2bpostal.com Open in urlscan Pro
184.168.248.1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://2bpostal.com/auctions/plugins/redir.php
Submission: On December 05 via automatic, source openphish (December 5th 2017, 2:17:53 pm UTC)

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 14 HTTP transactions. The main IP is 184.168.248.1, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US. The main domain is 2bpostal.com.

This is the only time 2bpostal.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Navy Federal Credit Union (Government)

Domain & IP information

	IP Address	AS Autonomous System
1	184.168.248.1 184.168.248.1	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com)
12	91.199.38.160 91.199.38.160	44153 (SHTE) (SHTE)
14	3

1 184.168.248.1 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: p3nlhg164c1164.shr.prod.phx3.secureserver.net

2bpostal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 91.199.38.160 (Armenia)

ASN44153 (SHTE, AM)
PTR: hosting.shte.am

kotaykitem.am	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	kotaykitem.am kotaykitem.am Failed	366 KB
1	2bpostal.com 2bpostal.com	155 B
14	2

	Domain	Requested by
12	kotaykitem.am	kotaykitem.am
1	2bpostal.com
14	2

This site contains no links.

Subject Issuer	Validity	Valid
kotaykitem.am cPanel, Inc. Certification Authority	`2017-10-07` - `2018-01-05`	3 months	crt.sh

This page contains 2 frames:

Frame: https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/
Frame ID: 17393.1
Requests: 2 HTTP requests in this frame

Frame: https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/
Frame ID: 17438.1
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

14
Requests

86 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

366 kB
Transfer

366 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/ HTTP 302
https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114 HTTP 301
https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request redir.php Show response 2bpostal.com/auctions/plugins/	167 B 155 B	312ms 164ms	Document text/html	184.168.248.1 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://2bpostal.com/auctions/plugins/redir.php Protocol HTTP/1.1 Server 184.168.248.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS p3nlhg164c1164.shr.prod.phx3.secureserver.net Software Apache / Resource Hash `939bc201f379f43aaa50ad4f653262e89bac298b1144b427d66998b7c276d631` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 2bpostal.com Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 14:17:43 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding Content-Type text/html Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 155
GET		/ kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Redirect Chain https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/ https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114 https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/	0 0

