urlscan.io logo urlscan.io
SecurityTrails logo

s4.upfiles.download Open in urlscan Pro
144.76.152.243  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://upfiles.download/file/download/eyJpdiI6ImtYSC9ENE5SSjJ3dUhOZ3psditva1E9PSIsInZhbHVlIjoiYktjY1k2U1VDeVNKcFlQZ2NrU2...
Effective URL: https://s4.upfiles.download/2023/12/30/09/iv58VRkj9XGpqun35XO48KXxw92q6CsUjUIpPmRG.zip?name=%D9%86%D9%88%D8%AF%D8%B2+%D9%85%...
Submission: On December 30 via manual from EG — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 2 countries across 1 domains to perform 1 HTTP transactions. The main IP is 144.76.152.243, located in Sankt Augustin, Germany and belongs to HETZNER-AS, DE. The main domain is s4.upfiles.download.
TLS certificate: Issued by R3 on November 28th 2023. Valid for: 3 months.
This is the only time s4.upfiles.download was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

download 2 MB application/zip
MIME: Zip archive data, at least v2.0 to extract
Size: 2 MB (2453909 bytes, 100% done)
Downloaded from: https://s4.upfiles.download/2023/12/30/09/iv58VRkj9XGpqun35XO48KXxw92q6CsUjUIpPmRG.zip?name=%D9%86%D9%88%D8%AF%D8%B2+%D9%85%D8%AD%D8%AC%D8%A8%D9%87+%D9%85%D8%B5%D8%B1%D9%8A%D9%87+%D9%87%D8%A7%D9%8A+%D9%83%D9%84%D8%A7%D8%B3+%D8%A8%D8%B7%D9%84+%D8%AA%D8%B9%D8%B1%D8%B6+%D8%AC%D8%B3%D9%85%D9%87%D8%A7+%D9%88+%D8%A8%D8%B2%D8%A7%D8%B2%D9%87%D8%A7+%D8%A7%D9%84%D9%83%D8%A8%D9%8A%D8%B1%D9%87.zip&ip=2a01:4a0:2b::7&md5=rCOYtN2MgTfKvdlcb4YtrA&expires=1703998203

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 144.76.152.243 24940 (HETZNER-AS)
1 1
Apex Domain
Subdomains		 Transfer
2 upfiles.download
upfiles.download
s4.upfiles.download
2 KB
1 1
Domain Requested by
1 s4.upfiles.download
1 upfiles.download 1 redirects
1 2

This site contains no links.

Subject Issuer Validity Valid
s4.upfiles.download
R3		 2023-11-28 -
2024-02-26		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://s4.upfiles.download/2023/12/30/09/iv58VRkj9XGpqun35XO48KXxw92q6CsUjUIpPmRG.zip?name=%D9%86%D9%88%D8%AF%D8%B2+%D9%85%D8%AD%D8%AC%D8%A8%D9%87+%D9%85%D8%B5%D8%B1%D9%8A%D9%87+%D9%87%D8%A7%D9%8A+%D9%83%D9%84%D8%A7%D8%B3+%D8%A8%D8%B7%D9%84+%D8%AA%D8%B9%D8%B1%D8%B6+%D8%AC%D8%B3%D9%85%D9%87%D8%A7+%D9%88+%D8%A8%D8%B2%D8%A7%D8%B2%D9%87%D8%A7+%D8%A7%D9%84%D9%83%D8%A8%D9%8A%D8%B1%D9%87.zip&ip=2a01:4a0:2b::7&md5=rCOYtN2MgTfKvdlcb4YtrA&expires=1703998203
Frame ID: 19869CA5769156DB713D6268C4BDE5E5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

