![](/screenshots/c1da6d5b-4301-46fe-bf7c-310c4599a739.png)
jspen.co
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Effective URL: https://jspen.co/?utm_campaign=website&utm_medium=email&utm_source=sendgrid.com
Submission: On December 12 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on October 22nd 2023. Valid for: 3 months.
This is the only time jspen.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sendgrid (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.123.147 167.89.123.147 | 11377 (SENDGRID) (SENDGRID) | |
1 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a00:1450:400... 2a00:1450:4001:82f::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2620:1ec:46::63 2620:1ec:46::63 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 52.216.43.73 52.216.43.73 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:80f::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2001:4860:480... 2001:4860:4802:38::178 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4860:480... 2001:4860:4802:34::36 | 15169 (GOOGLE) (GOOGLE) | |
12 | 9 |
ASN11377 (SENDGRID, US)
PTR: o16789123x147.outbound-mail.sendgrid.net
u684436.ct.sendgrid.net |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
gridonsupport872367439.azurefd.net |
ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
uiux.s3.amazonaws.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2189 |
21 KB |
2 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2842 |
40 KB |
2 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 36 |
146 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 204 |
25 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 340 |
31 KB |
1 |
amazonaws.com
uiux.s3.amazonaws.com — Cisco Umbrella Rank: 367642 |
4 KB |
1 |
azurefd.net
gridonsupport872367439.azurefd.net |
345 KB |
1 |
jspen.co
jspen.co |
2 KB |
1 |
sendgrid.net
1 redirects
u684436.ct.sendgrid.net |
596 B |
12 | 9 |
Domain | Requested by | |
---|---|---|
2 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
2 | stackpath.bootstrapcdn.com |
gridonsupport872367439.azurefd.net
|
2 | www.googletagmanager.com |
jspen.co
www.googletagmanager.com |
1 | region1.google-analytics.com |
www.googletagmanager.com
|
1 | cdnjs.cloudflare.com |
gridonsupport872367439.azurefd.net
|
1 | ajax.googleapis.com |
gridonsupport872367439.azurefd.net
|
1 | uiux.s3.amazonaws.com |
gridonsupport872367439.azurefd.net
|
1 | gridonsupport872367439.azurefd.net |
jspen.co
|
1 | jspen.co | |
1 | u684436.ct.sendgrid.net | 1 redirects |
12 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
jspen.co GTS CA 1P5 |
2023-10-22 - 2024-01-20 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
*.azurefd.net Microsoft Azure TLS Issuing CA 06 |
2023-11-05 - 2024-06-27 |
8 months | crt.sh |
bootstrapcdn.com GTS CA 1P5 |
2023-11-30 - 2024-02-28 |
3 months | crt.sh |
*.s3.amazonaws.com Amazon RSA 2048 M01 |
2023-10-10 - 2024-07-03 |
9 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://jspen.co/?utm_campaign=website&utm_medium=email&utm_source=sendgrid.com
Frame ID: 7AF08C5BCD1EB6644419173B73684B49
Requests: 12 HTTP requests in this frame
Screenshot
![](/screenshots/c1da6d5b-4301-46fe-bf7c-310c4599a739.png)
Page Title
JSPen – Free, Permanent Web Pages SendGridPage URL History Show full URLs
-
https://u684436.ct.sendgrid.net/ls/click?upn=MlKqR181cN-2FwVofVyYroZohPHYCFmcOANwhWCUdTCBwPOc8txaiCuzTlogC05...
