abakerswife.com - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 198.57.151.187, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is abakerswife.com.

This is the only time abakerswife.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	198.57.151.187 198.57.151.187	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	2606:4700:303... 2606:4700:3038::6815:e9b9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
5	3

2 198.57.151.187 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: deinchiriat.com

abakerswife.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3038::6815:e9b9 (United States)

ASN13335 (CLOUDFLARENET, US)

icons.iconarchive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 73	17 KB
2	abakerswife.com abakerswife.com	3 KB
1	iconarchive.com icons.iconarchive.com — Cisco Umbrella Rank: 78733	7 KB
5	3

	Domain	Requested by
2	www.google-analytics.com	abakerswife.com
2	abakerswife.com	abakerswife.com
1	icons.iconarchive.com	abakerswife.com
5	3

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://abakerswife.com/wp-admin/net/repair/?email=corporate_communications%40navyfederal.org&entity=1994173
Frame ID: 4BE129D4BA9EDAC874F80187E4D2660A
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

email Settings | For: corporate_communications@navyfederal.org

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

5
Requests

0 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

28 kB
Transfer

57 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

http://www.google-analytics.com/ga.js HTTP 307
https://www.google-analytics.com/ga.js

Request Chain 3

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=82271135&utmhn=abakerswife.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=email%20Settings%20%7C%20For%3A%20corporate_communications%40navyfederal.org&utmhid=651935056&utmr=-&utmp=%2Fwp-admin%2Fnet%2Frepair%2F%3Femail%3Dcorporate_communications%252540navyfederal.org%26entity%3D1994173&utmht=1669392438208&utmac=UA-96586258-1&utmcc=__utma%3D11675492.463984812.1669392438.1669392438.1669392438.1%3B%2B__utmz%3D11675492.1669392438.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1833418940&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=82271135&utmhn=abakerswife.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=email%20Settings%20%7C%20For%3A%20corporate_communications%40navyfederal.org&utmhid=651935056&utmr=-&utmp=%2Fwp-admin%2Fnet%2Frepair%2F%3Femail%3Dcorporate_communications%252540navyfederal.org%26entity%3D1994173&utmht=1669392438208&utmac=UA-96586258-1&utmcc=__utma%3D11675492.463984812.1669392438.1669392438.1669392438.1%3B%2B__utmz%3D11675492.1669392438.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1833418940&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
abakerswife.com/wp-admin/net/repair/ 5 KB
2 KB 1406ms
215ms Document
text/html 198.57.151.187
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://abakerswife.com/wp-admin/net/repair/?email=corporate_communications%40navyfederal.org&entity=1994173
Protocol: HTTP/1.1
Server: 198.57.151.187 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: deinchiriat.com
Software: Apache /
Resource Hash: 318657c24956ad2331f32dc4692fcb0b48ab77e2c6b8fa81dbe61cf9e1f956ac

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: none
Connection: Upgrade, Keep-Alive
Content-Encoding: gzip
Content-Length: 2234
Content-Type: text/html; charset=UTF-8
Date: Fri, 25 Nov 2022 16:07:17 GMT
Keep-Alive: timeout=5, max=75
Server: Apache
Upgrade: h2,h2c
Vary: Accept-Encoding

GET
H/1.1 200
OK google_analytics_auto.js Show response
abakerswife.com/ 430 B
599 B 184ms
184ms Script
application/javascript 198.57.151.187
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://abakerswife.com/google_analytics_auto.js
Requested by: Host: abakerswife.com
URL: http://abakerswife.com/wp-admin/net/repair/?email=corporate_communications%40navyfederal.org&entity=1994173
Protocol: HTTP/1.1
Server: 198.57.151.187 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: deinchiriat.com
Software: Apache /
Resource Hash: 3e31591c5d7b2311bfd80bda1540f57a825323044e6ce923ca96b158f4f059d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://abakerswife.com/wp-admin/net/repair/?email=corporate_communications%40navyfederal.org&entity=1994173
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

Date: Fri, 25 Nov 2022 16:07:18 GMT
Content-Encoding: gzip
Last-Modified: Fri, 31 Mar 2017 21:07:12 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: none
Keep-Alive: timeout=5, max=74
Content-Length: 299

