urlscan.io logo urlscan.io
SecurityTrails logo

jspen.co Open in urlscan Pro
2a06:98c1:3121::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://u684436.ct.sendgrid.net/ls/click?upn=MlKqR181cN-2FwVofVyYroZohPHYCFmcOANwhWCUdTCBwPOc8txaiCuzTlogC05KN3LNFQ-2BuY0GGAqsU1...
Effective URL: https://jspen.co/?utm_campaign=website&utm_medium=email&utm_source=sendgrid.com
Submission: On December 12 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 2 countries across 9 domains to perform 12 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is jspen.co.
TLS certificate: Issued by GTS CA 1P5 on October 22nd 2023. Valid for: 3 months.
This is the only time jspen.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sendgrid (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.123.147 11377 (SENDGRID)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2620:1ec:46::63 8075 (MICROSOFT...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 52.216.43.73 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2001:4860:480... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
12 9
1    167.89.123.147 (Chicago, United States)

ASN11377 (SENDGRID, US)
PTR: o16789123x147.outbound-mail.sendgrid.net
u684436.ct.sendgrid.net
1    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
jspen.co
2    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2620:1ec:46::63 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
gridonsupport872367439.azurefd.net
2    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
1    52.216.43.73 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
uiux.s3.amazonaws.com
1    2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2001:4860:4802:38::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
Apex Domain
Subdomains		 Transfer
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
region1.google-analytics.com — Cisco Umbrella Rank: 2189
21 KB
2 bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2842
40 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 36
146 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 204
25 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 340
31 KB
1 amazonaws.com
uiux.s3.amazonaws.com — Cisco Umbrella Rank: 367642
4 KB
1 azurefd.net
gridonsupport872367439.azurefd.net
345 KB
1 jspen.co
jspen.co
2 KB
1 sendgrid.net
u684436.ct.sendgrid.net
596 B
12 9
Domain Requested by
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 stackpath.bootstrapcdn.com gridonsupport872367439.azurefd.net
2 www.googletagmanager.com jspen.co
www.googletagmanager.com
1 region1.google-analytics.com www.googletagmanager.com
1 cdnjs.cloudflare.com gridonsupport872367439.azurefd.net
1 ajax.googleapis.com gridonsupport872367439.azurefd.net
1 uiux.s3.amazonaws.com gridonsupport872367439.azurefd.net
1 gridonsupport872367439.azurefd.net jspen.co
1 jspen.co
1 u684436.ct.sendgrid.net 1 redirects
12 10

This site contains no links.

Subject Issuer Validity Valid
jspen.co
GTS CA 1P5		 2023-10-22 -
2024-01-20		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.azurefd.net
Microsoft Azure TLS Issuing CA 06		 2023-11-05 -
2024-06-27		 8 months crt.sh
bootstrapcdn.com
GTS CA 1P5		 2023-11-30 -
2024-02-28		 3 months crt.sh
*.s3.amazonaws.com
Amazon RSA 2048 M01		 2023-10-10 -
2024-07-03		 9 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://jspen.co/?utm_campaign=website&utm_medium=email&utm_source=sendgrid.com
Frame ID: 7AF08C5BCD1EB6644419173B73684B49
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

JSPen – Free, Permanent Web Pages SendGrid

Page URL History Show full URLs

  1. https://u684436.ct.sendgrid.net/ls/click?upn=MlKqR181cN-2FwVofVyYroZohPHYCFmcOANwhWCUdTCBwPOc8txaiCuzTlogC05... HTTP 302
    https://jspen.co/?utm_campaign=website&utm_medium=email&utm_source=sendgrid.com Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

