www.jacquelinekirstein.com
Open in
urlscan Pro
2606:4700:3030::ac43:aa99
Malicious Activity!
Public Scan
Effective URL: http://www.jacquelinekirstein.com/fresh/
Submission Tags: 7067258
Submission: On April 12 via api from NL
Summary
This is the only time www.jacquelinekirstein.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer) Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 13 | 2606:4700:303... 2606:4700:3030::ac43:aa99 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
12 | 5.149.255.154 5.149.255.154 | 59711 (HZ-EU-AS) (HZ-EU-AS) | |
1 1 | 103.224.212.220 103.224.212.220 | 133618 (TRELLIAN-...) (TRELLIAN-AS-AP Trellian Pty. Limited) | |
1 | 13.248.148.254 13.248.148.254 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 45.77.192.33 45.77.192.33 | 20473 (AS-CHOOPA) (AS-CHOOPA) | |
27 | 4 |
ASN13335 (CLOUDFLARENET, US)
www.jacquelinekirstein.com |
ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU)
PTR: lb-212-220.above.com
urlvalidation.com |
ASN16509 (AMAZON-02, US)
PTR: aba1c1ff9d2ec5376.awsglobalaccelerator.com
ww38.urlvalidation.com |
ASN20473 (AS-CHOOPA, US)
PTR: 45.77.192.33.vultr.com
rules.similardeals.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
jacquelinekirstein.com
1 redirects
www.jacquelinekirstein.com |
151 KB |
12 |
lancheck.net
lancheck.net |
3 KB |
2 |
similardeals.net
rules.similardeals.net |
5 KB |
2 |
urlvalidation.com
1 redirects
urlvalidation.com ww38.urlvalidation.com |
329 B |
27 | 4 |
Domain | Requested by | |
---|---|---|
13 | www.jacquelinekirstein.com |
1 redirects
www.jacquelinekirstein.com
|
12 | lancheck.net |
www.jacquelinekirstein.com
|
2 | rules.similardeals.net |
www.jacquelinekirstein.com
rules.similardeals.net |
1 | ww38.urlvalidation.com |
www.jacquelinekirstein.com
|
1 | urlvalidation.com | 1 redirects |
27 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://www.jacquelinekirstein.com/fresh/
Frame ID: 2179A81E3112E77E92D113B9167EA0A7
Requests: 27 HTTP requests in this frame
Screenshot
Page Title
Microsoft Office | Share, Upload, ExtractPage URL History Show full URLs
-
https://www.jacquelinekirstein.com/fresh
HTTP 301
http://www.jacquelinekirstein.com/fresh/ Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.jacquelinekirstein.com/fresh
HTTP 301
http://www.jacquelinekirstein.com/fresh/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- http://urlvalidation.com/whoami?jsonp=func60148 HTTP 302
- http://ww38.urlvalidation.com/whoami?jsonp=func60148
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.jacquelinekirstein.com/fresh/ Redirect Chain
|
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
whoami
www.jacquelinekirstein.com/fresh/files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
offff.png
www.jacquelinekirstein.com/fresh/files/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wrdd.png
www.jacquelinekirstein.com/fresh/files/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
e.jpg
www.jacquelinekirstein.com/fresh/files/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
p.jpg
www.jacquelinekirstein.com/fresh/files/ |
4 KB 4 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
email-validation.js
www.jacquelinekirstein.com/fresh/files/ |
97 B 916 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
oflog.png
www.jacquelinekirstein.com/fresh/files/ |
63 KB 64 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
5cfd9308c50e4f8ae9.js
www.jacquelinekirstein.com/fresh/files/ |
55 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lnkr5.js
www.jacquelinekirstein.com/fresh/files/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bac.jpg
www.jacquelinekirstein.com/fresh/files/ |
32 KB 33 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mm.jpg
www.jacquelinekirstein.com/fresh/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
lancheck.net/metric/ |
43 B 229 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
whoami
ww38.urlvalidation.com/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
get
lancheck.net/optout/ |
144 B 356 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
lancheck.net/metric/ |
43 B 229 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
lancheck.net/metric/ |
43 B 229 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
lancheck.net/metric/ |
43 B 229 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
userid
lancheck.net/optout/set/ |
0 284 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
strtm
lancheck.net/optout/set/ |
0 295 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lnkr5.min.js
lancheck.net/addons/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
www.jacquelinekirstein.com
rules.similardeals.net/v1.0/whitelist/1108/49499x1487x/ |
4 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
lancheck.net/metric/ |
43 B 229 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
lancheck.net/metric/ |
43 B 229 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
lancheck.net/metric/ |
43 B 229 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
gstats
rules.similardeals.net/f/ |
0 287 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
lancheck.net/metric/ |
43 B 229 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer) Office 365 (Online)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated function| login function| getParm object| __twb__5cfd9308c50e4f8ae9 object| _lnkr5 function| func60148 undefined| __twb_cb_243301979 function| __twb_cb_961449513 function| __twb_cb_898652052 object| EmailField1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.jacquelinekirstein.com/ | Name: __cfduid Value: d2f19ff4e31d8882cfc60dcf40348b8aa1618236226 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
lancheck.net
rules.similardeals.net
urlvalidation.com
ww38.urlvalidation.com
www.jacquelinekirstein.com
103.224.212.220
13.248.148.254
2606:4700:3030::ac43:aa99
45.77.192.33
5.149.255.154
03513176f7a21c4e8972d213100197b61a69b6ede43d41c7b5aa8bc4e8a41dd5
35a932a9200775e7c0c87f89c1a6abd42c2c2d15731f6be0fc9a6574fe8d0b46
3f2e29d6e4c9b6817cc4e3ffe11cfe3a65119002ec63cfffd84ae3b124727e93
4068f2441ef1e7b31cf1b2f3136f35587b019b03e7e654c7dd0f830296eee8c7
50c7ff69872c51c23a5a9a56e8d3605822f954bc91905a0c4e1e6679bf160cb4
66931e0018716a290916fc0dd8c0b27f61bc9ebf7af61fd1c9ccd85f8334b72b
66c97fa442aa2f6ebafdb0d50c1517cdd089b0ea68f167d0bc76181397bd19c6
a36df4f899c392d281bc99d6d2b9052d978e64b3353b97e73f4e602584a0d7a3
bef4a86a0b251bdd22f59e356f0a5732985dd02e964a3a4a7dc6fafb91e4b8f3
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d8747ec2f7f2781e5544af558f8a56bd18bbe9f50579d7efba243d109d66f31c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fcacbe9443312a9ae8d582068921b00a14781c675024452286f2a14b0373b12d
fd3a9efc656d8212f0011c21c56ce8054981a59444e597e5843d86485e2a6cc7