frenkinonket.com Open in urlscan Pro
104.21.64.1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://frenkinonket.com/online/login/
Submission: On December 12 via automatic, source openphish (December 12th 2024, 1:10:41 am UTC) — Scanned from DE

Summary HTTP 10 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 104.21.64.1, located in and belongs to CLOUDFLARENET, US. The main domain is frenkinonket.com.
TLS certificate: Issued by WE1 on December 8th 2024. Valid for: 3 months.

This is the only time frenkinonket.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: New York Life Insurance (Insurance)

Domain & IP information

	IP Address	AS Autonomous System
8	104.21.64.1 104.21.64.1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.72.245 172.67.72.245	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
10	4

8 104.21.64.1 (None, )

ASN13335 (CLOUDFLARENET, US)

frenkinonket.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.72.245 (United States)

ASN13335 (CLOUDFLARENET, US)

www.wpfaster.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.137 (San Francisco, United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	frenkinonket.com frenkinonket.com	259 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 847	30 KB
1	wpfaster.org www.wpfaster.org	240 KB
10	3

	Domain	Requested by
8	frenkinonket.com	frenkinonket.com
1	code.jquery.com	frenkinonket.com
1	www.wpfaster.org	frenkinonket.com
10	3

This site contains links to these domains. Also see Links.

Domain
www.newyorklife.com
mynylgbs.com
twitter.com
www.linkedin.com

Subject Issuer	Validity	Valid
frenkinonket.com WE1	`2024-12-08` - `2025-03-08`	3 months	crt.sh
wpfaster.org WE1	`2024-11-06` - `2025-02-04`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://frenkinonket.com/online/login/
Frame ID: 6EB166A9CE7FED44E407D75F2169E1F1
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

My Account | New York Life Group Benefit Solutions

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

529 kB
Transfer

944 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: http://www.newyorklife.com/my-account/disclaimer
Title: Disclosure Statement opens in a new tab

Search URL Search Domain Scan URL

URL: https://mynylgbs.com/
Title: Accounts opens in a new tab

Search URL Search Domain Scan URL

URL: https://twitter.com/NewYorkLife
Title: NYL twitter page opens in a new Window

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/showcase/new-york-life-group-benefit-solutions/
Title: NYL LinkedIn page opens in a new Window

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
frenkinonket.com/online/login/ 411 KB
51 KB 764ms
212ms Document
text/html 104.21.64.1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://frenkinonket.com/online/login/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.64.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2dae473ad3d1f85a5c61d8ba20405e3e00d72a1ac06a68b885973f2fd757bc2f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8f09d5ed8b7ae5a2-OTP
content-encoding: zstd
content-type: text/html
date: Thu, 12 Dec 2024 01:10:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qqy7Ko4fWsZdkZvdRZ8DK1rBihzx9mzz10pTgtUQl9aCVzDX3byLQDDKU5yc9pahpteUjaD3%2FxjKIRY0oYXieYnx16YY0KivR0lNZKqfrA4tiyGfZjkeUbKIY1DHDtKvSlKK"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=26024&min_rtt=25959&rtt_var=4163&sent=8&recv=11&lost=0&retrans=0&sent_bytes=4256&recv_bytes=2300&delivery_rate=154776&cwnd=253&unsent_bytes=0&cid=8c91d023796d3da2&ts=281&x=0"
vary: Accept-Encoding

GET
H2 200 circle-loading-gif.gif
www.wpfaster.org/wp-content/uploads/2013/06/ 239 KB
240 KB 640ms
81ms Image
image/webp 172.67.72.245
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.wpfaster.org/wp-content/uploads/2013/06/circle-loading-gif.gif

Requested by

Host: frenkinonket.com
URL: https://frenkinonket.com/online/login/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.72.245 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9f8d46aae198d5db87825a5310438bd3f70c4311dc0497d9b51195904ba07c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://frenkinonket.com/

Response headers

cf-bgj: imgq:85,h2pri
cf-cache-status: HIT
age: 1048605
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5S7FeFFGJUi0OefkyL7oPtbUbfp2rSesQ%2Fals%2BgRwyajqtJCPAN8l1jwB6AfwMGUfgoOfQarHj2ZJKiBr9FFG58dwkEnblQNpl7RkHZUeka7ohd47BYc5IkNU2UvASyHlJ8%3D"}],"group":"cf-nel","max_age":604800}
expires: Sat, 29 Mar 2025 10:59:03 GMT
cf-polished: origFmt=gif, origSize=245347
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26711&min_rtt=25995&rtt_var=7935&sent=6&recv=8&lost=0&retrans=0&sent_bytes=4026&recv_bytes=2256&delivery_rate=155245&cwnd=252&unsent_bytes=0&cid=1c12a5da36ec84d7&ts=151&x=0"
date: Thu, 12 Dec 2024 01:10:37 GMT
content-type: image/webp
content-disposition: inline; filename="circle-loading-gif.webp"
vary: Accept
last-modified: Sun, 17 Jul 2016 13:33:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=10368000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f09d5f34bb2c9c8-OTP
accept-ranges: bytes
content-length: 244594
server: cloudflare