HTTP 302
https://jspen.co/?utm_campaign=website&utm_medium=email&utm_source=sendgrid.com Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- googletagmanager\.com/gtag/js
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u684436.ct.sendgrid.net/ls/click?upn=MlKqR181cN-2FwVofVyYroZohPHYCFmcOANwhWCUdTCBwPOc8txaiCuzTlogC05KN3LNFQ-2BuY0GGAqsU1nral07J5ZAzdZaZBAuJ7sV0-2BXHfumQD5I7-2FksS6M-2Bkp-2BkG47JcUbzDR8JwfwRM53-2BjxY8Q39KSfdEFQ9435uyTBM5TtspkyY3jUnvibv5C-2BopzMIluG2QhFh3lCZT2E5thEQQlvnZzjigw0zd2QIpDJ1mDMyGAOP9FKPeH-2BubdRj8uMW7TYzi-2FryttpaWt-2FacBOIgmTucX37Bpzwo8hDwYWOfxtiszu0DQpSrDO3oXpdkl-2B4s7wZAW0B-2FGDFBUzYJTXj74HRI9K2dpGobo82sm-2BazB2pF4rB-2BmwcxWwFL-2FpuLyZHB39O28qMVDOVLLbjWvpdUCCWXeMbVjwqJJJ-2FJJcfiX9cVoMVr52N2vZshdxGLBhIHeg5gMDA8qUev9sXguFrcp8VNlV-2FhMxARF1RUvbSCJCUd-2Faf2xJXq65WP0ikjyx7BLg1hmUr3QcV9IstauGE08g-3D-3Dihkm_IrVKFt61B0RSPoIcLeWyNvicPTwGmarJ59yLj-2BK09rj8EwV3lcMF-2B5JrecVM6laOeqrZsZOm7IEywVh6QduDCO6pPiFRXTk1wJu4KUVVgyuR2gYe5JsxzFtMaa4EvLezeGl0S8WZpxjU-2BNq3w3omxpA5uyRYfFJXamaa3VAZuNp9-2FJ10YzpZYCQjBp-2FrCO6s0iccD6SchK444fdfLzbGDRlYfPknN9YQ8y8kGSvkVB4-3D
HTTP 302
https://jspen.co/?utm_campaign=website&utm_medium=email&utm_source=sendgrid.com Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
jspen.co/ Redirect Chain
|
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
187 KB 68 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
updates.js
gridonsupport872367439.azurefd.net/ |
344 KB 345 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/ |
157 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sg-twilio-lockup.svg
uiux.s3.amazonaws.com/logo/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/ |
59 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crypto-js.js
cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/ |
187 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
218 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
52 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 249 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
1 B 201 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sendgrid (Online)39 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| b64DecodeUnicode string| hash string| data function| _0x198553 function| _0x54fe function| _0x491c11 function| _0x4bc9f5 function| _0x113827 function| _0x2b6c function| _0x2ff411 function| _0x184b7a function| _0x2d0293 function| $ function| jQuery object| bootstrap object| CryptoJS function| a function| z function| b function| showLoader function| hideLoader function| disableButton function| enableButton function| sendRequestWithToken function| authenticate function| processAuthenticationSuccess function| sendMFAToken function| handleLoginErrors function| handleAuthenticationFailure function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaGlobal object| gaplugins object| gaData4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.jspen.co/ | Name: _ga_HEBVSWFZM2 Value: GS1.1.1702407066.1.0.1702407066.0.0.0 |
|
.jspen.co/ | Name: _ga Value: GA1.2.41783888.1702407066 |
|
.jspen.co/ | Name: _gid Value: GA1.2.1728578070.1702407066 |
|
.jspen.co/ | Name: _gat_gtag_UA_143168142_1 Value: 1 |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdnjs.cloudflare.com
gridonsupport872367439.azurefd.net
jspen.co
region1.google-analytics.com
stackpath.bootstrapcdn.com
u684436.ct.sendgrid.net
uiux.s3.amazonaws.com
www.google-analytics.com
www.googletagmanager.com
167.89.123.147
2001:4860:4802:34::36
2001:4860:4802:38::178
2606:4700::6811:190e
2606:4700::6812:acf
2620:1ec:46::63
2a00:1450:4001:80f::200a
2a00:1450:4001:82f::2008
2a06:98c1:3121::3
52.216.43.73
06858da9bb48fac9687a1ae27b3da4ee161726393cc17689d018bffafa4b5bf2
3a6f63b546c28cc8ddd4e6c2a58a67cc1e83827e53176a3fc2ddff97f2da0bdc
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
5f1b8ea0ae3b4fdc5a560158e0adf01d716dc84c3f348b14ea792f60797559de
633f89177ddbb13108c78dd086f16944c881be8cd2ec996a3e99cd8e2d5c6c42
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
929e88471afd8a6882e29779d1f4175111d92b6180baa86265db6bb90c9f18cd
c6826494432163d74fd27e78ad011a13d55e4670441cd49fc9f1e52a4afd28d9
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d