GET H/1.1	200 OK	/ Show response kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Frame 1743	4 KB 4 KB	70ms 69ms	Document text/html	91.199.38.160 SHTE
General Check archive.org Show headers Download Go to Full URL https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.199.38.160 , Armenia, ASN44153 (SHTE, AM), Reverse DNS hosting.shte.am Software Apache / Resource Hash `cb8aa4740877f417474e026b9e58ada4b094918980edbab034f1051868c48c7d` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host kotaykitem.am Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://2bpostal.com/auctions/plugins/redir.php Connection keep-alive Cache-Control no-cache Upgrade-Insecure-Requests 1 Referer http://2bpostal.com/auctions/plugins/redir.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 14:17:45 GMT Last-Modified Tue, 05 Dec 2017 14:17:45 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 3605
GET H/1.1	200 OK	back.png kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/ Frame 1743	82 KB 82 KB	72ms 71ms	Image image/png	91.199.38.160 SHTE
General Check archive.org Show headers Download Go to Show image Full URL https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/back.png Requested by Host: kotaykitem.am URL: https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.199.38.160 , Armenia, ASN44153 (SHTE, AM), Reverse DNS hosting.shte.am Software Apache / Resource Hash `e5b6c663f864f822984b1c9cd2c2f0843de20809e68f5bcafd696d1f074977d0` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host kotaykitem.am User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Connection keep-alive Cache-Control no-cache Referer https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 14:17:45 GMT Last-Modified Tue, 05 Dec 2017 14:17:45 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 83731
GET H/1.1	200 OK	backfooter.png kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/ Frame 1743	163 KB 163 KB	71ms 71ms	Image image/png	91.199.38.160 SHTE
General Check archive.org Show headers Download Go to Show image Full URL https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/backfooter.png Requested by Host: kotaykitem.am URL: https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.199.38.160 , Armenia, ASN44153 (SHTE, AM), Reverse DNS hosting.shte.am Software Apache / Resource Hash `57c3f17ab358419272e35c4c14699f3982cc82fca92052fb2f4fd798331a7eb8` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host kotaykitem.am User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Connection keep-alive Cache-Control no-cache Referer https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 14:17:45 GMT Last-Modified Tue, 05 Dec 2017 14:17:45 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 166688
GET H/1.1	200 OK	morerates.png kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/ Frame 1743	19 KB 19 KB	270ms 72ms	Image image/png	91.199.38.160 SHTE
General Check archive.org Show headers Download Go to Show image Full URL https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/morerates.png Requested by Host: kotaykitem.am URL: https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.199.38.160 , Armenia, ASN44153 (SHTE, AM), Reverse DNS hosting.shte.am Software Apache / Resource Hash `67a4cab0875616c379709acc05f8df33be0ef14a920a2a21df42fa1b97f67276` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host kotaykitem.am User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Connection keep-alive Cache-Control no-cache Referer https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 14:17:46 GMT Last-Modified Tue, 05 Dec 2017 14:17:45 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 19382
GET H/1.1	200 OK	yte.png kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/ Frame 1743	4 KB 4 KB	294ms 67ms	Image image/png	91.199.38.160 SHTE
General Check archive.org Show headers Download Go to Show image Full URL https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/yte.png Requested by Host: kotaykitem.am URL: https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.199.38.160 , Armenia, ASN44153 (SHTE, AM), Reverse DNS hosting.shte.am Software Apache / Resource Hash `f542befd2f9b472384f3d211b3673b9b1d9a323248ae30d9fbbad6408a7bf6bc` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host kotaykitem.am User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Connection keep-alive Cache-Control no-cache Referer https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 14:17:46 GMT Last-Modified Tue, 05 Dec 2017 14:17:45 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 4315
GET H/1.1	200 OK	2.png kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/ Frame 1743	399 B 399 B	309ms 76ms	Image image/png	91.199.38.160 SHTE
General Check archive.org Show headers Download Go to Show image Full URL https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/2.png Requested by Host: kotaykitem.am URL: https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.199.38.160 , Armenia, ASN44153 (SHTE, AM), Reverse DNS hosting.shte.am Software Apache / Resource Hash `cf6b94131d83133ba600247f8816d6aa0bc52aa362df530fc0021d928d8f1652` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host kotaykitem.am User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Connection keep-alive Cache-Control no-cache Referer https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 14:17:46 GMT Last-Modified Tue, 05 Dec 2017 14:17:45 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 399
GET H/1.1	200 OK	join.png kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/ Frame 1743	2 KB 2 KB	341ms 74ms	Image image/png	91.199.38.160 SHTE
General Check archive.org Show headers Download Go to Show image Full URL https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/join.png Requested by Host: kotaykitem.am URL: https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.199.38.160 , Armenia, ASN44153 (SHTE, AM), Reverse DNS hosting.shte.am Software Apache / Resource Hash `562f576da2fed2dad444356920b5b1b6899960938588da661172c7e0c8117d6f` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host kotaykitem.am User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Connection keep-alive Cache-Control no-cache Referer https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 14:17:46 GMT Last-Modified Tue, 05 Dec 2017 14:17:45 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 2380
GET H/1.1	200 OK	ttt.png kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/ Frame 1743	10 KB 10 KB	229ms 87ms	Image image/png	91.199.38.160 SHTE
General Check archive.org Show headers Download Go to Show image Full URL https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/ttt.png Requested by Host: kotaykitem.am URL: https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.199.38.160 , Armenia, ASN44153 (SHTE, AM), Reverse DNS hosting.shte.am Software Apache / Resource Hash `8e8fade0858ab77cd93c743a670d4aa6511993d11d6098e86e5fc11302eb290b` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host kotaykitem.am User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Connection keep-alive Cache-Control no-cache Referer https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 14:17:46 GMT Last-Modified Tue, 05 Dec 2017 14:17:45 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 10683
GET H/1.1	200 OK	logo.png kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/ Frame 1743	12 KB 12 KB	263ms 71ms	Image image/png	91.199.38.160 SHTE
General Check archive.org Show headers Download Go to Show image Full URL https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/logo.png Requested by Host: kotaykitem.am URL: https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.199.38.160 , Armenia, ASN44153 (SHTE, AM), Reverse DNS hosting.shte.am Software Apache / Resource Hash `f1e4acad2c7344a5bd5155f45ea31cf82bd817ef84a4577f975c910f8fa601ed` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host kotaykitem.am User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Connection keep-alive Cache-Control no-cache Referer https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 14:17:46 GMT Last-Modified Tue, 05 Dec 2017 14:17:45 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 12385
GET H/1.1	200 OK	wooo.png kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/ Frame 1743	9 KB 9 KB	188ms 68ms	Image image/png	91.199.38.160 SHTE
General Check archive.org Show headers Download Go to Show image Full URL https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/wooo.png Requested by Host: kotaykitem.am URL: https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.199.38.160 , Armenia, ASN44153 (SHTE, AM), Reverse DNS hosting.shte.am Software Apache / Resource Hash `7e7cd27fa290740080d0aa44c4bd8b65dfebdcecec295b412e9e34ede93daced` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host kotaykitem.am User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Connection keep-alive Cache-Control no-cache Referer https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 14:17:46 GMT Last-Modified Tue, 05 Dec 2017 14:17:45 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 8894
GET H/1.1	200 OK	footer.png kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/ Frame 1743	59 KB 59 KB	226ms 85ms	Image image/png	91.199.38.160 SHTE
General Check archive.org Show headers Download Go to Show image Full URL https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/footer.png Requested by Host: kotaykitem.am URL: https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.199.38.160 , Armenia, ASN44153 (SHTE, AM), Reverse DNS hosting.shte.am Software Apache / Resource Hash `4efc42aa8689c22f26e728cfb4cb93f60ce4c26f098fdf125feb3db2f2c0bf4f` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host kotaykitem.am User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Connection keep-alive Cache-Control no-cache Referer https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 14:17:46 GMT Last-Modified Tue, 05 Dec 2017 14:17:45 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 60835
GET H/1.1	200 OK	signin.png kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/ Frame 1743	1 KB 1 KB	194ms 71ms	Image image/png	91.199.38.160 SHTE
General Check archive.org Show headers Download Go to Show image Full URL https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/images/signin.png Requested by Host: kotaykitem.am URL: https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.199.38.160 , Armenia, ASN44153 (SHTE, AM), Reverse DNS hosting.shte.am Software Apache / Resource Hash `fa5705c6bac7e05898b892196168c7470c4903ee0702a8fc8b83f8531455cf3f` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host kotaykitem.am User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ Connection keep-alive Cache-Control no-cache Referer https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 14:17:46 GMT Last-Modified Tue, 05 Dec 2017 14:17:45 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1180

