befy.finance Open in urlscan Pro
62.182.83.130 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://befy.finance/app/MetaMask.html
Submission: On December 07 via manual (December 7th 2022, 9:03:23 am UTC) from RS — Scanned from DE

Summary HTTP 10 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 62.182.83.130, located in Kyiv, Ukraine and belongs to YURTEH-AS, UA. The main domain is befy.finance.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 12th 2022. Valid for: 3 months.

This is the only time befy.finance was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Metamask (Crypto)

Domain & IP information

	IP Address		AS Autonomous System
10	62.182.83.130 62.182.83.130		30860 (YURTEH-AS) (YURTEH-AS)
10	1

10 62.182.83.130 (Kyiv, Ukraine)

ASN30860 (YURTEH-AS, UA)
PTR: host130.v-sys.org

befy.finance	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	befy.finance befy.finance	1 MB
10	1

	Domain	Requested by
10	befy.finance	befy.finance
10	1

This site contains links to these domains. Also see Links.

Domain
metamask.zendesk.com
github.com
multibit.org
blockchain.info

Subject Issuer	Validity	Valid
befy.finance cPanel, Inc. Certification Authority	`2022-10-12` - `2023-01-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://befy.finance/app/MetaMask.html
Frame ID: 897BE880C033383DD6A5A6686CC4CCD5
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MetaMask Notification

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1282 kB
Transfer

1281 kB
Size

0
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://metamask.zendesk.com/hc/en-us
Title: Metamask Support

Search URL Search Domain Scan URL

URL: https://github.com/bitcoin/bips/blob/master/bip-0085.mediawiki
Title: BIP85 spec

Search URL Search Domain Scan URL

URL: https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki
Title: BIP44 spec

Search URL Search Domain Scan URL

URL: https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#purpose
Title: Purpose

Search URL Search Domain Scan URL

URL: https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#registered-coin-types
Title: Coin

Search URL Search Domain Scan URL

URL: https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#account
Title: Account

Search URL Search Domain Scan URL

URL: https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#change
Title: External / Internal

Search URL Search Domain Scan URL

URL: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
Title: BIP32 spec

Search URL Search Domain Scan URL

URL: https://github.com/bitcoin/bitcoin/pull/8035
Title: Bitcoin Core BIP32 implementation

Search URL Search Domain Scan URL

URL: https://multibit.org/
Title: MultiBit HD

Search URL Search Domain Scan URL

URL: https://blockchain.info/
Title: blockchain.info

Search URL Search Domain Scan URL

URL: https://github.com/bitcoin/bips/blob/master/bip-0049.mediawiki
Title: BIP49 spec

Search URL Search Domain Scan URL

URL: https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki
Title: BIP141 spec

Search URL Search Domain Scan URL

URL: https://github.com/bitcoin/bips/blob/master/bip-0084.mediawiki
Title: BIP84 spec