GET
H2 200 jquery-3.7.0.min.js Show response
code.jquery.com/ 85 KB
30 KB 625ms
70ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.7.0.min.js
Requested by: Host: frenkinonket.com
URL: https://frenkinonket.com/online/login/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://frenkinonket.com/

Response headers

content-encoding: gzip
etag: W/"28feccc0-155a6"
age: 2419593
x-cache: HIT, HIT
date: Thu, 12 Dec 2024 01:10:37 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
x-cache-hits: 1, 14754
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
x-served-by: cache-lga13623-LGA, cache-fra-eddf8230020-FRA
cache-control: public, max-age=31536000, stale-while-revalidate=604800
x-timer: S1733965837.340945,VS0,VE0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30308
server: nginx

GET
H2 200 nyl-logo-new.svg
frenkinonket.com/online/login/css/ 4 KB
2 KB 77ms
76ms Image
image/svg+xml 104.21.64.1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://frenkinonket.com/online/login/css/nyl-logo-new.svg
Requested by: Host: frenkinonket.com
URL: https://frenkinonket.com/online/login/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.64.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3a0babbf5d20e5e97dc39e6b670cf3c4c169e24886d82f510b1b8689ee7dbdf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://frenkinonket.com/online/login/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"67586957-efe"
age: 19372
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oUH%2FHUEDvwX6kDDLkYg4dH10ZN54lH1ueAItOtSILGFwhCKhMGY5pNZpfzpUlFdb74ElACHbqMG%2Bsjv7d9on1RIj1oLO1fQ60WvlYzsNqTlr95dCH9NO9aQehd47F%2BE%2BDFOA"}],"group":"cf-nel","max_age":604800}
expires: Thu, 12 Dec 2024 19:47:44 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26144&min_rtt=25934&rtt_var=240&sent=74&recv=52&lost=0&retrans=0&sent_bytes=57344&recv_bytes=2554&delivery_rate=2271557&cwnd=257&unsent_bytes=0&cid=8c91d023796d3da2&ts=520&x=0"
date: Thu, 12 Dec 2024 01:10:36 GMT
content-type: image/svg+xml
last-modified: Tue, 10 Dec 2024 16:16:23 GMT
vary: Accept-Encoding
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f09d5efdc1ae5a2-OTP
server: cloudflare

GET
H2 200 checkbox-open.svg
frenkinonket.com/online/login/css/ 714 B
852 B 77ms
77ms Image
image/svg+xml 104.21.64.1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://frenkinonket.com/online/login/css/checkbox-open.svg
Requested by: Host: frenkinonket.com
URL: https://frenkinonket.com/online/login/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.64.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e52d81d5f0c0f2b72135a5d2de00e639bc67bcd49bc89615bf437aa87737a250

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://frenkinonket.com/online/login/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"67586956-2ca"
age: 19372
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iDCamjR2hWdCLoqyieU7T5a8LeqpsjfH3bFqzG66D2T9b78webCwC12ayVAjz%2BVtXcaK%2FfkP7xAe%2BYoER3bGtFHXypt%2FP%2F%2BGoNFZnPvwwZ79LS%2FCJE6ntRyzmijVo%2BTeZagl"}],"group":"cf-nel","max_age":604800}
expires: Thu, 12 Dec 2024 19:47:44 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26144&min_rtt=25934&rtt_var=240&sent=78&recv=52&lost=0&retrans=0&sent_bytes=59678&recv_bytes=2554&delivery_rate=2271557&cwnd=257&unsent_bytes=0&cid=8c91d023796d3da2&ts=522&x=0"
date: Thu, 12 Dec 2024 01:10:36 GMT
content-type: image/svg+xml
last-modified: Tue, 10 Dec 2024 16:16:22 GMT
vary: Accept-Encoding
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f09d5efdc1be5a2-OTP
server: cloudflare

GET
DATA 200
OK truncated
/ 700 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 40ac865152cdb0b20d4d1fe365c5b411e339bfce9f77ea3d0a93f9d036203c0e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 648 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9e60e3747abe0f0a82abdb0f8a22142edb90319e853711d6ff3b9da7e8fa2335

