urlscan.io logo urlscan.io
SecurityTrails logo

us.justtoo.net Open in urlscan Pro
2a00:1d26:8771::11  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://p.asecv.xyz/go/17132/363424/ahr0ccuzqs8vd3d3lnj1bxbvcm4uy29tl3n0yxrpyy5zahrtbcuzrmnvbnrlbnqlm0qxmdgynjcw
Effective URL: https://us.justtoo.net/nty/postback/click?key=v2-1706660180973-4-8855-1267435-ad18d48f-bb8a-3512-aeff-2451bad04e8d
Submission: On January 31 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 5 domains to perform 3 HTTP transactions. The main IP is 2a00:1d26:8771::11, located in Atlanta, United States and belongs to I3DNET, NL. The main domain is us.justtoo.net. The Cisco Umbrella rank of the primary domain is 153730.
TLS certificate: Issued by R3 on December 29th 2023. Valid for: 3 months.
This is the only time us.justtoo.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

AppFile_v1.1.exe 3 MB application/x-dosexec
MIME: PE32+ executable (GUI) x86-64, for MS Windows
Size: 3 MB (2877456 bytes, 100% done)
Downloaded from: https://ucfe82f2a26eb8cb91b493492e9d.dl.dropboxusercontent.com/cd/0/get/CMVFUfrrpsNL9tMClwm9o2-3YkRWGc93IYeza_Fr497yMEWPr2XXOiDEO8UYiuDgRdiyW4EyOCCwlTaY9e9-NEzjOz47CMcpGl35vIEpXOeOKFDYxUj2dxe_ToRPxviuNttmTL30FSje6Pa2cy-cX2Tj/file?dl=1#

Domain & IP information

IP Address AS Autonomous System
1 2 54.209.23.43 14618 (AMAZON-AES)
1 2 2a00:1d26:877... 49544 (I3DNET)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2620:100:6019... 19679 (DROPBOX)
1 2620:100:6019... 19679 (DROPBOX)
3 3
2    54.209.23.43 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-209-23-43.compute-1.amazonaws.com
p.asecv.xyz
2    2a00:1d26:8771::11 (Atlanta, United States)

ASN49544 (I3DNET, NL)
us.justtoo.net
1    2606:4700:3037::6815:447 (United States)

ASN13335 (CLOUDFLARENET, US)
gameplays.shop
1    2620:100:6019:18::a27d:412 (United States)

ASN19679 (DROPBOX, US)
www.dropbox.com
1    2620:100:6019:15::a27d:40f (United States)

ASN19679 (DROPBOX, US)
ucfe82f2a26eb8cb91b493492e9d.dl.dropboxusercontent.com
Apex Domain
Subdomains		 Transfer
2 justtoo.net
us.justtoo.net — Cisco Umbrella Rank: 153730
1 KB
2 asecv.xyz
p.asecv.xyz
796 B
1 dropboxusercontent.com
ucfe82f2a26eb8cb91b493492e9d.dl.dropboxusercontent.com
1 dropbox.com
www.dropbox.com — Cisco Umbrella Rank: 2717
977 B
1 gameplays.shop
gameplays.shop
841 B
3 5
Domain Requested by
2 us.justtoo.net 1 redirects p.asecv.xyz
2 p.asecv.xyz 1 redirects
1 ucfe82f2a26eb8cb91b493492e9d.dl.dropboxusercontent.com
1 www.dropbox.com 1 redirects
1 gameplays.shop 1 redirects
3 5

This site contains no links.

