0.redstringline.com Open in urlscan Pro
188.166.68.96 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://acnewleafhandbook.com/ft/index.html
Effective URL:
https://0.redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart
Submission: On July 25 via automatic, source openphish (July 25th 2022, 1:20:01 pm UTC) — Scanned from DE

Summary HTTP 23 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 5 countries across 6 domains to perform 23 HTTP transactions. The main IP is 188.166.68.96, located in Amsterdam, Netherlands and belongs to DIGITALOCEAN-ASN, US. The main domain is 0.redstringline.com.
TLS certificate: Issued by R3 on June 30th 2022. Valid for: 3 months.

This is the only time 0.redstringline.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Made in China (Supplychain)

Domain & IP information

	IP Address	AS Autonomous System
8	66.33.213.115 66.33.213.115	26347 (DREAMHOST-AS) (DREAMHOST-AS)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	101.99.95.147 101.99.95.147	201133 (VERDINA) (VERDINA)
3	104.18.20.229 104.18.20.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	91.211.91.104 91.211.91.104	206638 (HOSTFORY) (HOSTFORY)
3	188.166.68.96 188.166.68.96	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
23	8

8 66.33.213.115 (United States)

ASN26347 (DREAMHOST-AS, US)
PTR: apache2-dap.bulldog.dreamhost.com

acnewleafhandbook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 101.99.95.147 (Malaysia)

ASN201133 (VERDINA, BZ)
PTR: vps.euromeds.to

trick.cofounderspecials.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.20.229 (None, )

ASN13335 (CLOUDFLARENET, US)

www.micstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.211.91.104 (Ukraine) 1 redirects

ASN206638 (HOSTFORY, UA)

door.cofounderspecials.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 188.166.68.96 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

redstringline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0.redstringline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	acnewleafhandbook.com acnewleafhandbook.com	152 KB
4	cofounderspecials.com 1 redirects trick.cofounderspecials.com door.cofounderspecials.com Failed	5 KB
3	redstringline.com redstringline.com Failed 0.redstringline.com	81 KB
3	micstatic.com www.micstatic.com — Cisco Umbrella Rank: 113072 pylon.micstatic.com Failed	35 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 737 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2151	29 KB
0	made-in-china.com Failed www.made-in-china.com Failed
23	6

	Domain	Requested by
8	acnewleafhandbook.com	acnewleafhandbook.com
3	www.micstatic.com	acnewleafhandbook.com
2	0.redstringline.com	acnewleafhandbook.com
2	door.cofounderspecials.com	trick.cofounderspecials.com
2	trick.cofounderspecials.com	acnewleafhandbook.com trick.cofounderspecials.com
1	redstringline.com	door.cofounderspecials.com
1	stackpath.bootstrapcdn.com	acnewleafhandbook.com
1	maxcdn.bootstrapcdn.com	acnewleafhandbook.com
0	pylon.micstatic.com Failed	www.micstatic.com
0	www.made-in-china.com Failed	www.micstatic.com
23	10

This site contains no links.

Subject Issuer	Validity	Valid
www.acnewleafhandbook.com R3	`2022-07-11` - `2022-10-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-29` - `2023-01-29`	a year	crt.sh
trick.cofounderspecials.com R3	`2022-07-24` - `2022-10-22`	3 months	crt.sh
*.micstatic.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-02` - `2023-01-02`	a year	crt.sh
door.cofounderspecials.com R3	`2022-07-25` - `2022-10-23`	3 months	crt.sh
redstringline.com R3	`2022-06-30` - `2022-09-28`	3 months	crt.sh

This page contains 2 frames:

Frame: https://0.redstringline.com/?auf=ga3tomjshe5diojygyxtomzyg4xtemzpge3dkobxgu2tcojz&s=1&sub1=&sub2=coolheart&sub3=&sub4=&cpc=0&cpm=0
Frame ID: 395B906D2C0FACA7E3E92DB9AD562F75
Requests: 24 HTTP requests in this frame