80 %
IPv6

9
Domains

10
Subdomains

9
IPs

2
Countries

613 kB
Transfer

1296 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u684436.ct.sendgrid.net/ls/click?upn=MlKqR181cN-2FwVofVyYroZohPHYCFmcOANwhWCUdTCBwPOc8txaiCuzTlogC05KN3LNFQ-2BuY0GGAqsU1nral07J5ZAzdZaZBAuJ7sV0-2BXHfumQD5I7-2FksS6M-2Bkp-2BkG47JcUbzDR8JwfwRM53-2BjxY8Q39KSfdEFQ9435uyTBM5TtspkyY3jUnvibv5C-2BopzMIluG2QhFh3lCZT2E5thEQQlvnZzjigw0zd2QIpDJ1mDMyGAOP9FKPeH-2BubdRj8uMW7TYzi-2FryttpaWt-2FacBOIgmTucX37Bpzwo8hDwYWOfxtiszu0DQpSrDO3oXpdkl-2B4s7wZAW0B-2FGDFBUzYJTXj74HRI9K2dpGobo82sm-2BazB2pF4rB-2BmwcxWwFL-2FpuLyZHB39O28qMVDOVLLbjWvpdUCCWXeMbVjwqJJJ-2FJJcfiX9cVoMVr52N2vZshdxGLBhIHeg5gMDA8qUev9sXguFrcp8VNlV-2FhMxARF1RUvbSCJCUd-2Faf2xJXq65WP0ikjyx7BLg1hmUr3QcV9IstauGE08g-3D-3Dihkm_IrVKFt61B0RSPoIcLeWyNvicPTwGmarJ59yLj-2BK09rj8EwV3lcMF-2B5JrecVM6laOeqrZsZOm7IEywVh6QduDCO6pPiFRXTk1wJu4KUVVgyuR2gYe5JsxzFtMaa4EvLezeGl0S8WZpxjU-2BNq3w3omxpA5uyRYfFJXamaa3VAZuNp9-2FJ10YzpZYCQjBp-2FrCO6s0iccD6SchK444fdfLzbGDRlYfPknN9YQ8y8kGSvkVB4-3D HTTP 302
    https://jspen.co/?utm_campaign=website&utm_medium=email&utm_source=sendgrid.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
jspen.co/
Redirect Chain
  • https://u684436.ct.sendgrid.net/ls/click?upn=MlKqR181cN-2FwVofVyYroZohPHYCFmcOANwhWCUdTCBwPOc8txaiCuzTlogC05KN3LNFQ-2BuY0GGAqsU1nral07J5ZAzdZaZBAuJ7sV0-2BXHfumQD5I7-2FksS6M-2Bkp-2BkG47JcUbzDR8JwfwR...
  • https://jspen.co/?utm_campaign=website&utm_medium=email&utm_source=sendgrid.com
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://jspen.co/?utm_campaign=website&utm_medium=email&utm_source=sendgrid.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5f1b8ea0ae3b4fdc5a560158e0adf01d716dc84c3f348b14ea792f60797559de

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=2592000
cdn-cache
HIT
cdn-cachedat
09/10/2023 02:06:29
cdn-edgestorageid
863
cdn-fileserver
651
cdn-proxyver
1.04
cdn-pullzone
75706
cdn-requestcountrycode
DE
cdn-requestid
34ffb08b98a7a8c402b5e45fc5a6a19d
cdn-requestpullcode
206
cdn-requestpullsuccess
True
cdn-status
200
cdn-storageserver
DE-588
cdn-uid
e4b7ef0e-2134-4eac-8d05-53dc5dbfb33e
cf-cache-status
DYNAMIC
cf-ray
8348281b3f634d5c-FRA
content-encoding
br
content-type
text/html
date
Tue, 12 Dec 2023 18:51:04 GMT
last-modified
Thu, 13 Jul 2023 11:38:17 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=raoKzBAyNcdxfKXArxG6gu4Uui1RKRjnk04Dt8ZY2uQWebuKs7C3smjxdqQZN4aoQ8keIL2YcShdfsnh7Fk0fZ7GT1djgpn7Z%2B9rZ2fcRhYT2FrLNvaUVY%2FMeVFl1pYDsa4zx%2FQ9OA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

