wetrans-fer-file-download-827256728934.glitch.me

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 18.233.249.151, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is wetrans-fer-file-download-827256728934.glitch.me.
TLS certificate: Issued by Amazon on February 1st 2022. Valid for: a year.

This is the only time wetrans-fer-file-download-827256728934.glitch.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	18.233.249.151 18.233.249.151	14618 (AMAZON-AES) (AMAZON-AES)
5	146.75.116.193 146.75.116.193	54113 (FASTLY) (FASTLY)
6	2

1 18.233.249.151 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-233-249-151.compute-1.amazonaws.com

wetrans-fer-file-download-827256728934.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 146.75.116.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	imgur.com i.imgur.com — Cisco Umbrella Rank: 5824	273 KB
1	glitch.me wetrans-fer-file-download-827256728934.glitch.me	4 KB
6	2

	Domain	Requested by
5	i.imgur.com	wetrans-fer-file-download-827256728934.glitch.me
1	wetrans-fer-file-download-827256728934.glitch.me
6	2

This site contains no links.

Subject Issuer	Validity	Valid
glitch.com Amazon	`2022-02-01` - `2023-03-02`	a year	crt.sh
*.imgur.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-03-16`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://wetrans-fer-file-download-827256728934.glitch.me/
Frame ID: CDB7BDC7AC35F86B33BD715B10365842
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign In

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

276 kB
Transfer

275 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
wetrans-fer-file-download-827256728934.glitch.me/ 3 KB
4 KB 374ms
150ms Document
text/html 18.233.249.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://wetrans-fer-file-download-827256728934.glitch.me/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.233.249.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-233-249-151.compute-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 0864c5a036fe467e0d15bae0674fbcc6eecfabe65bca3c856e20458c4f04ae1e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: no-cache
content-length: 3247
content-type: text/html; charset=utf-8
date: Mon, 21 Nov 2022 14:40:22 GMT
etag: "328190c63f1b29e7e76dac80edd8f7cd"
last-modified: Tue, 25 Oct 2022 10:47:40 GMT
server: AmazonS3
x-amz-id-2: UfyBnBItkUH9IRjWv6/nka8K+zv+tkucu2MlI/sxyjK590HwiX3HIAn8oUUMBdod02W0UbHX8VoFHaFJi/w+aw==
x-amz-request-id: TKC1S7X9NVM5HCZA
x-amz-version-id: 6UVrJJ4Otffa0uDaTSAISWDnbtvDSp2J

GET
H2 200 emLXu5e.png
i.imgur.com/ 2 KB
2 KB 95ms
49ms Image
image/png 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/emLXu5e.png

Requested by

Host: wetrans-fer-file-download-827256728934.glitch.me
URL: https://wetrans-fer-file-download-827256728934.glitch.me/

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

0a969f6e40cc57cc2f096e16266ded0e5ea377dc08e59c643539c0eb468cb4f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wetrans-fer-file-download-827256728934.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 14:40:22 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
age: 2186498
x-cache: HIT, HIT
content-length: 2297
x-served-by: cache-iad-kjyo7100042-IAD, cache-fra-eddf8230126-FRA
last-modified: Wed, 07 Jul 2021 22:38:28 GMT
server: cat factory 1.0
x-timer: S1669041623.685903,VS0,VE2
etag: "6fedc1372e26f338c7d4138547562785"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 104, 1

GET
H2 200 qt1uqwc.png
i.imgur.com/ 3 KB
3 KB 64ms
19ms Image
image/png 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/qt1uqwc.png

Requested by

Host: wetrans-fer-file-download-827256728934.glitch.me
URL: https://wetrans-fer-file-download-827256728934.glitch.me/

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

a3428d1ea72c846206745ee4433b9a4fb2bb7deacf88aac8f82a820221ef0d32

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wetrans-fer-file-download-827256728934.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 14:40:22 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
age: 1241782
x-cache: HIT, HIT
content-length: 3009
x-served-by: cache-iad-kiad7000176-IAD, cache-fra-eddf8230126-FRA
last-modified: Wed, 07 Jul 2021 22:38:45 GMT
server: cat factory 1.0
x-timer: S1669041623.685404,VS0,VE1
etag: "5ee87f0ab195cb7e81f340a25542c1c1"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 19, 1