Frame: https://www.made-in-china.com/faw-store.html
Frame ID: 9D0E675D63E482B2B5928B2CB5E74D10
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://acnewleafhandbook.com/ft/index.html Page URL
https://door.cofounderspecials.com/way.php?pid=553246&kid=685&uid=456389&mid=689332 HTTP 302
https://door.cofounderspecials.com/way.php?cid=436757&lid=88443&tid=65478433 Page URL
https://redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart Page URL
https://0.redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

23
Requests

83 %
HTTPS

29 %
IPv6

6
Domains

10
Subdomains

8
IPs

5
Countries

301 kB
Transfer

640 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://acnewleafhandbook.com/ft/index.html Page URL
https://door.cofounderspecials.com/way.php?pid=553246&kid=685&uid=456389&mid=689332 HTTP 302
https://door.cofounderspecials.com/way.php?cid=436757&lid=88443&tid=65478433 Page URL
https://redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart Page URL
https://0.redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18

https://door.cofounderspecials.com/way.php?pid=553246&kid=685&uid=456389&mid=689332 HTTP 302
https://door.cofounderspecials.com/way.php?cid=436757&lid=88443&tid=65478433

23 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 index.html Show response
acnewleafhandbook.com/ft/ 16 KB
5 KB 650ms
99ms Document
text/html 66.33.213.115
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acnewleafhandbook.com/ft/index.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.33.213.115 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-dap.bulldog.dreamhost.com
Software: Apache /
Resource Hash: c997e1408678728bd3549aab53d224742c998406b150cc51fe65b845a0611315

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=600
content-encoding: gzip
content-length: 5243
content-type: text/html
date: Mon, 25 Jul 2022 13:19:56 GMT
etag: "413c-5e48d9deaa5b5-gzip"
expires: Mon, 25 Jul 2022 13:29:56 GMT
last-modified: Sun, 24 Jul 2022 14:09:34 GMT
server: Apache
vary: Accept-Encoding,User-Agent

GET
H2 200 jquery.min.js Show response
acnewleafhandbook.com/ft/js/ 86 KB
30 KB 195ms
195ms Script
application/javascript 66.33.213.115
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acnewleafhandbook.com/ft/js/jquery.min.js
Requested by: Host: acnewleafhandbook.com
URL: https://acnewleafhandbook.com/ft/index.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.33.213.115 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-dap.bulldog.dreamhost.com
Software: Apache /
Resource Hash: 0bde201583d626aeb8100e033b19854d33de3b98ac083441c71012bd8ba15210

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acnewleafhandbook.com/ft/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 13:19:57 GMT
content-encoding: gzip
last-modified: Sun, 24 Jul 2022 18:13:12 GMT
server: Apache
etag: "15966-5e4910532defe-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Wed, 24 Aug 2022 13:19:57 GMT

GET
H2 200 jquery-3.1.1.min.js Show response
acnewleafhandbook.com/ft/js/ 85 KB
30 KB 196ms
195ms Script
application/javascript 66.33.213.115
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acnewleafhandbook.com/ft/js/jquery-3.1.1.min.js
Requested by: Host: acnewleafhandbook.com
URL: https://acnewleafhandbook.com/ft/index.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.33.213.115 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-dap.bulldog.dreamhost.com
Software: Apache /
Resource Hash: e65e86fddc1b72935d9b37afd5e5589ca9ee4eecf1878acb3ab8a6074ffdf64d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acnewleafhandbook.com/ft/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 13:19:57 GMT
content-encoding: gzip
last-modified: Sun, 24 Jul 2022 14:09:34 GMT
server: Apache
etag: "152bb-5e48d9deaf3d5-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Wed, 24 Aug 2022 13:19:57 GMT

GET
H2 200 jquery-3.3.1.js Show response
acnewleafhandbook.com/ft/js/ 19 KB
8 KB 102ms
102ms Script
application/javascript 66.33.213.115
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acnewleafhandbook.com/ft/js/jquery-3.3.1.js
Requested by: Host: acnewleafhandbook.com
URL: https://acnewleafhandbook.com/ft/index.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.33.213.115 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-dap.bulldog.dreamhost.com
Software: Apache /
Resource Hash: 27b05c2cd5603876cf934d151c35b0edd60ea8f78791553e37533e266e416392

