![](/screenshots/bb3ef180-3d22-47a9-b264-644ccdee0c07.png)
serverupdates.w3spaces.com
Open in
urlscan Pro
65.9.71.119
Malicious Activity!
Public Scan
Submission: On September 10 via manual from SA — Scanned from DE
Summary
TLS certificate: Issued by Amazon on August 10th 2021. Valid for: a year.
This is the only time serverupdates.w3spaces.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WeTransfer (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 65.9.71.119 65.9.71.119 | 16509 (AMAZON-02) (AMAZON-02) | |
7 | 167.99.221.98 167.99.221.98 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
9 | 2 |
ASN14061 (DIGITALOCEAN-ASN, US)
PTR: s320.ams1.mysecurecloudhost.com
livcifilter.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
livcifilter.com
livcifilter.com |
51 KB |
2 |
w3spaces.com
serverupdates.w3spaces.com |
28 KB |
9 | 2 |
Domain | Requested by | |
---|---|---|
7 | livcifilter.com |
serverupdates.w3spaces.com
livcifilter.com |
2 | serverupdates.w3spaces.com |
serverupdates.w3spaces.com
|
9 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.w3spaces.com Amazon |
2021-08-10 - 2022-09-08 |
a year | crt.sh |
livcifilter.com cPanel, Inc. Certification Authority |
2021-08-24 - 2021-11-22 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://serverupdates.w3spaces.com/new-file-1.html
Frame ID: 3795A2EEF5E5E26FB4B6BC14E41D3F7A
Requests: 3 HTTP requests in this frame
Frame:
https://livcifilter.com/web/wtse_files//bg.html
Frame ID: 1E7BF57450B9BDCC17E1FA971A8D9369
Requests: 6 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
new-file-1.html
serverupdates.w3spaces.com/ |
14 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
livcifilter.com/web/wtse_files/ |
391 KB 46 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg.html
livcifilter.com/web/wtse_files// Frame 1E7B |
19 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
new-file-1.html
serverupdates.w3spaces.com/ |
14 KB 14 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
screen.html
livcifilter.com/web/wtse_files//bg_data/ Frame 1E7B |
604 B 550 B |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1px.html
livcifilter.com/web/wtse_files//_https_/backgrounds.wetransfer.net/plus/201708/size_orange_v1/images/ Frame 1E7B |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
texture.html
livcifilter.com/web/wtse_files//images/ Frame 1E7B |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
FreightSans-Pro-Semibold.html
livcifilter.com/web/wtse_files//fonts/ Frame 1E7B |
315 B 205 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
FreightSans-Pro-Medium.html
livcifilter.com/web/wtse_files//fonts/ Frame 1E7B |
315 B 205 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WeTransfer (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect boolean| originAgentCluster function| validateForm function| getUrlVars0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
livcifilter.com
serverupdates.w3spaces.com
167.99.221.98
65.9.71.119
14df24f48f34d35c0a8ca0fbf1cf96059660b0d70072f7542485abd3587dbfa7
9d5d555af3be54ce5d7f1c4667c6b195dd6116c8d499f6bfdd71aa0636acd91c
cd2a081f45571ad28411acc42d1a29ab1cfb487bfeb9e70dfc8647e8a3f6a161
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dba835a319de2a64882e21fac21abdaaf813e06044b1431fdff1a2869bc95ae8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855