jankessinger.com Open in urlscan Pro
2400:cb00:2048:1::6812:24b2 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://jankessinger.com/wp-readme/navyfederal.org/error.php
Submission: On August 14 via api (August 14th 2018, 10:25:44 pm UTC) from CA

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 19 HTTP transactions. The main IP is 2400:cb00:2048:1::6812:24b2, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is jankessinger.com.

This is the only time jankessinger.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Navy Federal Credit Union (Government)

Domain & IP information

	IP Address	AS Autonomous System
13	2400:cb00:204... 2400:cb00:2048:1::6812:24b2	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
5	2400:cb00:204... 2400:cb00:2048:1::6812:25b2	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	217.70.184.50 217.70.184.50	29169 (GANDI-AS ...) (GANDI-AS Domain name registrar - http://www.gandi.net)
19	3

13 2400:cb00:2048:1::6812:24b2 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

jankessinger.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2400:cb00:2048:1::6812:25b2 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

jankessinger.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.70.184.50 (France)

ASN29169 (GANDI-AS Domain name registrar - http://www.gandi.net, FR)
PTR: webredir.vip.gandi.net

none.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	jankessinger.com jankessinger.com	415 KB
1	none.com none.com	1 KB
19	2

	Domain	Requested by
18	jankessinger.com	jankessinger.com
1	none.com	jankessinger.com
19	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://jankessinger.com/wp-readme/navyfederal.org/error.php
Frame ID: 143B50BB4210CB85D293BE89814AB4F7
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

