationindia.com Open in urlscan Pro
138.201.207.99 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

41 kB
Transfer

75 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!