jastforu.com Open in urlscan Pro
69.197.134.250 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://jastforu.com/wp-includes/js/file/document/verification.php
Submission: On May 14 via automatic, source openphish (May 14th 2019, 12:03:07 pm UTC)

Summary HTTP 69 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 10 IPs in 4 countries across 9 domains to perform 69 HTTP transactions. The main IP is 69.197.134.250, located in Kansas City, United States and belongs to WII - WholeSale Internet, Inc., US. The main domain is jastforu.com.

This is the only time jastforu.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
48	69.197.134.250 69.197.134.250	32097 (WII) (WII - WholeSale Internet)
2	2a02:26f0:6c0... 2a02:26f0:6c00:29f::34ef	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:81d::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
8	207.244.103.144 207.244.103.144	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC-01 - Leaseweb USA)
2	2a02:26f0:6c0... 2a02:26f0:6c00:18d::1931	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:814::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
2	2a00:1450:400... 2a00:1450:4001:81f::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2607:f8b0:400... 2607:f8b0:400e:c09::5e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	151.101.0.84 151.101.0.84	54113 (FASTLY) (FASTLY - Fastly)
69	10

48 69.197.134.250 (Kansas City, United States)

ASN32097 (WII - WholeSale Internet, Inc., US)
PTR: fassh2-us.jashoreit.com

jastforu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:29f::34ef (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

auth.gfx.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 207.244.103.144 (Vienna, United States)

ASN30633 (LEASEWEB-USA-WDC-01 - Leaseweb USA, Inc., US)
PTR: pukkathemes.com

demo.pukkathemes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:18d::1931 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

assets.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8083:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:400e:c09::5e (United States)

ASN15169 (GOOGLE - Google LLC, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.0.84 (United States)

ASN54113 (FASTLY - Fastly, US)

log.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	jastforu.com jastforu.com	966 KB
8	pukkathemes.com demo.pukkathemes.com	8 KB
3	pinterest.com assets.pinterest.com log.pinterest.com	19 KB
2	gstatic.com csi.gstatic.com	624 B
2	google.com apis.google.com	66 KB
2	googleapis.com fonts.googleapis.com	2 KB
2	gfx.ms auth.gfx.ms	293 KB
1	facebook.com www.facebook.com
1	google-analytics.com www.google-analytics.com	17 KB
69	9

	Domain	Requested by
48	jastforu.com	jastforu.com
8	demo.pukkathemes.com	jastforu.com
2	csi.gstatic.com	jastforu.com
2	apis.google.com	jastforu.com apis.google.com
2	assets.pinterest.com	jastforu.com
2	fonts.googleapis.com	jastforu.com
2	auth.gfx.ms	jastforu.com
1	log.pinterest.com	assets.pinterest.com
1	www.facebook.com	jastforu.com
1	www.google-analytics.com	jastforu.com
69	10

This site contains links to these domains. Also see Links.

Domain
account.live.com
login.live.com

Subject Issuer	Validity	Valid
msagfx.live.com Microsoft IT TLS CA 4	`2017-07-27` - `2019-07-17`	2 years	crt.sh
*.pinterest.com DigiCert SHA2 High Assurance Server CA	`2019-01-10` - `2019-06-26`	6 months	crt.sh
*.google.com Google Internet Authority G3	`2019-04-16` - `2019-07-09`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-04-22` - `2019-07-21`	3 months	crt.sh
*.apis.google.com Google Internet Authority G3	`2019-04-16` - `2019-07-09`	3 months	crt.sh

This page contains 3 frames:

Primary Page: http://jastforu.com/wp-includes/js/file/document/verification.php
Frame ID: 83E0E60419F669BBBF10E7E0920B31B8
Requests: 6 HTTP requests in this frame

Frame: http://jastforu.com/wp-includes/js/file/document/files/prefetch.html
Frame ID: 313CE26F9A045E7EF15ABA08563E4BC4
Requests: 62 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2Fjastforucom%2F&width=267&colorscheme=light&show_faces=true&show_border=false&stream=false&header=false&height=260
Frame ID: 89B9668DE5A03FF3FE2E0242CF484F85
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

69
Requests

13 %
HTTPS

70 %
IPv6

9
Domains

10
Subdomains

10
IPs

4
Countries

1371 kB
Transfer

1550 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3fwa%3dwsignin1.0%26rpsnv%3d13%26ct%3d1493260925%26rver%3d6.7.6640.0%26wp%3dMBI_SSL%26wreply%3dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%26id%3d292841%26CBCXT%3dout%26fl%3dwld%26cobrandid%3d90015%26uaid%3da8d60e23f71e4b599fedbd2dd6b98946%26pid%3d0%26contextid%3d0EE9DFF844DE79AF%26bk%3d1500403644&id=292841&uiflavor=web&cobrandid=90015&uaid=a8d60e23f71e4b599fedbd2dd6b98946&mkt=EN-US&lc=1033&bk=1500403644
Title: Forgot my password

Search URL Search Domain Scan URL

URL: https://login.live.com/logout.srf?wa=wsignin1.0&rpsnv=13&ct=1493260925&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1&id=292841&CBCXT=out&fl=wld&cobrandid=90015&uaid=a8d60e23f71e4b599fedbd2dd6b98946&pid=0&contextid=0EE9DFF844DE79AF&ru=https://outlook.live.com/owa/%3fnlp%3d1&bk=1500403644&lm=I
Title: Sign in with a different Microsoft account

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=EN-US&vv=1600
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=EN-US&vv=1600
Title: Privacy & Cookies

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 58

http://assets.pinterest.com/js/pinit.js HTTP 307
https://assets.pinterest.com/js/pinit.js

Request Chain 59

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 60

http://www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2Fjastforucom%2F&width=267&colorscheme=light&show_faces=true&show_border=false&stream=false&header=false&height=260 HTTP 307
https://www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2Fjastforucom%2F&width=267&colorscheme=light&show_faces=true&show_border=false&stream=false&header=false&height=260

Request Chain 64

http://assets.pinterest.com/js/pinit_main.js?0.34749048829219253 HTTP 307
https://assets.pinterest.com/js/pinit_main.js?0.34749048829219253

69 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set verification.php Show response
jastforu.com/wp-includes/js/file/document/ 10 KB
10 KB 549ms
285ms Document
text/html 69.197.134.250
WholeSale Internet

General

jastforu.com Open in urlscan Pro 69.197.134.250 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

69 Requests

13 %HTTPS

70 %IPv6

9 Domains

10 Subdomains

10 IPs

4 Countries

1371 kBTransfer

1550 kBSize

0 Cookies

4 Outgoing links

Redirected requests

69 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

jastforu.com Open in urlscan Pro
69.197.134.250 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

69
Requests

13 %
HTTPS

70 %
IPv6

9
Domains

10
Subdomains

10
IPs

4
Countries

1371 kB
Transfer

1550 kB
Size

0
Cookies

69 HTTP transactions
0 data transactions