Request headers

Referer: https://acnewleafhandbook.com/ft/index.html
Origin: https://acnewleafhandbook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 13:19:57 GMT
content-encoding: gzip
last-modified: Sun, 24 Jul 2022 14:09:34 GMT
server: Apache
etag: "4c09-5e48d9deb0375-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 7920
expires: Wed, 24 Aug 2022 13:19:57 GMT

GET
H2 200 logon_40922b23.css
acnewleafhandbook.com/ft/css/ 126 KB
20 KB 104ms
103ms Stylesheet
text/css 66.33.213.115
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acnewleafhandbook.com/ft/css/logon_40922b23.css
Requested by: Host: acnewleafhandbook.com
URL: https://acnewleafhandbook.com/ft/index.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.33.213.115 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-dap.bulldog.dreamhost.com
Software: Apache /
Resource Hash: fc866e700468e2bd3c224d7020dff638261bae728e95b1fc6baf9ebaff904087

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acnewleafhandbook.com/ft/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 13:19:57 GMT
content-encoding: gzip
last-modified: Sun, 24 Jul 2022 14:09:34 GMT
server: Apache
etag: "1f724-5e48d9dea3856-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
expires: Wed, 24 Aug 2022 13:19:57 GMT

GET
H2 200 sign-default-buyer.jpg
acnewleafhandbook.com/ft/images/ 58 KB
58 KB 112ms
111ms Image
image/jpeg 66.33.213.115
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://acnewleafhandbook.com/ft/images/sign-default-buyer.jpg
Requested by: Host: acnewleafhandbook.com
URL: https://acnewleafhandbook.com/ft/index.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.33.213.115 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-dap.bulldog.dreamhost.com
Software: Apache /
Resource Hash: 844419cc2fe07888ab11bb6dd264a3d66225851ad62645dfc3044657e9963af3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acnewleafhandbook.com/ft/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 13:19:57 GMT
last-modified: Sun, 24 Jul 2022 14:09:34 GMT
server: Apache
etag: "e7c4-5e48d9dea8676"
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 59332
expires: Wed, 24 Aug 2022 13:19:57 GMT

GET
H2 200 jquery-3.2.1.slim.min.js Show response
acnewleafhandbook.com/ft/js/ 97 B
179 B 246ms
245ms Script
text/html 66.33.213.115
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acnewleafhandbook.com/ft/js/jquery-3.2.1.slim.min.js
Requested by: Host: acnewleafhandbook.com
URL: https://acnewleafhandbook.com/ft/index.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.33.213.115 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-dap.bulldog.dreamhost.com
Software: Apache /
Resource Hash: b2aeebb909a7aed0177bec639a61d659e637d76c9ceb19e7f52c6bafe8160501

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acnewleafhandbook.com/ft/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 13:19:57 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
cache-control: max-age=600
content-length: 106
expires: Mon, 25 Jul 2022 13:29:57 GMT

GET
H2 200 popper.min.js Show response
acnewleafhandbook.com/ft/js/ 97 B
137 B 179ms
178ms Script
text/html 66.33.213.115
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acnewleafhandbook.com/ft/js/popper.min.js
Requested by: Host: acnewleafhandbook.com
URL: https://acnewleafhandbook.com/ft/index.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.33.213.115 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-dap.bulldog.dreamhost.com
Software: Apache /
Resource Hash: b2aeebb909a7aed0177bec639a61d659e637d76c9ceb19e7f52c6bafe8160501

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acnewleafhandbook.com/ft/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 13:19:57 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
cache-control: max-age=600
content-length: 106
expires: Mon, 25 Jul 2022 13:29:57 GMT

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 48 KB
14 KB 48ms
30ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

Requested by

Host: acnewleafhandbook.com
URL: https://acnewleafhandbook.com/ft/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acnewleafhandbook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 13:19:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 617, 617, 617
age: 15657892
cdn-cachedat: 2021-06-08 14:29:21
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 395e10f82368220a7b7579d8f1c28956
cf-ray: 730530afb8febbbf-FRA
cdn-requestcountrycode: US
cdn-requestpullsuccess: True

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 50 KB
15 KB 34ms
18ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