Subject Issuer Validity Valid
*.justtoo.net
R3		 2023-12-29 -
2024-03-28		 3 months crt.sh
dl.dropbox.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-14 -
2024-03-16		 a year crt.sh

This page contains 1 frames:

Frame: https://ucfe82f2a26eb8cb91b493492e9d.dl.dropboxusercontent.com/cd/0/get/CMVFUfrrpsNL9tMClwm9o2-3YkRWGc93IYeza_Fr497yMEWPr2XXOiDEO8UYiuDgRdiyW4EyOCCwlTaY9e9-NEzjOz47CMcpGl35vIEpXOeOKFDYxUj2dxe_ToRPxviuNttmTL30FSje6Pa2cy-cX2Tj/file?dl=1
Frame ID: 87506F5EAE0630372C71C0DD8E1247AC
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://p.asecv.xyz/go/17132/363424/ahr0ccuzqs8vd3d3lnj1bxbvcm4uy29tl3n0yxrpyy5zahrtbcuzrmnvbnrl... Page URL
  2. http://p.asecv.xyz/ad/ad?p=17132&w=363424&t=69ff71da2a6151f6&r=ahr0ccuzqs8vd3d3lnj1bxbvcm4uy29t... HTTP 303
    https://us.justtoo.net/nty/postback/click?key=v2-1706660180973-4-8855-1267435-ad18d48f-bb8a-3512-ae... Page URL

Page Statistics

3
Requests

67 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

3
IPs

1
Countries

1 kB
Transfer

3 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://p.asecv.xyz/go/17132/363424/ahr0ccuzqs8vd3d3lnj1bxbvcm4uy29tl3n0yxrpyy5zahrtbcuzrmnvbnrlbnqlm0qxmdgynjcw Page URL
  2. http://p.asecv.xyz/ad/ad?p=17132&w=363424&t=69ff71da2a6151f6&r=ahr0ccuzqs8vd3d3lnj1bxbvcm4uy29tl3n0yxrpyy5zahrtbcuzrmnvbnrlbnqlm0qxmdgynjcw&vw=1600&vh=1200 HTTP 303
    https://us.justtoo.net/nty/postback/click?key=v2-1706660180973-4-8855-1267435-ad18d48f-bb8a-3512-aeff-2451bad04e8d Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://us.justtoo.net/nty/postback/click?key=v2-1706660180973-4-8855-1267435-ad18d48f-bb8a-3512-aeff-2451bad04e8d&token=c4654a9d4065064365b99dd3bf2ff7a9&timezone=600&iframe_test=false&webdriver_test=false HTTP 302
  • https://gameplays.shop/ HTTP 302
  • https://www.dropbox.com/scl/fi/f9p4ke2umj2z3ov8ji13b/AppFile_v1.1.exe?rlkey=xqmbn7b7asj9agojdxx9xfz3b&dl=1 HTTP 302
  • https://ucfe82f2a26eb8cb91b493492e9d.dl.dropboxusercontent.com/cd/0/get/CMVFUfrrpsNL9tMClwm9o2-3YkRWGc93IYeza_Fr497yMEWPr2XXOiDEO8UYiuDgRdiyW4EyOCCwlTaY9e9-NEzjOz47CMcpGl35vIEpXOeOKFDYxUj2dxe_ToRPxviuNttmTL30FSje6Pa2cy-cX2Tj/file?dl=1