GET
H/1.1 200
OK email-2-icon.png
icons.iconarchive.com/icons/graphicloads/100-flat/256/ 6 KB
7 KB 119ms
58ms Image
image/png 2606:4700:3038::6815:e9b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://icons.iconarchive.com/icons/graphicloads/100-flat/256/email-2-icon.png
Requested by: Host: abakerswife.com
URL: http://abakerswife.com/wp-admin/net/repair/?email=corporate_communications%40navyfederal.org&entity=1994173
Protocol: HTTP/1.1
Server: 2606:4700:3038::6815:e9b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b76980f800f067d6c3210912939795ad385e827cd768ed1a1498fc8ff09669c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://abakerswife.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

Date: Fri, 25 Nov 2022 16:07:18 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 1244
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 6590
Last-Modified: Wed, 08 Jul 2020 23:41:28 GMT
Server: cloudflare
ETag: "5f0659a8-19be"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vIN0Dgo5VlWkg7M4NPXcdEwGTw9siBjG5jShpllD6mamTObHk6L6GnSw5dt91RRCKFC98CuFW%2Fqh2leDxp%2BjzQ%2F%2BeIH4mMCiAdiudm8Ao1MLhujs3Yqnu%2FohGDNniVgU8kNtDI%2B9OaWeFfxNTkDumJ9zAI4%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 76fba2f17c79c2c8-VIE

GET
H2

200

ga.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

45 KB
17 KB

71ms
21ms

Script
text/javascript

2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/ga.js

Requested by

Host: abakerswife.com
URL: http://abakerswife.com/wp-admin/net/repair/?email=corporate_communications%40navyfederal.org&entity=1994173

Protocol

H2

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://abakerswife.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 25 Nov 2022 14:39:05 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 5293
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Fri, 25 Nov 2022 16:39:05 GMT

Redirect headers

Location: https://www.google-analytics.com/ga.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2

200

__utm.gif
www.google-analytics.com/r/
Redirect Chain

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=82271135&utmhn=abakerswife.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=email%2...
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=82271135&utmhn=abakerswife.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=email%...

35 B
197 B

29ms
28ms

Image
image/gif

2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=82271135&utmhn=abakerswife.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=email%20Settings%20%7C%20For%3A%20corporate_communications%40navyfederal.org&utmhid=651935056&utmr=-&utmp=%2Fwp-admin%2Fnet%2Frepair%2F%3Femail%3Dcorporate_communications%252540navyfederal.org%26entity%3D1994173&utmht=1669392438208&utmac=UA-96586258-1&utmcc=__utma%3D11675492.463984812.1669392438.1669392438.1669392438.1%3B%2B__utmz%3D11675492.1669392438.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1833418940&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: abakerswife.com
URL: http://abakerswife.com/wp-admin/net/repair/?email=corporate_communications%40navyfederal.org&entity=1994173

Protocol

H2

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://abakerswife.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 16:07:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=82271135&utmhn=abakerswife.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=email%20Settings%20%7C%20For%3A%20corporate_communications%40navyfederal.org&utmhid=651935056&utmr=-&utmp=%2Fwp-admin%2Fnet%2Frepair%2F%3Femail%3Dcorporate_communications%252540navyfederal.org%26entity%3D1994173&utmht=1669392438208&utmac=UA-96586258-1&utmcc=__utma%3D11675492.463984812.1669392438.1669392438.1669392438.1%3B%2B__utmz%3D11675492.1669392438.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1833418940&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.abakerswife.com/	1970-01-20 17:19:12	Name: __utma Value: 11675492.463984812.1669392438.1669392438.1669392438.1
.abakerswife.com/	1969-12-31 23:59:59	Name: __utmc Value: 11675492
.abakerswife.com/	1970-01-20 12:06:00	Name: __utmz Value: 11675492.1669392438.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.abakerswife.com/	1970-01-20 07:43:13	Name: __utmt Value: 1
.abakerswife.com/	1970-01-20 07:43:14	Name: __utmb Value: 11675492.1.10.1669392438

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

abakerswife.com
icons.iconarchive.com
www.google-analytics.com
198.57.151.187
2606:4700:3038::6815:e9b9
2a00:1450:4001:808::200e
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
318657c24956ad2331f32dc4692fcb0b48ab77e2c6b8fa81dbe61cf9e1f956ac
3e31591c5d7b2311bfd80bda1540f57a825323044e6ce923ca96b158f4f059d0
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9b76980f800f067d6c3210912939795ad385e827cd768ed1a1498fc8ff09669c

abakerswife.com Open in urlscan Pro 198.57.151.187 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

5 Requests

0 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

28 kBTransfer

57 kBSize

5 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

5 Cookies

Indicators

abakerswife.com Open in urlscan Pro
198.57.151.187 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

0 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

28 kB
Transfer

57 kB
Size

5
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!