Requested by

Host: acnewleafhandbook.com
URL: https://acnewleafhandbook.com/ft/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acnewleafhandbook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 13:19:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 723
age: 12696076
cdn-cachedat: 11/15/2021 23:30:00
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn-proxyver: 1.0
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: a35b0179a28ed953258d0fb41376a09c
cf-ray: 730530afbcd29113-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H/1.1 200
OK track.js Show response
trick.cofounderspecials.com/ 6 KB
2 KB 155ms
31ms Script
application/javascript 101.99.95.147
VERDINA

General

Check archive.org

Show headers Download Go to

Full URL: https://trick.cofounderspecials.com/track.js?v=5.555
Requested by: Host: acnewleafhandbook.com
URL: https://acnewleafhandbook.com/ft/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 101.99.95.147 , Malaysia, ASN201133 (VERDINA, BZ),
Reverse DNS: vps.euromeds.to
Software: nginx /
Resource Hash: 13092800253619e1ce13ad7e28673e40452f3fed09037e2058166273fbaf434d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acnewleafhandbook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Mon, 25 Jul 2022 13:19:57 GMT
Content-Encoding: gzip
Last-Modified: Mon, 25 Jul 2022 11:30:23 GMT
Server: nginx
ETag: W/"62de7ecf-176b"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 logo_d0822075.png
www.micstatic.com/common/img/logo-2019/ 5 KB
5 KB 83ms
16ms Image
image/png 104.18.20.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.micstatic.com/common/img/logo-2019/logo_d0822075.png?v=2
Requested by: Host: acnewleafhandbook.com
URL: https://acnewleafhandbook.com/ft/css/logon_40922b23.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.20.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 488ea251bdaf29ab45c94699fef89ad3368bfef0c0f24b671dcbefd4e474679d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acnewleafhandbook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 13:19:57 GMT
cf-cache-status: HIT
last-modified: Wed, 16 Jun 2021 11:14:07 GMT
server: cloudflare
age: 48148
etag: "60c9dcff-120d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 730530b00f3e9957-FRA
content-length: 4621
expires: Thu, 22 Jul 2032 13:19:57 GMT

GET
H2 200 micon_3425a96d.woff2
www.micstatic.com/common/font/micon/micon-2/ 25 KB
25 KB 85ms
21ms Font
font/woff2 104.18.20.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.micstatic.com/common/font/micon/micon-2/micon_3425a96d.woff2?v=20201103
Requested by: Host: acnewleafhandbook.com
URL: https://acnewleafhandbook.com/ft/css/logon_40922b23.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.20.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18a097b5625eaee94db4a26223016d2f31b7b5f5529bc599ea183f551e5c13d3

Request headers

Referer: https://acnewleafhandbook.com/
Origin: https://acnewleafhandbook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 13:19:57 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jun 2022 11:17:37 GMT
server: cloudflare
age: 30311
etag: "629f33d1-6478"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 730530b00a9dbb53-FRA
content-length: 25720
expires: Thu, 22 Jul 2032 13:19:57 GMT

GET
H2 200 faw.1.0.0.js Show response
www.micstatic.com/common/js/libs/faw/ 12 KB
5 KB 15ms
15ms Script
application/javascript 104.18.20.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.micstatic.com/common/js/libs/faw/faw.1.0.0.js?r=1634120031144
Requested by: Host: acnewleafhandbook.com
URL: https://acnewleafhandbook.com/ft/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.20.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1c95b6fb809e633322e011fe013c565faeb61264527ce028d53387fba3b4924

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acnewleafhandbook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 13:19:57 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 10 Sep 2021 13:44:55 GMT
server: cloudflare
age: 36788
etag: W/"613b6157-3042"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=315360000
cf-ray: 730530b088039957-FRA
expires: Thu, 22 Jul 2032 13:19:57 GMT

GET
H/1.1 200
OK way.js Show response
trick.cofounderspecials.com/ 3 KB
1 KB 81ms
81ms Script
application/javascript 101.99.95.147
VERDINA

