wetrans-fer-file-download-827256728934.glitch.me
Open in
urlscan Pro
18.233.249.151
Malicious Activity!
Public Scan
Submission: On November 21 via manual from PK — Scanned from DE
Summary
TLS certificate: Issued by Amazon on February 1st 2022. Valid for: a year.
This is the only time wetrans-fer-file-download-827256728934.glitch.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WeTransfer (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 18.233.249.151 18.233.249.151 | 14618 (AMAZON-AES) (AMAZON-AES) | |
5 | 146.75.116.193 146.75.116.193 | 54113 (FASTLY) (FASTLY) | |
6 | 2 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-18-233-249-151.compute-1.amazonaws.com
wetrans-fer-file-download-827256728934.glitch.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
imgur.com
i.imgur.com — Cisco Umbrella Rank: 5824 |
273 KB |
1 |
glitch.me
wetrans-fer-file-download-827256728934.glitch.me |
4 KB |
6 | 2 |
Domain | Requested by | |
---|---|---|
5 | i.imgur.com |
wetrans-fer-file-download-827256728934.glitch.me
|
1 | wetrans-fer-file-download-827256728934.glitch.me | |
6 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
glitch.com Amazon |
2022-02-01 - 2023-03-02 |
a year | crt.sh |
*.imgur.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-03-08 - 2023-03-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://wetrans-fer-file-download-827256728934.glitch.me/
Frame ID: CDB7BDC7AC35F86B33BD715B10365842
Requests: 6 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
wetrans-fer-file-download-827256728934.glitch.me/ |
3 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
emLXu5e.png
i.imgur.com/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qt1uqwc.png
i.imgur.com/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t28ql47.png
i.imgur.com/ |
14 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yIEJlXx.png
i.imgur.com/ |
38 KB 38 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1BMblqo.png
i.imgur.com/ |
214 KB 215 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WeTransfer (Online)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| modal0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
i.imgur.com
wetrans-fer-file-download-827256728934.glitch.me
146.75.116.193
18.233.249.151
0864c5a036fe467e0d15bae0674fbcc6eecfabe65bca3c856e20458c4f04ae1e
0a969f6e40cc57cc2f096e16266ded0e5ea377dc08e59c643539c0eb468cb4f2
88d91fd8fc3d9dde61d245cf1ab2e4f02416eadecf9632c4f19dce198397ab1a
93ca524939f7ba16439d567c17323c4e56a20c03574aacb3b867a1e3b7bd13cb
a3428d1ea72c846206745ee4433b9a4fb2bb7deacf88aac8f82a820221ef0d32
fa0f336ad47d6e51a26e4e849503cf4952f84c89a70b31fa0db0f9eb73028260