Page Statistics

1
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

2
Subdomains

1
IPs

2
Countries

0 kB
Transfer

0 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request iv58VRkj9XGpqun35XO48KXxw92q6CsUjUIpPmRG.zip
s4.upfiles.download/2023/12/30/09/
Redirect Chain
  • https://upfiles.download/file/download/eyJpdiI6ImtYSC9ENE5SSjJ3dUhOZ3psditva1E9PSIsInZhbHVlIjoiYktjY1k2U1VDeVNKcFlQZ2NrU2pJMHRvN3FpQ1J0QkJ0dGRDNi9vbkFXaFZTVjk1VlN4eGpWUUtnVnh2dmFZMDZuSEZIUlkzYlprLz...
  • https://s4.upfiles.download/2023/12/30/09/iv58VRkj9XGpqun35XO48KXxw92q6CsUjUIpPmRG.zip?name=%D9%86%D9%88%D8%AF%D8%B2+%D9%85%D8%AD%D8%AC%D8%A8%D9%87+%D9%85%D8%B5%D8%B1%D9%8A%D9%87+%D9%87%D8%A7%D9%8A...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://s4.upfiles.download/2023/12/30/09/iv58VRkj9XGpqun35XO48KXxw92q6CsUjUIpPmRG.zip?name=%D9%86%D9%88%D8%AF%D8%B2+%D9%85%D8%AD%D8%AC%D8%A8%D9%87+%D9%85%D8%B5%D8%B1%D9%8A%D9%87+%D9%87%D8%A7%D9%8A+%D9%83%D9%84%D8%A7%D8%B3+%D8%A8%D8%B7%D9%84+%D8%AA%D8%B9%D8%B1%D8%B6+%D8%AC%D8%B3%D9%85%D9%87%D8%A7+%D9%88+%D8%A8%D8%B2%D8%A7%D8%B2%D9%87%D8%A7+%D8%A7%D9%84%D9%83%D8%A8%D9%8A%D8%B1%D9%87.zip&ip=2a01:4a0:2b::7&md5=rCOYtN2MgTfKvdlcb4YtrA&expires=1703998203
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
144.76.152.243 Sankt Augustin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.243.152.76.144.clients.your-server.de
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
public, must-revalidate
content-disposition
attachment; filename=%D9%86%D9%88%D8%AF%D8%B2+%D9%85%D8%AD%D8%AC%D8%A8%D9%87+%D9%85%D8%B5%D8%B1%D9%8A%D9%87+%D9%87%D8%A7%D9%8A+%D9%83%D9%84%D8%A7%D8%B3+%D8%A8%D8%B7%D9%84+%D8%AA%D8%B9%D8%B1%D8%B6+%D8%AC%D8%B3%D9%85%D9%87%D8%A7+%D9%88+%D8%A8%D8%B2%D8%A7%D8%B2%D9%87%D8%A7+%D8%A7%D9%84%D9%83%D8%A8%D9%8A%D8%B1%D9%87.zip
content-length
2453909
content-transfer-encoding
binary
content-type
application/zip
date
Sat, 30 Dec 2023 16:50:03 GMT
etag
"658fe6dc-257195"
last-modified
Sat, 30 Dec 2023 09:46:04 GMT
pragma
no-cache
server
nginx

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, private
cf-cache-status
DYNAMIC
cf-ray
83dbc79398a8c28c-VIE
content-type
text/html; charset=UTF-8
date
Sat, 30 Dec 2023 16:50:03 GMT
location
https://s4.upfiles.download/2023/12/30/09/iv58VRkj9XGpqun35XO48KXxw92q6CsUjUIpPmRG.zip?name=%D9%86%D9%88%D8%AF%D8%B2+%D9%85%D8%AD%D8%AC%D8%A8%D9%87+%D9%85%D8%B5%D8%B1%D9%8A%D9%87+%D9%87%D8%A7%D9%8A+%D9%83%D9%84%D8%A7%D8%B3+%D8%A8%D8%B7%D9%84+%D8%AA%D8%B9%D8%B1%D8%B6+%D8%AC%D8%B3%D9%85%D9%87%D8%A7+%D9%88+%D8%A8%D8%B2%D8%A7%D8%B2%D9%87%D8%A7+%D8%A7%D9%84%D9%83%D8%A8%D9%8A%D8%B1%D9%87.zip&ip=2a01:4a0:2b::7&md5=rCOYtN2MgTfKvdlcb4YtrA&expires=1703998203
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3MvYhri%2FtxbVftWmdX2pT%2FYUa4L8Af%2F7uTetQqRZdfxGLS7F53TSDVkqjea0NJOYC6duYmvOPtPhXf9nr1%2BgiH4by7sBx%2FIM420L2xcyjvZP9HMKJ8m8JfRZv5BWy2fw1jj39O1b8PRL0iyiv%2FGZ"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Domain/Path Name / Value
upfiles.download/ Name: XSRF-TOKEN
Value: eyJpdiI6IlBSZ1NVUmt0akFmWnVPZzVGSGNuM0E9PSIsInZhbHVlIjoiT1RQNlA0blVCNHYzQUVWcWVaenFTSzRGSVdEcTFyRm1KVzhmUkpUZk56TmlHbkxJSlFUdWRwZUh6aXFURDVNYlBBMFM0WUI4dlRKa0VxZVhjdGM1aFozYkduWnJvUnEvS0s5ckk4MDJCWkdIWVhYTUJlejNnaFFXdGhXQXdyNkciLCJtYWMiOiIwY2U1OTdjZDRmOTM0OGUzZWQ4N2ViNDdlMTAwZmU3MTUyMWM3OWIwNTlkYWE0ODg4MjFjODA5ZGEzOWE4NjM0IiwidGFnIjoiIn0%3D
upfiles.download/ Name: upfiles_session
Value: eyJpdiI6InR2Uks5ZExITndZWmdsc1FSSjR3VEE9PSIsInZhbHVlIjoiaFB4R2FXK3F0anRUVlllRjBHMzlrMVdXMDV3VUM5VGU4WkhlZFJZQmFkTjFnR0JsSDcxdm8yM1FVeU9mcFRQTWRvaXJxNktZOHR6bHgrejFnQjdQK0JIQWJRR2IxUXcxbzZ3YUNyY1kwcEpHbDcrbExOWkdka1Zob3dBVkIvWTYiLCJtYWMiOiI4NTI2OWQyNDA3Y2ZiNWYzOTI1NTA1MjlhZmZmMTVjYjRkYzM3NTUwMGZjZjQ5ZWJkNjBjZjdmMjQ4MWFiMTYzIiwidGFnIjoiIn0%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

s4.upfiles.download
upfiles.download
144.76.152.243
2606:4700:3038::6815:eba9