General

Check archive.org

Show headers Download Go to

Full URL: https://trick.cofounderspecials.com/way.js?v=0.5.8
Requested by: Host: trick.cofounderspecials.com
URL: https://trick.cofounderspecials.com/track.js?v=5.555
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 101.99.95.147 , Malaysia, ASN201133 (VERDINA, BZ),
Reverse DNS: vps.euromeds.to
Software: nginx /
Resource Hash: 4df8cca6c99a24a33c327873b74c3e7b2a0fa1e40b83808448167e094fba73aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acnewleafhandbook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Mon, 25 Jul 2022 13:19:57 GMT
Content-Encoding: gzip
Last-Modified: Mon, 25 Jul 2022 11:37:24 GMT
Server: nginx
ETag: W/"62de8074-aef"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET faw-store.html
www.made-in-china.com/ Frame 9D0E 0
0

GET probe.min.js
pylon.micstatic.com/gb/js/assets/probe/ 0
0

GET way.php
door.cofounderspecials.com/ 0
0

GET
H2

200

way.php
door.cofounderspecials.com/
Redirect Chain

https://door.cofounderspecials.com/way.php?pid=553246&kid=685&uid=456389&mid=689332
https://door.cofounderspecials.com/way.php?cid=436757&lid=88443&tid=65478433

820 B
554 B

77ms
76ms

Document
text/html

91.211.91.104
HOSTFORY

General

Check archive.org

Show headers Download Go to

Full URL

https://door.cofounderspecials.com/way.php?cid=436757&lid=88443&tid=65478433

Requested by

Host: trick.cofounderspecials.com
URL: https://trick.cofounderspecials.com/way.js?v=0.5.8

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

91.211.91.104 , Ukraine, ASN206638 (HOSTFORY, UA),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000;

Request headers

Referer: https://acnewleafhandbook.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-length: 412
content-type: text/html; charset=UTF-8
date: Mon, 25 Jul 2022 13:19:58 GMT
server: nginx
strict-transport-security: max-age=15768000;
vary: Accept-Encoding

Redirect headers

content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 25 Jul 2022 13:19:58 GMT
location: https://door.cofounderspecials.com/way.php?cid=436757&lid=88443&tid=65478433
server: nginx
strict-transport-security: max-age=15768000;

GET /
redstringline.com/ 0
0

GET
H2 200 / Show response
redstringline.com/ 28 KB
28 KB 125ms
20ms Document
text/html 188.166.68.96
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart

Requested by

Host: door.cofounderspecials.com
URL: https://door.cofounderspecials.com/way.php?cid=436757&lid=88443&tid=65478433

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

188.166.68.96 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

e3dd2de586fd816ff8d4abf31db24132838abdfe4a527ebf9cdcdba7cd261ac5

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://door.cofounderspecials.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
content-security-policy: img-src https: data:; upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 25 Jul 2022 13:19:58 GMT
server: nginx
strict-transport-security: max-age=31536000

GET
DATA 200
OK truncated
/ 13 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1179d91e241cbea26748f5c37c22e29e7536e7ebdef99a5e0588f52d224097fb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Primary Request / Show response
0.redstringline.com/ 52 KB
52 KB 469ms
21ms Document
text/html 188.166.68.96
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://0.redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart

Requested by

Host: acnewleafhandbook.com
URL: https://acnewleafhandbook.com/ft/index.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

188.166.68.96 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

1b82935f6c173cfb253d9ac3b0d43ed8faf6fa97e2b1016918ee3600ff3de263

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://redstringline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
content-security-policy: img-src https: data:; upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 25 Jul 2022 13:19:59 GMT
server: nginx
strict-transport-security: max-age=31536000

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6600e628d105299a9954bb85edc818356f1ec6136ba5d503dc39b2b3de8526c7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 / Show response
0.redstringline.com/ 0
264 B 517ms
516ms Document
text/html 188.166.68.96
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://0.redstringline.com/?auf=ga3tomjshe5diojygyxtomzyg4xtemzpge3dkobxgu2tcojz&s=1&sub1=&sub2=coolheart&sub3=&sub4=&cpc=0&cpm=0

Requested by

Host: acnewleafhandbook.com
URL: https://acnewleafhandbook.com/ft/index.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

188.166.68.96 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://0.redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
content-security-policy: img-src https: data:; upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 25 Jul 2022 13:19:59 GMT
server: nginx
strict-transport-security: max-age=31536000