19
Requests

0 %
HTTPS

67 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

417 kB
Transfer

510 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set error.php Show response jankessinger.com/wp-readme/navyfederal.org/	4 KB 2 KB	303ms 303ms	Document text/html	2400:cb00:2048:1::6812:24b2 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:24b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `bd8749a3e0890fd29c99c8abb200835dd09f0da3b64c221f961f544a046f72a0` Request headers Host jankessinger.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 143B50BB4210CB85D293BE89814AB4F7 Response headers Date Tue, 14 Aug 2018 22:25:32 GMT Content-Type text/html; charset=utf-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532; expires=Wed, 14-Aug-19 22:25:32 GMT; path=/; domain=.jankessinger.com; HttpOnly Server cloudflare CF-RAY 44a6d683249d26d2-FRA Content-Encoding gzip
GET H/1.1	403 Forbidden	bat.js jankessinger.com/wp-readme/navyfederal.org/imgs/	0 0	308ms 307ms	Script text/html	2400:cb00:2048:1::6812:24b2 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://jankessinger.com/wp-readme/navyfederal.org/imgs/bat.js Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:24b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host jankessinger.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532 Connection keep-alive Cache-Control no-cache Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 Aug 2018 22:25:33 GMT Content-Encoding gzip CF-Cache-Status EXPIRED Server cloudflare Vary Accept-Encoding Content-Type text/html; charset=utf-8 Transfer-Encoding chunked Connection keep-alive CF-RAY 44a6d68514ff26d2-FRA
GET H/1.1	403 Forbidden	s39876891442473.js jankessinger.com/wp-readme/navyfederal.org/imgs/	0 0	382ms 381ms	Script text/html	2400:cb00:2048:1::6812:24b2 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://jankessinger.com/wp-readme/navyfederal.org/imgs/s39876891442473.js Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:24b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host jankessinger.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532 Connection keep-alive Cache-Control no-cache Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 Aug 2018 22:25:33 GMT Content-Encoding gzip CF-Cache-Status EXPIRED Server cloudflare Vary Accept-Encoding Content-Type text/html; charset=utf-8 Transfer-Encoding chunked Connection keep-alive CF-RAY 44a6d687055926d2-FRA
GET H/1.1	200 OK	styles.css jankessinger.com/wp-readme/navyfederal.org/img/	51 KB 11 KB	22ms 15ms	Stylesheet text/css	2400:cb00:2048:1::6812:24b2 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://jankessinger.com/wp-readme/navyfederal.org/img/styles.css Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:24b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `72041e7efc90bb83d87cb5c52ec76f25f187ca63f3d828284b0de4588b1dd0e5` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host jankessinger.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532 Connection keep-alive Cache-Control no-cache Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 Aug 2018 22:25:32 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Fri, 20 Jan 2017 01:16:10 GMT Server cloudflare Vary Accept-Encoding Content-Type text/css Cache-Control public, max-age=14400 Transfer-Encoding chunked Connection keep-alive CF-RAY 44a6d68524589720-FRA Expires Wed, 15 Aug 2018 02:25:32 GMT
GET H/1.1	200 OK	css.css jankessinger.com/wp-readme/navyfederal.org/img/	647 B 665 B	17ms 10ms	Stylesheet text/css	2400:cb00:2048:1::6812:24b2 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://jankessinger.com/wp-readme/navyfederal.org/img/css.css Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:24b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `4e5eabe368b93c1a60fbbf4dc5d9c205f745fca366b4ebc0dfde32e0a1d99fcd` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host jankessinger.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532 Connection keep-alive Cache-Control no-cache Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 Aug 2018 22:25:32 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Sun, 11 Jan 2015 06:08:58 GMT Server cloudflare Vary Accept-Encoding Content-Type text/css Cache-Control public, max-age=14400 Transfer-Encoding chunked Connection keep-alive CF-RAY 44a6d685261c26d8-FRA Expires Wed, 15 Aug 2018 02:25:32 GMT
GET H/1.1	200 OK	facebox.css jankessinger.com/wp-readme/navyfederal.org/img/	3 KB 1 KB	24ms 17ms	Stylesheet text/css	2400:cb00:2048:1::6812:24b2 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://jankessinger.com/wp-readme/navyfederal.org/img/facebox.css Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:24b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `369435ccb569ec682e01b629883a0444f33bef23f7ada7fd488c9118a680a203` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host jankessinger.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532 Connection keep-alive Cache-Control no-cache Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 Aug 2018 22:25:32 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Sun, 11 Jan 2015 06:08:58 GMT Server cloudflare Vary Accept-Encoding Content-Type text/css Cache-Control public, max-age=14400 Transfer-Encoding chunked Connection keep-alive CF-RAY 44a6d68527af9718-FRA Expires Wed, 15 Aug 2018 02:25:32 GMT
GET H/1.1	200 OK	jquery-1.js Show response jankessinger.com/wp-readme/navyfederal.org/img/	70 KB 24 KB	21ms 15ms	Script application/javascript	2400:cb00:2048:1::6812:25b2 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://jankessinger.com/wp-readme/navyfederal.org/img/jquery-1.js Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:25b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host jankessinger.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532 Connection keep-alive Cache-Control no-cache Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 Aug 2018 22:25:32 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Sun, 11 Jan 2015 06:08:58 GMT Server cloudflare Vary Accept-Encoding Content-Type application/javascript Cache-Control public, max-age=14400 Transfer-Encoding chunked Connection keep-alive CF-RAY 44a6d685244fbeee-FRA Expires Wed, 15 Aug 2018 02:25:32 GMT