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
ahr0ccuzqs8vd3d3lnj1bxbvcm4uy29tl3n0yxrpyy5zahrtbcuzrmnvbnrlbnqlm0qxmdgynjcw
p.asecv.xyz/go/17132/363424/ 		501 B
540 B 		Document
General
Check archive.org
Download Go to
Full URL
http://p.asecv.xyz/go/17132/363424/ahr0ccuzqs8vd3d3lnj1bxbvcm4uy29tl3n0yxrpyy5zahrtbcuzrmnvbnrlbnqlm0qxmdgynjcw
Protocol
HTTP/1.1
Server
54.209.23.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-209-23-43.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Wed, 31 Jan 2024 00:16:20 GMT
Server
nginx
Vary
Accept-Encoding
transfer-encoding
chunked
Primary Request click
us.justtoo.net/nty/postback/
Redirect Chain
  • http://p.asecv.xyz/ad/ad?p=17132&w=363424&t=69ff71da2a6151f6&r=ahr0ccuzqs8vd3d3lnj1bxbvcm4uy29tl3n0yxrpyy5zahrtbcuzrmnvbnrlbnqlm0qxmdgynjcw&vw=1600&vh=1200
  • https://us.justtoo.net/nty/postback/click?key=v2-1706660180973-4-8855-1267435-ad18d48f-bb8a-3512-aeff-2451bad04e8d
2 KB
939 B 		Document
General
Check archive.org
Download Go to
Full URL
https://us.justtoo.net/nty/postback/click?key=v2-1706660180973-4-8855-1267435-ad18d48f-bb8a-3512-aeff-2451bad04e8d
Requested by
Host: p.asecv.xyz
URL: http://p.asecv.xyz/go/17132/363424/ahr0ccuzqs8vd3d3lnj1bxbvcm4uy29tl3n0yxrpyy5zahrtbcuzrmnvbnrlbnqlm0qxmdgynjcw
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:1d26:8771::11 Atlanta, United States, ASN49544 (I3DNET, NL),
Reverse DNS
Software
openresty/1.21.4.1 /
Resource Hash
830d77f7f919ba16f4055e2f77a7c6b170dee7a6962440163d94d2d0632a61c2

Request headers

Referer
http://p.asecv.xyz/go/17132/363424/ahr0ccuzqs8vd3d3lnj1bxbvcm4uy29tl3n0yxrpyy5zahrtbcuzrmnvbnrlbnqlm0qxmdgynjcw
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 31 Jan 2024 00:16:21 GMT
server
openresty/1.21.4.1

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Wed, 31 Jan 2024 00:16:20 GMT
Location
https://us.justtoo.net/nty/postback/click?key=v2-1706660180973-4-8855-1267435-ad18d48f-bb8a-3512-aeff-2451bad04e8d#pc274145
Server
nginx
file
ucfe82f2a26eb8cb91b493492e9d.dl.dropboxusercontent.com/cd/0/get/CMVFUfrrpsNL9tMClwm9o2-3YkRWGc93IYeza_Fr497yMEWPr2XXOiDEO8UYiuDgRdiyW4EyOCCwlTaY9e9-NEzjOz47CMcpGl35vIEpXOeOKFDYxUj2dxe_ToRPxviuNttmT...
Redirect Chain
  • https://us.justtoo.net/nty/postback/click?key=v2-1706660180973-4-8855-1267435-ad18d48f-bb8a-3512-aeff-2451bad04e8d&token=c4654a9d4065064365b99dd3bf2ff7a9&timezone=600&iframe_test=false&webdriver_te...
  • https://gameplays.shop/
  • https://www.dropbox.com/scl/fi/f9p4ke2umj2z3ov8ji13b/AppFile_v1.1.exe?rlkey=xqmbn7b7asj9agojdxx9xfz3b&dl=1
  • https://ucfe82f2a26eb8cb91b493492e9d.dl.dropboxusercontent.com/cd/0/get/CMVFUfrrpsNL9tMClwm9o2-3YkRWGc93IYeza_Fr497yMEWPr2XXOiDEO8UYiuDgRdiyW4EyOCCwlTaY9e9-NEzjOz47CMcpGl35vIEpXOeOKFDYxUj2dxe_ToRPx...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ucfe82f2a26eb8cb91b493492e9d.dl.dropboxusercontent.com/cd/0/get/CMVFUfrrpsNL9tMClwm9o2-3YkRWGc93IYeza_Fr497yMEWPr2XXOiDEO8UYiuDgRdiyW4EyOCCwlTaY9e9-NEzjOz47CMcpGl35vIEpXOeOKFDYxUj2dxe_ToRPxviuNttmTL30FSje6Pa2cy-cX2Tj/file?dl=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:100:6019:15::a27d:40f , United States, ASN19679 (DROPBOX, US),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Content-Security-Policy sandbox
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy sandbox
X-Content-Type-Options nosniff