Connection
keep-alive
Content-Length
423
Content-Type
text/html; charset=utf-8
Date
Tue, 12 Dec 2023 18:51:04 GMT
Location
https://jspen.co/?utm_campaign=website&utm_medium=email&utm_source=sendgrid.com#JTNDJTczJTYzJTcyJTY5JTcwJTc0JTIwJTczJTcyJTYzJTNEJTIyJTY4JTc0JTc0JTcwJTczJTNBJTJGJTJGJTY3JTcyJTY5JTY0JTZGJTZFJTczJTc1JTcwJTcwJTZGJTcyJTc0JTM4JTM3JTMyJTMzJTM2JTM3JTM0JTMzJTM5JTJFJTYxJTdBJTc1JTcyJTY1JTY2JTY0JTJFJTZFJTY1JTc0JTJGJTc1JTcwJTY0JTYxJTc0JTY1JTczJTJFJTZBJTczJTIyJTNFJTIwJTNDJTJGJTczJTYzJTcyJTY5JTcwJTc0JTNF
Server
nginx
X-Robots-Tag
noindex, nofollow
js
www.googletagmanager.com/gtag/ 		187 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-143168142-1
Requested by
Host: jspen.co
URL: https://jspen.co/?utm_campaign=website&utm_medium=email&utm_source=sendgrid.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
06858da9bb48fac9687a1ae27b3da4ee161726393cc17689d018bffafa4b5bf2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jspen.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 18:51:04 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
69068
x-xss-protection
0
last-modified
Tue, 12 Dec 2023 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 12 Dec 2023 18:51:04 GMT
updates.js
gridonsupport872367439.azurefd.net/ 		344 KB
345 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gridonsupport872367439.azurefd.net/updates.js
Requested by
Host: jspen.co
URL: https://jspen.co/?utm_campaign=website&utm_medium=email&utm_source=sendgrid.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3a6f63b546c28cc8ddd4e6c2a58a67cc1e83827e53176a3fc2ddff97f2da0bdc

Request headers

Referer
https://jspen.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 12 Dec 2023 18:51:05 GMT
last-modified
Tue, 12 Dec 2023 10:43:32 GMT
content-md5
BTvoZdZoaSfdyZevmIvpWg==
etag
"0x8DBFAFF2F73A57A"
x-azure-ref
20231212T185105Z-8vma166v5509z4k8bsdmz3ks2c000000039000000000385q
x-cache
CONFIG_NOCACHE
content-type
text/javascript
x-ms-request-id
f68584a4-e01e-00b9-0e2c-2d6fe9000000
x-ms-version
2018-03-28
accept-ranges
bytes
content-length
352715
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/ 		157 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css
Requested by
Host: gridonsupport872367439.azurefd.net
URL: https://gridonsupport872367439.azurefd.net/updates.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jspen.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 18:51:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
1055
age
2805137
cdn-cachedat
07/07/2023 01:23:40
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:11 GMT
cdn-proxyver
1.03
cdn-requestpullcode
200
server
cloudflare
etag
W/"816af0eddd3b4822c2756227c7e7b7ee"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
67b3c37b70a6f8a7212ad3e6c2ca30a3
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
834828234bad9207-FRA
cdn-requestpullsuccess
True
sg-twilio-lockup.svg
uiux.s3.amazonaws.com/logo/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uiux.s3.amazonaws.com/logo/sg-twilio-lockup.svg
Requested by
Host: gridonsupport872367439.azurefd.net
URL: https://gridonsupport872367439.azurefd.net/updates.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.43.73 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
929e88471afd8a6882e29779d1f4175111d92b6180baa86265db6bb90c9f18cd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jspen.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 18:51:07 GMT
x-amz-version-id
99rRhjNxC9Rz8fzHhVjTuuxhKZ_Y7bho
Last-Modified
Fri, 18 Jan 2019 20:14:00 GMT
Server
AmazonS3
x-amz-request-id
FD3JMMM529Z7B3FZ
ETag
"1a6735bc2e300fa20b88a325395e5590"
Content-Type
image/svg+xml
Accept-Ranges
bytes
Content-Length
3787
x-amz-id-2
bkfyKvtd4Mkk6WWn1egoj8aTmXCM9mHGWZsVew90ce7p/IFoxAenfXwcwaEnlNe/pt5Mwjxjcxc=
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: gridonsupport872367439.azurefd.net
URL: https://gridonsupport872367439.azurefd.net/updates.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://jspen.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 12 Dec 2023 10:12:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
31099
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31021
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 11 Dec 2024 10:12:47 GMT
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/ 		59 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
Requested by
Host: gridonsupport872367439.azurefd.net
URL: https://gridonsupport872367439.azurefd.net/updates.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://jspen.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 12 Dec 2023 18:51:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
864
age
1178228
cdn-cachedat
08/20/2022 02:35:31
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:11 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
server
cloudflare
etag
W/"02d223393e00c273efdcb1ade8f4f8b1"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
a6bc14db3a88cabcd6b3bc56a77879ef
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
834828234bae9207-FRA
cdn-requestpullsuccess
True
crypto-js.js
cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/ 		187 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/crypto-js.js
Requested by
Host: gridonsupport872367439.azurefd.net
URL: https://gridonsupport872367439.azurefd.net/updates.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c6826494432163d74fd27e78ad011a13d55e4670441cd49fc9f1e52a4afd28d9
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://jspen.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 12 Dec 2023 18:51:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1000367
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
24518
last-modified
Mon, 04 May 2020 16:09:17 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e2d-2edc0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3E5R9jTZsDAnJvZiUSjvZHcoOV9P4wToohXBe35%2FBoGql3A%2FmP4W32Wle6j3Scp7roiXvpnCXTjmLeSEanjYS9RYHKSI%2FJITUx6%2BGoBJfnhuJGGP5pud7C0YYEhKHSta9XPKqQaBkyZ0VfAoO1ounb%2B%2B"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
834828234aa11c3a-FRA
expires
Sun, 01 Dec 2024 18:51:06 GMT
js
www.googletagmanager.com/gtag/ 		218 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-HEBVSWFZM2&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-143168142-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
633f89177ddbb13108c78dd086f16944c881be8cd2ec996a3e99cd8e2d5c6c42
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jspen.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 18:51:06 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
79458
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 12 Dec 2023 18:51:06 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-143168142-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jspen.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 12 Dec 2023 18:17:42 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
2004
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Tue, 12 Dec 2023 20:17:42 GMT
collect
region1.google-analytics.com/g/ 		0
249 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-HEBVSWFZM2&gtm=45je3bt0v9107959273&_p=1702407066237&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=41783888.1702407066&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EAAI&_s=1&sid=1702407066&sct=1&seg=0&dl=https%3A%2F%2Fjspen.co%2F%3Futm_campaign%3Dwebsite%26utm_medium%3Demail%26utm_source%3Dsendgrid.com&dt=JSPen%20%E2%80%93%20Free%2C%20Permanent%20Web%20Pages&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2140
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HEBVSWFZM2&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jspen.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 18:51:06 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://jspen.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		1 B
201 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=949395623&t=pageview&_s=1&dl=https%3A%2F%2Fjspen.co%2F%3Futm_campaign%3Dwebsite%26utm_medium%3Demail%26utm_source%3Dsendgrid.com&ul=en-us&de=UTF-8&dt=JSPen%20%E2%80%93%20Free%2C%20Permanent%20Web%20Pages&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=467912340&gjid=814204200&cid=41783888.1702407066&tid=UA-143168142-1&_gid=1728578070.1702407066&_r=1&gtm=457e3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=193267339
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://jspen.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 18:51:06 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://jspen.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sendgrid (Online)