GET H/1.1	200 OK	jquery.js Show response jankessinger.com/wp-readme/navyfederal.org/img/	2 KB 1 KB	26ms 9ms	Script application/javascript	2400:cb00:2048:1::6812:24b2 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://jankessinger.com/wp-readme/navyfederal.org/img/jquery.js Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:24b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `5a7e54fbc97213c7e72c607aaabe9d32b9285e01dc5ec8f9e0fa72b98a18f6cc` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host jankessinger.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532 Connection keep-alive Cache-Control no-cache Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 Aug 2018 22:25:32 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Sun, 11 Jan 2015 06:08:58 GMT Server cloudflare Vary Accept-Encoding Content-Type application/javascript Cache-Control public, max-age=14400 Transfer-Encoding chunked Connection keep-alive CF-RAY 44a6d685362126d8-FRA Expires Wed, 15 Aug 2018 02:25:32 GMT
GET H/1.1	200 OK	facebox.js Show response jankessinger.com/wp-readme/navyfederal.org/img/	9 KB 3 KB	30ms 8ms	Script application/javascript	2400:cb00:2048:1::6812:24b2 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://jankessinger.com/wp-readme/navyfederal.org/img/facebox.js Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:24b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `648e8bbb6388bce48e2ae62585040075d8f8484ec301ecd576275e186636f5c4` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host jankessinger.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532 Connection keep-alive Cache-Control no-cache Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 Aug 2018 22:25:32 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Sun, 11 Jan 2015 06:08:58 GMT Server cloudflare Vary Accept-Encoding Content-Type application/javascript Cache-Control public, max-age=14400 Transfer-Encoding chunked Connection keep-alive CF-RAY 44a6d68534609720-FRA Expires Wed, 15 Aug 2018 02:25:32 GMT
GET H/1.1	403 Forbidden	aggregator.css jankessinger.com/wp-readme/navyfederal.org/imgs/	0 0	327ms 320ms	Stylesheet text/html	2400:cb00:2048:1::6812:25b2 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://jankessinger.com/wp-readme/navyfederal.org/imgs/aggregator.css Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:25b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host jankessinger.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532 Connection keep-alive Cache-Control no-cache Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 Aug 2018 22:25:33 GMT Content-Encoding gzip CF-Cache-Status EXPIRED Server cloudflare Vary Accept-Encoding Content-Type text/html; charset=utf-8 Transfer-Encoding chunked Connection keep-alive CF-RAY 44a6d685201e96ac-FRA
GET H/1.1	200 OK	header.PNG jankessinger.com/wp-readme/navyfederal.org/images/	20 KB 20 KB	10ms 10ms	Image image/png	2400:cb00:2048:1::6812:25b2 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://jankessinger.com/wp-readme/navyfederal.org/images/header.PNG Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:25b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `696e4c389f745a2e93d35ed8c3f63dbb1f0d257c44a6775c471bf90037d02351` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host jankessinger.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://jankessinger.com/wp-readme/navyfederal.org/error.php Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532 Connection keep-alive Cache-Control no-cache Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 Aug 2018 22:25:33 GMT CF-Cache-Status HIT Last-Modified Mon, 21 Nov 2016 09:32:12 GMT Server cloudflare Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 44a6d68720bc96ac-FRA Content-Length 20351 Expires Wed, 15 Aug 2018 02:25:33 GMT
GET H/1.1	200 OK	headlnk.PNG jankessinger.com/wp-readme/navyfederal.org/images/	3 KB 4 KB	13ms 12ms	Image image/png	2400:cb00:2048:1::6812:24b2 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://jankessinger.com/wp-readme/navyfederal.org/images/headlnk.PNG Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:24b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `c4829e9aed0e9ae4477d352cea824c69eacd6e6f970e1c19893df3df663f2ef3` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host jankessinger.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://jankessinger.com/wp-readme/navyfederal.org/error.php Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532 Connection keep-alive Cache-Control no-cache Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 Aug 2018 22:25:33 GMT CF-Cache-Status HIT Last-Modified Mon, 21 Nov 2016 09:32:38 GMT Server cloudflare Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 44a6d68724eb9720-FRA Content-Length 3218 Expires Wed, 15 Aug 2018 02:25:33 GMT
GET H/1.1	200 OK	loginbd2.PNG jankessinger.com/wp-readme/navyfederal.org/images/	155 KB 155 KB	13ms 12ms	Image image/png	2400:cb00:2048:1::6812:25b2 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://jankessinger.com/wp-readme/navyfederal.org/images/loginbd2.PNG Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:25b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `3483b16e1fe18fe7f02ee4a4d1b7071619496cb0895952d47b1b93b4d1eeecfd` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host jankessinger.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://jankessinger.com/wp-readme/navyfederal.org/error.php Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532 Connection keep-alive Cache-Control no-cache Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 Aug 2018 22:25:33 GMT CF-Cache-Status HIT Last-Modified Mon, 21 Nov 2016 09:44:14 GMT Server cloudflare Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 44a6d68724f3beee-FRA Content-Length 158495 Expires Wed, 15 Aug 2018 02:25:33 GMT