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.made-in-china.com
URL: https://www.made-in-china.com/faw-store.html

Domain: pylon.micstatic.com
URL: https://pylon.micstatic.com/gb/js/assets/probe/probe.min.js?r=1634120031144

Domain: door.cofounderspecials.com
URL: https://door.cofounderspecials.com/way.php?pid=553246&kid=685&uid=456389&mid=689332

Domain: redstringline.com
URL: https://redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Made in China (Supplychain)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
acnewleafhandbook.com/	1970-01-20 04:46:38	Name: servicewaysss Value: yes
.redstringline.com/	1970-01-20 05:29:07	Name: uuid Value: c4c005da-81e6-48e1-8c19-1f796c9e42cb
.0.redstringline.com/	1970-01-20 05:29:07	Name: uuid Value: c4c005da-81e6-48e1-8c19-1f796c9e42cb
0.redstringline.com/	1970-01-20 05:29:07	Name: uuid Value: c4c005da-81e6-48e1-8c19-1f796c9e42cb

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://acnewleafhandbook.com/ft/index.html Message: Failed to find a valid digest in the 'integrity' attribute for resource 'https://acnewleafhandbook.com/ft/js/jquery-3.3.1.js' with computed SHA-256 integrity 'mX5zwt/rHA+CDNDoNWkUroMbSi5Xk45kwqKYfSvzp48='. The resource has been blocked.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.redstringline.com
acnewleafhandbook.com
door.cofounderspecials.com
maxcdn.bootstrapcdn.com
pylon.micstatic.com
redstringline.com
stackpath.bootstrapcdn.com
trick.cofounderspecials.com
www.made-in-china.com
www.micstatic.com
door.cofounderspecials.com
pylon.micstatic.com
redstringline.com
www.made-in-china.com
101.99.95.147
104.18.20.229
188.166.68.96
2606:4700::6812:acf
2606:4700::6812:bcf
66.33.213.115
91.211.91.104
0bde201583d626aeb8100e033b19854d33de3b98ac083441c71012bd8ba15210
1179d91e241cbea26748f5c37c22e29e7536e7ebdef99a5e0588f52d224097fb
13092800253619e1ce13ad7e28673e40452f3fed09037e2058166273fbaf434d
18a097b5625eaee94db4a26223016d2f31b7b5f5529bc599ea183f551e5c13d3
1b82935f6c173cfb253d9ac3b0d43ed8faf6fa97e2b1016918ee3600ff3de263
27b05c2cd5603876cf934d151c35b0edd60ea8f78791553e37533e266e416392
488ea251bdaf29ab45c94699fef89ad3368bfef0c0f24b671dcbefd4e474679d
4df8cca6c99a24a33c327873b74c3e7b2a0fa1e40b83808448167e094fba73aa
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
6600e628d105299a9954bb85edc818356f1ec6136ba5d503dc39b2b3de8526c7
844419cc2fe07888ab11bb6dd264a3d66225851ad62645dfc3044657e9963af3
a1c95b6fb809e633322e011fe013c565faeb61264527ce028d53387fba3b4924
b2aeebb909a7aed0177bec639a61d659e637d76c9ceb19e7f52c6bafe8160501
c997e1408678728bd3549aab53d224742c998406b150cc51fe65b845a0611315
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3dd2de586fd816ff8d4abf31db24132838abdfe4a527ebf9cdcdba7cd261ac5
e65e86fddc1b72935d9b37afd5e5589ca9ee4eecf1878acb3ab8a6074ffdf64d
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
fc866e700468e2bd3c224d7020dff638261bae728e95b1fc6baf9ebaff904087

0.redstringline.com Open in urlscan Pro 188.166.68.96 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

83 %HTTPS

29 %IPv6

6 Domains

10 Subdomains

8 IPs

5 Countries

301 kBTransfer

640 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

4 Cookies

1 Console Messages

Indicators

0.redstringline.com Open in urlscan Pro
188.166.68.96 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

83 %
HTTPS

29 %
IPv6

6
Domains

10
Subdomains

8
IPs

5
Countries

301 kB
Transfer

640 kB
Size

4
Cookies

23 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!