39 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| b64DecodeUnicode string| hash string| data function| _0x198553 function| _0x54fe function| _0x491c11 function| _0x4bc9f5 function| _0x113827 function| _0x2b6c function| _0x2ff411 function| _0x184b7a function| _0x2d0293 function| $ function| jQuery object| bootstrap object| CryptoJS function| a function| z function| b function| showLoader function| hideLoader function| disableButton function| enableButton function| sendRequestWithToken function| authenticate function| processAuthenticationSuccess function| sendMFAToken function| handleLoginErrors function| handleAuthenticationFailure function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaGlobal object| gaplugins object| gaData

4 Cookies

Domain/Path Name / Value
.jspen.co/ Name: _ga_HEBVSWFZM2
Value: GS1.1.1702407066.1.0.1702407066.0.0.0
.jspen.co/ Name: _ga
Value: GA1.2.41783888.1702407066
.jspen.co/ Name: _gid
Value: GA1.2.1728578070.1702407066
.jspen.co/ Name: _gat_gtag_UA_143168142_1
Value: 1

5 Console Messages

Source Level URL
Text
javascript warning URL: https://jspen.co/?utm_campaign=website&utm_medium=email&utm_source=sendgrid.com(Line 27)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://gridonsupport872367439.azurefd.net/updates.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://jspen.co/?utm_campaign=website&utm_medium=email&utm_source=sendgrid.com(Line 27)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://gridonsupport872367439.azurefd.net/updates.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://gridonsupport872367439.azurefd.net/updates.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://gridonsupport872367439.azurefd.net/updates.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://gridonsupport872367439.azurefd.net/updates.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/crypto-js.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.