GET H/1.1	200 OK	signin.PNG jankessinger.com/wp-readme/navyfederal.org/images/	15 KB 16 KB	10ms 9ms	Image image/png	2400:cb00:2048:1::6812:24b2 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://jankessinger.com/wp-readme/navyfederal.org/images/signin.PNG Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:24b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `6d4eed0e19b4d64d594e5780ea0547284205fc85f82b7488fddb0758bee03b4c` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host jankessinger.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://jankessinger.com/wp-readme/navyfederal.org/error.php Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532 Connection keep-alive Cache-Control no-cache Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 Aug 2018 22:25:33 GMT CF-Cache-Status HIT Last-Modified Mon, 21 Nov 2016 09:34:10 GMT Server cloudflare Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 44a6d687268426d8-FRA Content-Length 15799 Expires Wed, 15 Aug 2018 02:25:33 GMT
GET H/1.1	200 OK	ads2.PNG jankessinger.com/wp-readme/navyfederal.org/images/	120 KB 120 KB	13ms 12ms	Image image/png	2400:cb00:2048:1::6812:24b2 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://jankessinger.com/wp-readme/navyfederal.org/images/ads2.PNG Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:24b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `961f9f327f3114c4bba216b3bcfdd0b077bce70232b53d91bb567b211bc26bce` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host jankessinger.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://jankessinger.com/wp-readme/navyfederal.org/error.php Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532 Connection keep-alive Cache-Control no-cache Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 Aug 2018 22:25:33 GMT CF-Cache-Status HIT Last-Modified Mon, 21 Nov 2016 09:45:18 GMT Server cloudflare Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 44a6d68720329718-FRA Content-Length 122799 Expires Wed, 15 Aug 2018 02:25:33 GMT
GET H/1.1	200 OK	help.PNG jankessinger.com/wp-readme/navyfederal.org/images/	4 KB 5 KB	18ms 9ms	Image image/png	2400:cb00:2048:1::6812:24b2 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://jankessinger.com/wp-readme/navyfederal.org/images/help.PNG Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:24b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `c55c0eb5076a96447708fecec75ad0037a16b7f9d29e271e521fc0b22d2c6349` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host jankessinger.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://jankessinger.com/wp-readme/navyfederal.org/error.php Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532 Connection keep-alive Cache-Control no-cache Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 Aug 2018 22:25:33 GMT CF-Cache-Status HIT Last-Modified Mon, 21 Nov 2016 09:34:50 GMT Server cloudflare Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 44a6d68734f39720-FRA Content-Length 4293 Expires Wed, 15 Aug 2018 02:25:33 GMT
GET H/1.1	200 OK	footer.PNG jankessinger.com/wp-readme/navyfederal.org/images/	52 KB 53 KB	634ms 623ms	Image image/png	2400:cb00:2048:1::6812:25b2 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://jankessinger.com/wp-readme/navyfederal.org/images/footer.PNG Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:25b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `6154d31df47e3791ad06dd05bcd0950bce571412790330cc71e2c7c17e20b620` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host jankessinger.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://jankessinger.com/wp-readme/navyfederal.org/error.php Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532 Connection keep-alive Cache-Control no-cache Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 Aug 2018 22:25:33 GMT CF-Cache-Status HIT Last-Modified Mon, 21 Nov 2016 09:35:58 GMT Server cloudflare Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 44a6d68740c396ac-FRA Content-Length 53631 Expires Wed, 15 Aug 2018 02:25:33 GMT
GET H/1.1	200 OK	/ none.com/	0 1 KB	79ms 27ms	Image text/html	217.70.184.50 http://www.gandi.net
General Check archive.org Show headers Download Go to Show image Full URL http://none.com/ Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/error.php Protocol HTTP/1.1 Server 217.70.184.50 , France, ASN29169 (GANDI-AS Domain name registrar - http://www.gandi.net, FR), Reverse DNS webredir.vip.gandi.net Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://jankessinger.com/wp-readme/navyfederal.org/error.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Content-Type text/html
GET H/1.1	403 Forbidden	bg_gradient.png jankessinger.com/wp-readme/navyfederal.org/nfcu_images/	15 B 15 B	316ms 305ms	Image text/html	2400:cb00:2048:1::6812:24b2 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://jankessinger.com/wp-readme/navyfederal.org/nfcu_images/bg_gradient.png Requested by Host: jankessinger.com URL: http://jankessinger.com/wp-readme/navyfederal.org/img/jquery-1.js Protocol HTTP/1.1 Server 2400:cb00:2048:1::6812:24b2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `5a96ae11555504787da4b5f09ca3175a006392cff7c2c7df1a57f08ca2ebda02` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host jankessinger.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://jankessinger.com/wp-readme/navyfederal.org/img/styles.css Cookie __cfduid=d2c3f15938e49c8d89316ca962b1acaa61534285532 Connection keep-alive Cache-Control no-cache Referer http://jankessinger.com/wp-readme/navyfederal.org/img/styles.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 Aug 2018 22:25:33 GMT Content-Encoding gzip CF-Cache-Status EXPIRED Server cloudflare Vary Accept-Encoding Content-Type text/html; charset=utf-8 Transfer-Encoding chunked Connection keep-alive CF-RAY 44a6d687468f26d8-FRA