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: kotaykitem.am
URL: https://kotaykitem.am/wp-includes/js/link.tk/navyfederal.org/navyfederal.org/home/f9bc0f9e2572581b61132d402c4cb114/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Navy Federal Credit Union (Government)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| unhideBody

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2bpostal.com
kotaykitem.am
kotaykitem.am
184.168.248.1
91.199.38.160
4efc42aa8689c22f26e728cfb4cb93f60ce4c26f098fdf125feb3db2f2c0bf4f
562f576da2fed2dad444356920b5b1b6899960938588da661172c7e0c8117d6f
57c3f17ab358419272e35c4c14699f3982cc82fca92052fb2f4fd798331a7eb8
67a4cab0875616c379709acc05f8df33be0ef14a920a2a21df42fa1b97f67276
7e7cd27fa290740080d0aa44c4bd8b65dfebdcecec295b412e9e34ede93daced
8e8fade0858ab77cd93c743a670d4aa6511993d11d6098e86e5fc11302eb290b
939bc201f379f43aaa50ad4f653262e89bac298b1144b427d66998b7c276d631
cb8aa4740877f417474e026b9e58ada4b094918980edbab034f1051868c48c7d
cf6b94131d83133ba600247f8816d6aa0bc52aa362df530fc0021d928d8f1652
e5b6c663f864f822984b1c9cd2c2f0843de20809e68f5bcafd696d1f074977d0
f1e4acad2c7344a5bd5155f45ea31cf82bd817ef84a4577f975c910f8fa601ed
f542befd2f9b472384f3d211b3673b9b1d9a323248ae30d9fbbad6408a7bf6bc
fa5705c6bac7e05898b892196168c7470c4903ee0702a8fc8b83f8531455cf3f

2bpostal.com Open in urlscan Pro 184.168.248.1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

14 Requests

86 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

366 kBTransfer

366 kBSize

0 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

2bpostal.com Open in urlscan Pro
184.168.248.1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

86 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

366 kB
Transfer

366 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!