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H2 200 EffraPro-Regular.woff
frenkinonket.com/online/login/css/ 58 KB
59 KB 280ms
278ms Font
application/font-woff 104.21.64.1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://frenkinonket.com/online/login/css/EffraPro-Regular.woff
Requested by: Host: frenkinonket.com
URL: https://frenkinonket.com/online/login/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.64.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24a852825c6ce6599ac1a6a90e34cab8dce7de403861012e22c01e2f93ae2bf9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://frenkinonket.com
Referer: https://frenkinonket.com/online/login/

Response headers

cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
etag: W/"67586957-e814"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lBzenG9%2FiEZfeMWKb1l89Eb2wK19cYzdekMQVVtqjaItGB8cjuqVvnw5m16GBa3F3rAg4A08cAynONU5JNMuiigkj7atroE59OyU1WH6Q0WHZ8ifkCpNNVajwCfIy6ApAxEm"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f09d5effc2ee5a2-OTP
expires: Fri, 13 Dec 2024 01:10:36 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26052&min_rtt=25934&rtt_var=54&sent=106&recv=72&lost=0&retrans=0&sent_bytes=87690&recv_bytes=2917&delivery_rate=2271557&cwnd=257&unsent_bytes=0&cid=8c91d023796d3da2&ts=741&x=0"
date: Thu, 12 Dec 2024 01:10:37 GMT
content-type: application/font-woff
last-modified: Tue, 10 Dec 2024 16:16:23 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 AldaPro-Regular.woff
frenkinonket.com/online/login/css/ 60 KB
60 KB 279ms
278ms Font
application/font-woff 104.21.64.1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://frenkinonket.com/online/login/css/AldaPro-Regular.woff
Requested by: Host: frenkinonket.com
URL: https://frenkinonket.com/online/login/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.64.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b6665d7605c115f7762d63c2853bee23b8ad8bb3b664b9561eb50ab2608375c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://frenkinonket.com
Referer: https://frenkinonket.com/online/login/

Response headers

cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
etag: W/"67586956-ef24"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rs9JR0e4JX2XcScmeXibmWjCUYRFjGKWA0ce9meBzs0WtikweMU2zTSW%2FpPLy%2BX1sBoXKuR99BrBvWf7FqtFeavxtozwS5su2Myhpw3jfRv7J%2BdcXSk3AzmZNXm3yEXXsI5n"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f09d5effc2fe5a2-OTP
expires: Fri, 13 Dec 2024 01:10:36 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26052&min_rtt=25934&rtt_var=54&sent=105&recv=72&lost=0&retrans=0&sent_bytes=87199&recv_bytes=2917&delivery_rate=2271557&cwnd=257&unsent_bytes=0&cid=8c91d023796d3da2&ts=741&x=0"
date: Thu, 12 Dec 2024 01:10:37 GMT
content-type: application/font-woff
last-modified: Tue, 10 Dec 2024 16:16:22 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 effra-medium-webfont.woff2
frenkinonket.com/online/login/css/ 25 KB
26 KB 236ms
235ms Font
application/octet-stream 104.21.64.1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://frenkinonket.com/online/login/css/effra-medium-webfont.woff2
Requested by: Host: frenkinonket.com
URL: https://frenkinonket.com/online/login/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.64.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0387e0e99298f69281cc3466c65337df88e5a79b55f73cf75302f5f3d6ec424

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://frenkinonket.com
Referer: https://frenkinonket.com/online/login/

Response headers

cf-cache-status: MISS
etag: "67586956-651c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IJ238IuLt71A85kWp38auG1aqKVXywMg3XkpE1nGDDPVUJm735dRd9nNjbMgTwq%2BrKLkKbNbJ%2BCg7qVGS%2B9R%2BSmvrRLyaw4Lg%2FtJzDrB3ol3V2gfiSNG6Et4HsLTjPRnEQaa"}],"group":"cf-nel","max_age":604800}
expires: Fri, 13 Dec 2024 01:10:36 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26064&min_rtt=25934&rtt_var=126&sent=82&recv=61&lost=0&retrans=0&sent_bytes=60596&recv_bytes=2917&delivery_rate=2271557&cwnd=257&unsent_bytes=0&cid=8c91d023796d3da2&ts=698&x=0"
date: Thu, 12 Dec 2024 01:10:36 GMT
content-type: application/octet-stream
last-modified: Tue, 10 Dec 2024 16:16:22 GMT
vary: Accept-Encoding
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f09d5f00c3be5a2-OTP
accept-ranges: bytes
content-length: 25884
server: cloudflare