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Navy Federal Credit Union (Government)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| unhideBody

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

jankessinger.com
none.com
217.70.184.50
2400:cb00:2048:1::6812:24b2
2400:cb00:2048:1::6812:25b2
3483b16e1fe18fe7f02ee4a4d1b7071619496cb0895952d47b1b93b4d1eeecfd
369435ccb569ec682e01b629883a0444f33bef23f7ada7fd488c9118a680a203
4e5eabe368b93c1a60fbbf4dc5d9c205f745fca366b4ebc0dfde32e0a1d99fcd
5a7e54fbc97213c7e72c607aaabe9d32b9285e01dc5ec8f9e0fa72b98a18f6cc
5a96ae11555504787da4b5f09ca3175a006392cff7c2c7df1a57f08ca2ebda02
6154d31df47e3791ad06dd05bcd0950bce571412790330cc71e2c7c17e20b620
648e8bbb6388bce48e2ae62585040075d8f8484ec301ecd576275e186636f5c4
696e4c389f745a2e93d35ed8c3f63dbb1f0d257c44a6775c471bf90037d02351
6d4eed0e19b4d64d594e5780ea0547284205fc85f82b7488fddb0758bee03b4c
72041e7efc90bb83d87cb5c52ec76f25f187ca63f3d828284b0de4588b1dd0e5
961f9f327f3114c4bba216b3bcfdd0b077bce70232b53d91bb567b211bc26bce
bd8749a3e0890fd29c99c8abb200835dd09f0da3b64c221f961f544a046f72a0
c4829e9aed0e9ae4477d352cea824c69eacd6e6f970e1c19893df3df663f2ef3
c55c0eb5076a96447708fecec75ad0037a16b7f9d29e271e521fc0b22d2c6349
e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

jankessinger.com Open in urlscan Pro 2400:cb00:2048:1::6812:24b2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

19 Requests

0 %HTTPS

67 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

417 kBTransfer

510 kBSize

0 Cookies

0 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

jankessinger.com Open in urlscan Pro
2400:cb00:2048:1::6812:24b2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

0 %
HTTPS

67 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

417 kB
Transfer

510 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!