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request MetaMask.html Show response befy.finance/app/	224 KB 224 KB	312ms 96ms	Document text/html	62.182.83.130 YURTEH-AS
General Check archive.org Show headers Download Go to Full URL https://befy.finance/app/MetaMask.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 62.182.83.130 Kyiv, Ukraine, ASN30860 (YURTEH-AS, UA), Reverse DNS host130.v-sys.org Software nginx / Resource Hash `11e81c1001b640b4688fd1b07d6b70a152acd9f81e85dd52cf402911b49ddff5` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Connection keep-alive Content-Length 229143 Content-Type text/html Date Wed, 07 Dec 2022 09:03:18 GMT Last-Modified Wed, 12 Oct 2022 06:00:41 GMT Server nginx
GET H/1.1	200 OK	connect.css befy.finance/app/css/	883 KB 884 KB	89ms 49ms	Stylesheet text/css	62.182.83.130 YURTEH-AS
General Check archive.org Show headers Download Go to Full URL https://befy.finance/app/css/connect.css Requested by Host: befy.finance URL: https://befy.finance/app/MetaMask.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 62.182.83.130 Kyiv, Ukraine, ASN30860 (YURTEH-AS, UA), Reverse DNS host130.v-sys.org Software nginx / Resource Hash `8aa277b6835910911fe4dd73887e99f4d74a00429509f74510661414a7f61e17` Request headers accept-language de-DE,de;q=0.9 Referer https://befy.finance/app/MetaMask.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Date Wed, 07 Dec 2022 09:03:18 GMT Last-Modified Sun, 28 Aug 2022 19:03:22 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 904597 Content-Type text/css
GET H/1.1	200 OK	metamask-logo-horizontal.svg befy.finance/app/img/	5 KB 5 KB	158ms 55ms	Image image/svg+xml	62.182.83.130 YURTEH-AS
General Check archive.org Show headers Download Go to Show image Full URL https://befy.finance/app/img/metamask-logo-horizontal.svg Requested by Host: befy.finance URL: https://befy.finance/app/MetaMask.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 62.182.83.130 Kyiv, Ukraine, ASN30860 (YURTEH-AS, UA), Reverse DNS host130.v-sys.org Software nginx / Resource Hash `a2779239ae69999a04e2e98ee5be8a282a21b41b7b4c6ce00c881ecc82fcaa50` Request headers accept-language de-DE,de;q=0.9 Referer https://befy.finance/app/MetaMask.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Date Wed, 07 Dec 2022 09:03:18 GMT Last-Modified Sun, 28 Aug 2022 19:03:22 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 5020 Content-Type image/svg+xml
GET H/1.1	200 OK	metamask-fox.svg befy.finance/app/img/	3 KB 3 KB	158ms 49ms	Image image/svg+xml	62.182.83.130 YURTEH-AS
General Check archive.org Show headers Download Go to Show image Full URL https://befy.finance/app/img/metamask-fox.svg Requested by Host: befy.finance URL: https://befy.finance/app/MetaMask.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 62.182.83.130 Kyiv, Ukraine, ASN30860 (YURTEH-AS, UA), Reverse DNS host130.v-sys.org Software nginx / Resource Hash `b855851451c3eb7220bc7331d6cf7f19dad4580ebc35610211f028848ba7fc34` Request headers accept-language de-DE,de;q=0.9 Referer https://befy.finance/app/MetaMask.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Date Wed, 07 Dec 2022 09:03:18 GMT Last-Modified Sun, 28 Aug 2022 19:03:22 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 3231 Content-Type image/svg+xml
GET H/1.1	200 OK	logo.js Show response befy.finance/app/js/	78 KB 78 KB	164ms 82ms	Script application/javascript	62.182.83.130 YURTEH-AS
General Check archive.org Show headers Download Go to Full URL https://befy.finance/app/js/logo.js Requested by Host: befy.finance URL: https://befy.finance/app/MetaMask.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 62.182.83.130 Kyiv, Ukraine, ASN30860 (YURTEH-AS, UA), Reverse DNS host130.v-sys.org Software nginx / Resource Hash `bfefca810b4d336318e4efee744dc69321a39e3df3e9c5889e2038720c08ac12` Request headers accept-language de-DE,de;q=0.9 Referer https://befy.finance/app/MetaMask.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Date Wed, 07 Dec 2022 09:03:18 GMT Last-Modified Sun, 28 Aug 2022 19:03:22 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 79754 Content-Type application/javascript
GET H/1.1	200 OK	jquery-3.6.0.min.js Show response befy.finance/app/js/	87 KB 88 KB	158ms 98ms	Script application/javascript	62.182.83.130 YURTEH-AS