GET
H2 200 EffraPro-Bold.woff
frenkinonket.com/online/login/css/ 59 KB
59 KB 317ms
316ms Font
application/font-woff 104.21.64.1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://frenkinonket.com/online/login/css/EffraPro-Bold.woff
Requested by: Host: frenkinonket.com
URL: https://frenkinonket.com/online/login/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.64.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2129472b66f7da1c73dfc21dc27ed03788781e8a54f6b8a77df0cd255ce7971c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://frenkinonket.com
Referer: https://frenkinonket.com/online/login/

Response headers

cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
etag: W/"67586956-eae4"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HbskJYQm0pH7h5zJ5PDwfhSTnCiDF41RmqsMDl58cxrSa%2FgBv6orhNQRXcaSTvm%2BXIcfjw8xlrXunSwHHuhCUysZa%2FvjBNjZrMFA79Xy1c7kTd7j4wYJ0dEyS3nCJs0jZYhz"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f09d5f00c3ce5a2-OTP
expires: Fri, 13 Dec 2024 01:10:36 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26052&min_rtt=25934&rtt_var=54&sent=200&recv=72&lost=0&retrans=0&sent_bytes=209562&recv_bytes=2917&delivery_rate=2271557&cwnd=257&unsent_bytes=0&cid=8c91d023796d3da2&ts=745&x=0"
date: Thu, 12 Dec 2024 01:10:37 GMT
content-type: application/font-woff
last-modified: Tue, 10 Dec 2024 16:16:22 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 favicon.ico
frenkinonket.com/ 1 KB
1 KB 187ms
187ms Other
image/vnd.microsoft.icon 104.21.64.1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://frenkinonket.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.64.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42938b72e2ec54515eb9c49145f42b8728cfc0b70170f80aef58ce93032b1c1d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://frenkinonket.com/online/login/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
etag: W/"47e-62901a4822f10"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I2FgLR5dNv1PEP9c5PP4omhymdByuHtSt5BoON%2Fg9Igak6gAvL5k%2BhbFpH00ys%2BIu9RyFjACRl8TpU6HQmjmyJ5bcClb9j%2BoJwgn%2FYdKslhm8pHSMOHzEZ7m4he3fkJ9CrpO"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f09d5f57d9fe5a2-OTP
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26057&min_rtt=25934&rtt_var=46&sent=250&recv=106&lost=0&retrans=0&sent_bytes=270373&recv_bytes=2982&delivery_rate=6322618&cwnd=341&unsent_bytes=0&cid=8c91d023796d3da2&ts=1525&x=0"
date: Thu, 12 Dec 2024 01:10:37 GMT
content-type: image/vnd.microsoft.icon
last-modified: Wed, 11 Dec 2024 17:08:11 GMT
vary: Accept-Encoding
server: cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: New York Life Insurance (Insurance)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| getUpdatesLogin function| loginCallback

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
frenkinonket.com
www.wpfaster.org
104.21.64.1
151.101.2.137
172.67.72.245
2129472b66f7da1c73dfc21dc27ed03788781e8a54f6b8a77df0cd255ce7971c
24a852825c6ce6599ac1a6a90e34cab8dce7de403861012e22c01e2f93ae2bf9
2dae473ad3d1f85a5c61d8ba20405e3e00d72a1ac06a68b885973f2fd757bc2f
40ac865152cdb0b20d4d1fe365c5b411e339bfce9f77ea3d0a93f9d036203c0e
42938b72e2ec54515eb9c49145f42b8728cfc0b70170f80aef58ce93032b1c1d
7b6665d7605c115f7762d63c2853bee23b8ad8bb3b664b9561eb50ab2608375c
9e60e3747abe0f0a82abdb0f8a22142edb90319e853711d6ff3b9da7e8fa2335
d0387e0e99298f69281cc3466c65337df88e5a79b55f73cf75302f5f3d6ec424
d3a0babbf5d20e5e97dc39e6b670cf3c4c169e24886d82f510b1b8689ee7dbdf
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
e52d81d5f0c0f2b72135a5d2de00e639bc67bcd49bc89615bf437aa87737a250
e9f8d46aae198d5db87825a5310438bd3f70c4311dc0497d9b51195904ba07c9

frenkinonket.com Open in urlscan Pro 104.21.64.1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

529 kBTransfer

944 kBSize

0 Cookies

4 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

frenkinonket.com Open in urlscan Pro
104.21.64.1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

529 kB
Transfer

944 kB
Size

0
Cookies

10 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!