Request headers

Referer
https://us.justtoo.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-encoding
identity,gzip
accept-ranges
bytes
cache-control
max-age=60
content-disposition
attachment; filename="AppFile_v1.1.exe"; filename*=UTF-8''AppFile_v1.1.exe
content-length
2877456
content-security-policy
sandbox
content-type
application/binary
date
Wed, 31 Jan 2024 00:16:24 GMT
etag
1705711190381278d
pragma
public
referrer-policy
no-referrer
server
envoy
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Origin
x-content-security-policy
sandbox
x-content-type-options
nosniff
x-dropbox-request-id
5ce9f16ce6ea424b86e9c67d53729d76
x-dropbox-response-origin
far_remote
x-robots-tag
noindex, nofollow, noimageindex
x-server-response-time
253
x-webkit-csp
sandbox

Redirect headers

cache-control
no-cache, no-store
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 31 Jan 2024 00:16:24 GMT
location
https://ucfe82f2a26eb8cb91b493492e9d.dl.dropboxusercontent.com/cd/0/get/CMVFUfrrpsNL9tMClwm9o2-3YkRWGc93IYeza_Fr497yMEWPr2XXOiDEO8UYiuDgRdiyW4EyOCCwlTaY9e9-NEzjOz47CMcpGl35vIEpXOeOKFDYxUj2dxe_ToRPxviuNttmTL30FSje6Pa2cy-cX2Tj/file?dl=1#
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
envoy
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-dropbox-request-id
978d2b95706b436483e9718d3d0c06c7
x-dropbox-response-origin
far_remote
x-permitted-cross-domain-policies
none
x-robots-tag
noindex, nofollow, noimageindex
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| detectIframe function| detectWebDriver function| navigateToUrl function| navigateToUrlViaSubmit

11 Cookies

Domain/Path Name / Value
us.justtoo.net/nty/postback Name: platform_user_id
Value: desktop:f92f7c500bf316320f6d0dca05d25190
us.justtoo.net/nty/postback Name: platform_user_id_3rd_party
Value: desktop:f92f7c500bf316320f6d0dca05d25190
us.justtoo.net/nty/postback Name: platform_user_id_from_ssp
Value: platform:5dc3bef0da9a5c5195fbaad2d8ef9f7e
us.justtoo.net/nty/postback Name: platform_user_id_from_ssp_3rd_party
Value: platform:5dc3bef0da9a5c5195fbaad2d8ef9f7e
gameplays.shop/ Name: _subid
Value: 10to3g65n5fl
gameplays.shop/ Name: d1fb8
Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjIwMFwiOjE3MDY2NjAxODN9LFwiY2FtcGFpZ25zXCI6e1wiODVcIjoxNzA2NjYwMTgzfSxcInRpbWVcIjoxNzA2NjYwMTgzfSJ9.gSgXzPNE4twkRrUb5QqA3hcAchuDxZqLwoeKWXdvnEc
www.dropbox.com/ Name: gvc
Value: MzA3NDQ1NDA1MzE0MDExNTk0MjcyNzE4MjcxNDc3NDQ4MDUzNTk1
.dropbox.com/ Name: t
Value: qaasw1JViiXA0bn7JEYm9kYK
www.dropbox.com/ Name: __Host-js_csrf
Value: qaasw1JViiXA0bn7JEYm9kYK
www.dropbox.com/ Name: __Host-ss
Value: U9987pLsUg
.dropbox.com/ Name: locale
Value: en

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

gameplays.shop
p.asecv.xyz
ucfe82f2a26eb8cb91b493492e9d.dl.dropboxusercontent.com
us.justtoo.net
www.dropbox.com
2606:4700:3037::6815:447
2620:100:6019:15::a27d:40f
2620:100:6019:18::a27d:412
2a00:1d26:8771::11
54.209.23.43
830d77f7f919ba16f4055e2f77a7c6b170dee7a6962440163d94d2d0632a61c2