bakersfantasy.com Open in urlscan Pro
192.163.198.113 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://traxxcon.com/index/t.html
Effective URL:
https://bakersfantasy.com/dz/
Submission: On August 15 via manual (August 15th 2022, 7:22:46 am UTC) from DE — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 11 HTTP transactions. The main IP is 192.163.198.113, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is bakersfantasy.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 26th 2022. Valid for: 3 months.

This is the only time bakersfantasy.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	185.61.153.82 185.61.153.82	22612 (NAMECHEAP...) (NAMECHEAP-NET)
10	192.163.198.113 192.163.198.113	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
11	2

1 185.61.153.82 (United Kingdom)

ASN22612 (NAMECHEAP-NET, US)
PTR: host61.registrar-servers.com

traxxcon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 192.163.198.113 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: server.d-98-lux-57-on-712-line.in

bakersfantasy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	bakersfantasy.com bakersfantasy.com	435 KB
1	traxxcon.com traxxcon.com	350 B
11	2

	Domain	Requested by
10	bakersfantasy.com	bakersfantasy.com
1	traxxcon.com
11	2

This site contains no links.

Subject Issuer	Validity	Valid
bakersfantasy.com cPanel, Inc. Certification Authority	`2022-05-26` - `2022-08-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://bakersfantasy.com/dz/
Frame ID: 9E35296602ADC5F21A2D83E58804FE9A
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ING Login