GET
H2 200 t28ql47.png
i.imgur.com/ 14 KB
15 KB 42ms
17ms Image
image/png 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/t28ql47.png

Requested by

Host: wetrans-fer-file-download-827256728934.glitch.me
URL: https://wetrans-fer-file-download-827256728934.glitch.me/

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

93ca524939f7ba16439d567c17323c4e56a20c03574aacb3b867a1e3b7bd13cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wetrans-fer-file-download-827256728934.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 14:40:22 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
age: 3570512
x-cache: HIT, HIT
content-length: 14818
x-served-by: cache-iad-kiad7000173-IAD, cache-fra-eddf8230126-FRA
last-modified: Tue, 06 Jul 2021 21:05:47 GMT
server: cat factory 1.0
x-timer: S1669041623.685368,VS0,VE1
etag: "555aa1d9dd5563cddd08112626764939"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 288, 1

GET
H2 200 yIEJlXx.png
i.imgur.com/ 38 KB
38 KB 74ms
50ms Image
image/png 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/yIEJlXx.png

Requested by

Host: wetrans-fer-file-download-827256728934.glitch.me
URL: https://wetrans-fer-file-download-827256728934.glitch.me/

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

88d91fd8fc3d9dde61d245cf1ab2e4f02416eadecf9632c4f19dce198397ab1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wetrans-fer-file-download-827256728934.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 14:40:22 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
age: 2364001
x-cache: HIT, HIT
content-length: 38516
x-served-by: cache-iad-kjyo7100146-IAD, cache-fra-eddf8230126-FRA
last-modified: Tue, 06 Jul 2021 21:32:42 GMT
server: cat factory 1.0
x-timer: S1669041623.685370,VS0,VE2
etag: "9aee693f7258fa151f3ae648b0003435"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 57, 1

GET
H2 200 1BMblqo.png
i.imgur.com/ 214 KB
215 KB 43ms
19ms Image
image/png 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/1BMblqo.png

Requested by

Host: wetrans-fer-file-download-827256728934.glitch.me
URL: https://wetrans-fer-file-download-827256728934.glitch.me/

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

fa0f336ad47d6e51a26e4e849503cf4952f84c89a70b31fa0db0f9eb73028260

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wetrans-fer-file-download-827256728934.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 14:40:22 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
age: 2873691
x-cache: HIT, HIT
x-amz-storage-class: STANDARD_IA
content-length: 219383
x-served-by: cache-iad-kjyo7100047-IAD, cache-fra-eddf8230126-FRA
last-modified: Wed, 07 Jul 2021 22:40:18 GMT
server: cat factory 1.0
x-timer: S1669041623.685422,VS0,VE2
etag: "88645d9f0ccecc3a1d5c75e022ef898c"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 104, 1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| modal

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

i.imgur.com
wetrans-fer-file-download-827256728934.glitch.me
146.75.116.193
18.233.249.151
0864c5a036fe467e0d15bae0674fbcc6eecfabe65bca3c856e20458c4f04ae1e
0a969f6e40cc57cc2f096e16266ded0e5ea377dc08e59c643539c0eb468cb4f2
88d91fd8fc3d9dde61d245cf1ab2e4f02416eadecf9632c4f19dce198397ab1a
93ca524939f7ba16439d567c17323c4e56a20c03574aacb3b867a1e3b7bd13cb
a3428d1ea72c846206745ee4433b9a4fb2bb7deacf88aac8f82a820221ef0d32
fa0f336ad47d6e51a26e4e849503cf4952f84c89a70b31fa0db0f9eb73028260

wetrans-fer-file-download-827256728934.glitch.me Open in urlscan Pro 18.233.249.151 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

276 kBTransfer

275 kBSize

0 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

wetrans-fer-file-download-827256728934.glitch.me Open in urlscan Pro
18.233.249.151 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

276 kB
Transfer

275 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!