General Check archive.org Show headers Download Go to Full URL https://befy.finance/app/js/jquery-3.6.0.min.js Requested by Host: befy.finance URL: https://befy.finance/app/MetaMask.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 62.182.83.130 Kyiv, Ukraine, ASN30860 (YURTEH-AS, UA), Reverse DNS host130.v-sys.org Software nginx / Resource Hash `ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b` Request headers accept-language de-DE,de;q=0.9 Referer https://befy.finance/app/MetaMask.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Date Wed, 07 Dec 2022 09:03:18 GMT Last-Modified Sun, 28 Aug 2022 19:03:22 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 89503 Content-Type application/javascript
GET H/1.1	200 OK	carousel.min.css befy.finance/app/css/	0 206 B	49ms 49ms	Stylesheet text/css	62.182.83.130 YURTEH-AS
General Check archive.org Show headers Download Go to Full URL https://befy.finance/app/css/carousel.min.css Requested by Host: befy.finance URL: https://befy.finance/app/css/connect.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 62.182.83.130 Kyiv, Ukraine, ASN30860 (YURTEH-AS, UA), Reverse DNS host130.v-sys.org Software nginx / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://befy.finance/app/css/connect.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Date Wed, 07 Dec 2022 09:03:18 GMT Last-Modified Sun, 28 Aug 2022 19:03:22 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 0 Content-Type text/css
GET H/1.1	200 OK	caret-down.svg befy.finance/app/img/	164 B 377 B	63ms 50ms	Image image/svg+xml	62.182.83.130 YURTEH-AS
General Check archive.org Show headers Download Go to Show image Full URL https://befy.finance/app/img/caret-down.svg Requested by Host: befy.finance URL: https://befy.finance/app/css/connect.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 62.182.83.130 Kyiv, Ukraine, ASN30860 (YURTEH-AS, UA), Reverse DNS host130.v-sys.org Software nginx / Resource Hash `e5ca4b439e879644b1528ecc7c538a6240ee9210a16a63861a5086c15815b026` Request headers accept-language de-DE,de;q=0.9 Referer https://befy.finance/app/css/connect.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Date Wed, 07 Dec 2022 09:03:18 GMT Last-Modified Sun, 28 Aug 2022 19:03:22 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 164 Content-Type image/svg+xml
GET H/1.1	404 Not Found	EuclidCircularB-Regular-WebXL.ttf befy.finance/app/fonts/	0 0	53ms 51ms	Font text/html	62.182.83.130 YURTEH-AS
General Check archive.org Show headers Download Go to Full URL https://befy.finance/app/fonts/EuclidCircularB-Regular-WebXL.ttf Requested by Host: befy.finance URL: https://befy.finance/app/css/connect.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 62.182.83.130 Kyiv, Ukraine, ASN30860 (YURTEH-AS, UA), Reverse DNS host130.v-sys.org Software nginx / Resource Hash Request headers Referer https://befy.finance/app/css/connect.css Origin https://befy.finance accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Date Wed, 07 Dec 2022 09:03:18 GMT Server nginx Connection keep-alive Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	EuclidCircularB-Bold-WebXL.ttf befy.finance/app/fonts/	0 0	49ms 48ms	Font text/html	62.182.83.130 YURTEH-AS
General Check archive.org Show headers Download Go to Full URL https://befy.finance/app/fonts/EuclidCircularB-Bold-WebXL.ttf Requested by Host: befy.finance URL: https://befy.finance/app/css/connect.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 62.182.83.130 Kyiv, Ukraine, ASN30860 (YURTEH-AS, UA), Reverse DNS host130.v-sys.org Software nginx / Resource Hash Request headers Referer https://befy.finance/app/css/connect.css Origin https://befy.finance accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Date Wed, 07 Dec 2022 09:03:22 GMT Server nginx Connection keep-alive Content-Length 315 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Metamask (Crypto)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://befy.finance/app/fonts/EuclidCircularB-Regular-WebXL.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://befy.finance/app/fonts/EuclidCircularB-Bold-WebXL.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

befy.finance
62.182.83.130
11e81c1001b640b4688fd1b07d6b70a152acd9f81e85dd52cf402911b49ddff5
8aa277b6835910911fe4dd73887e99f4d74a00429509f74510661414a7f61e17
a2779239ae69999a04e2e98ee5be8a282a21b41b7b4c6ce00c881ecc82fcaa50
b855851451c3eb7220bc7331d6cf7f19dad4580ebc35610211f028848ba7fc34
bfefca810b4d336318e4efee744dc69321a39e3df3e9c5889e2038720c08ac12
ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5ca4b439e879644b1528ecc7c538a6240ee9210a16a63861a5086c15815b026

befy.finance Open in urlscan Pro 62.182.83.130 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

1282 kBTransfer

1281 kBSize

0 Cookies

14 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

befy.finance Open in urlscan Pro
62.182.83.130 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1282 kB
Transfer

1281 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!