Page URL History Show full URLs

http://traxxcon.com/index/t.html Page URL
https://bakersfantasy.com/dz/ Page URL

Page Statistics

11
Requests

91 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

436 kB
Transfer

432 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://traxxcon.com/index/t.html Page URL
https://bakersfantasy.com/dz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	t.html Show response traxxcon.com/index/	125 B 350 B	106ms 29ms	Document text/html	185.61.153.82 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL http://traxxcon.com/index/t.html Protocol HTTP/1.1 Server 185.61.153.82 , United Kingdom, ASN22612 (NAMECHEAP-NET, US), Reverse DNS host61.registrar-servers.com Software Apache / Resource Hash `a60fb9f6ada241c531ac79ef2822b303bdeafc533a6b03942573eccf2ef846aa` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes content-encoding gzip content-length 117 content-type text/html date Mon, 15 Aug 2022 07:22:42 GMT last-modified Tue, 09 Aug 2022 16:18:59 GMT server Apache vary Accept-Encoding
GET H/1.1	200 OK	Primary Request / Show response bakersfantasy.com/dz/	499 B 933 B	588ms 149ms	Document text/html	192.163.198.113 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://bakersfantasy.com/dz/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.163.198.113 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS server.d-98-lux-57-on-712-line.in Software Apache / Resource Hash `31dab48920c7d47e9b1a82607facbad6ee522681db935b34842c101d334c903b` Request headers Referer http://traxxcon.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Access-Control-Allow-Origin http://localhost:3000 Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Mon, 15 Aug 2022 07:22:42 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	main.2a1c621a.js Show response bakersfantasy.com/dz/static/js/	354 KB 354 KB	147ms 146ms	Script application/javascript	192.163.198.113 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://bakersfantasy.com/dz/static/js/main.2a1c621a.js Requested by Host: bakersfantasy.com URL: https://bakersfantasy.com/dz/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.163.198.113 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS server.d-98-lux-57-on-712-line.in Software Apache / Resource Hash `6c1b2f3ddd6575c9756d7937667d05bc7c907f03e2f0fb58880e73862f8a95db` Request headers accept-language de-DE,de;q=0.9 Referer https://bakersfantasy.com/dz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Mon, 15 Aug 2022 07:22:42 GMT Last-Modified Thu, 14 Jul 2022 01:34:56 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 362726
GET H/1.1	200 OK	main.e3e84063.css bakersfantasy.com/dz/static/css/	174 B 415 B	150ms 149ms	Stylesheet text/css	192.163.198.113 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://bakersfantasy.com/dz/static/css/main.e3e84063.css Requested by Host: bakersfantasy.com URL: https://bakersfantasy.com/dz/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.163.198.113 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS server.d-98-lux-57-on-712-line.in Software Apache / Resource Hash `5f38820a41857cacdd5d8783db308984a0800614001b14f391ecebb846aaeee1` Request headers accept-language de-DE,de;q=0.9 Referer https://bakersfantasy.com/dz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Mon, 15 Aug 2022 07:22:42 GMT Last-Modified Thu, 14 Jul 2022 01:34:56 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 174
GET H/1.1	200 OK	ico.svg bakersfantasy.com/dz/	16 KB 16 KB	156ms 156ms	Image image/svg+xml	192.163.198.113 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://bakersfantasy.com/dz/ico.svg Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.163.198.113 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS server.d-98-lux-57-on-712-line.in Software Apache / Resource Hash `9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf` Request headers accept-language de-DE,de;q=0.9 Referer https://bakersfantasy.com/dz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Mon, 15 Aug 2022 07:22:43 GMT Last-Modified Sat, 09 Jul 2022 19:23:28 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 16157
POST H/1.1	200 OK	page.php Show response bakersfantasy.com/dz/app-assets/php/	4 B 371 B	159ms 158ms	XHR text/html	192.163.198.113 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://bakersfantasy.com/dz/app-assets/php/page.php Requested by Host: bakersfantasy.com URL: https://bakersfantasy.com/dz/static/js/main.2a1c621a.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.163.198.113 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS server.d-98-lux-57-on-712-line.in Software Apache / Resource Hash `c627c09c14e58e44bc51622dac392958ec88244e414b508020634f53cfcd1e69` Request headers Accept / Referer https://bakersfantasy.com/dz/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Pragma no-cache Date Mon, 15 Aug 2022 07:22:44 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin http://localhost:3000 Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Keep-Alive timeout=5, max=97 Expires Thu, 19 Nov 1981 08:52:00 GMT
POST H/1.1	200 OK	/ Show response bakersfantasy.com/dz/	15 B 382 B	155ms 154ms	XHR text/html	192.163.198.113 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://bakersfantasy.com/dz/ Requested by Host: bakersfantasy.com URL: https://bakersfantasy.com/dz/static/js/main.2a1c621a.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.163.198.113 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS server.d-98-lux-57-on-712-line.in Software Apache / Resource Hash `91d1e4e0c87a9c612242cc44c9265a5e846dbfe98a11c19a73c63f42bb145da3` Request headers Accept / Referer https://bakersfantasy.com/dz/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Pragma no-cache Date Mon, 15 Aug 2022 07:22:44 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin http://localhost:3000 Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Keep-Alive timeout=5, max=99 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	ico.svg bakersfantasy.com/dz/	16 KB 16 KB	301ms 147ms	Image image/svg+xml	192.163.198.113 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://bakersfantasy.com/dz/ico.svg Requested by Host: bakersfantasy.com URL: https://bakersfantasy.com/dz/static/js/main.2a1c621a.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.163.198.113 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS server.d-98-lux-57-on-712-line.in Software Apache / Resource Hash `9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf` Request headers accept-language de-DE,de;q=0.9 Referer https://bakersfantasy.com/dz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Mon, 15 Aug 2022 07:22:45 GMT Last-Modified Sat, 09 Jul 2022 19:23:28 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 16157
GET H/1.1	200 OK	code.svg bakersfantasy.com/dz/	2 KB 2 KB	297ms 147ms	Image image/svg+xml	192.163.198.113 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://bakersfantasy.com/dz/code.svg Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.163.198.113 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS server.d-98-lux-57-on-712-line.in Software Apache / Resource Hash `9d0ce0dd87e2d9bc4171914be7b288f8388ce7c26dc58e0a465a82760e899914` Request headers accept-language de-DE,de;q=0.9 Referer https://bakersfantasy.com/dz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Mon, 15 Aug 2022 07:22:45 GMT Last-Modified Sun, 10 Jul 2022 10:25:20 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 2015
GET H/1.1	200 OK	phone.png bakersfantasy.com/dz/	44 KB 44 KB	430ms 145ms	Image image/png	192.163.198.113 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://bakersfantasy.com/dz/phone.png Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.163.198.113 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS server.d-98-lux-57-on-712-line.in Software Apache / Resource Hash `fb6ebe23316c03fd8d25e871bfdd9c41eb77e14115f5a01e3e0d97b94617779e` Request headers accept-language de-DE,de;q=0.9 Referer https://bakersfantasy.com/dz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Mon, 15 Aug 2022 07:22:45 GMT Last-Modified Sun, 10 Jul 2022 18:24:50 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 44838
POST H/1.1	200 OK	page.php Show response bakersfantasy.com/dz/app-assets/php/	4 B 371 B	158ms 158ms	XHR text/html	192.163.198.113 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://bakersfantasy.com/dz/app-assets/php/page.php Requested by Host: bakersfantasy.com URL: https://bakersfantasy.com/dz/static/js/main.2a1c621a.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.163.198.113 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS server.d-98-lux-57-on-712-line.in Software Apache / Resource Hash `c627c09c14e58e44bc51622dac392958ec88244e414b508020634f53cfcd1e69` Request headers Accept / Referer https://bakersfantasy.com/dz/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Pragma no-cache Date Mon, 15 Aug 2022 07:22:45 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin http://localhost:3000 Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Keep-Alive timeout=5, max=99 Expires Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			bakersfantasy.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: a5e616c4455c0c35914e278f138ea582

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bakersfantasy.com
traxxcon.com
185.61.153.82
192.163.198.113
31dab48920c7d47e9b1a82607facbad6ee522681db935b34842c101d334c903b
5f38820a41857cacdd5d8783db308984a0800614001b14f391ecebb846aaeee1
6c1b2f3ddd6575c9756d7937667d05bc7c907f03e2f0fb58880e73862f8a95db
91d1e4e0c87a9c612242cc44c9265a5e846dbfe98a11c19a73c63f42bb145da3
9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf
9d0ce0dd87e2d9bc4171914be7b288f8388ce7c26dc58e0a465a82760e899914
a60fb9f6ada241c531ac79ef2822b303bdeafc533a6b03942573eccf2ef846aa
c627c09c14e58e44bc51622dac392958ec88244e414b508020634f53cfcd1e69
fb6ebe23316c03fd8d25e871bfdd9c41eb77e14115f5a01e3e0d97b94617779e

bakersfantasy.com Open in urlscan Pro 192.163.198.113 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

91 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

436 kBTransfer

432 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

Indicators

bakersfantasy.com Open in urlscan Pro
192.163.198.113 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

91 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

436 kB
Transfer

432 kB
Size

1
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!