weetransfeer.com
Open in
urlscan Pro
172.96.186.145
Malicious Activity!
Public Scan
Submission: On July 16 via manual from IL
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on July 8th 2019. Valid for: 3 months.
This is the only time weetransfeer.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WeTransfer (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
18 | 172.96.186.145 172.96.186.145 | 32475 (SINGLEHOP...) (SINGLEHOP-LLC - SingleHop LLC) | |
1 | 54.230.202.73 54.230.202.73 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
19 | 2 |
ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US)
PTR: 172.96.186.145-static.reverse.arandomserver.com
weetransfeer.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-202-73.fra50.r.cloudfront.net
backgrounds.wetransfer.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
weetransfeer.com
weetransfeer.com |
326 KB |
1 |
wetransfer.net
backgrounds.wetransfer.net |
15 KB |
19 | 2 |
Domain | Requested by | |
---|---|---|
18 | weetransfeer.com |
weetransfeer.com
|
1 | backgrounds.wetransfer.net |
weetransfeer.com
|
19 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
weetransfeer.com Let's Encrypt Authority X3 |
2019-07-08 - 2019-10-06 |
3 months | crt.sh |
wetransfer.net Amazon |
2018-08-28 - 2019-09-28 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://weetransfeer.com/?q=
Frame ID: 4BCD51062835783CE2B9BF0395408503
Requests: 10 HTTP requests in this frame
Frame:
https://weetransfeer.com/resources/a.htm
Frame ID: 29035A650C486C7128D9D64711E1BBC0
Requests: 2 HTTP requests in this frame
Frame:
https://weetransfeer.com/resources/a_data/index.htm
Frame ID: 1634F86F1D7226DFFCEF3798D8BE2B96
Requests: 7 HTTP requests in this frame
Screenshot
Detected technologies
LiteSpeed (Web Servers) ExpandDetected patterns
- headers server /^LiteSpeed$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
weetransfeer.com/ |
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
weetransfeer.com/resources/ |
391 KB 45 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js
weetransfeer.com/resources/ |
85 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
weetransfeer.com/resources/ |
1 KB 442 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a.htm
weetransfeer.com/resources/ Frame 2903 |
893 B 422 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FaktProWeb-Normal-8468a6ca1e0907b839ebc6e8899b4dd39b386b7cfa33743da1ffb30a68c924f6.woff
weetransfeer.com/assets/faktpro/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FreightSans-Pro-Medium-b238d791af67274dc5ab77119ae5df014e05523afe3ce1e7074dc22241668bd4.woff
weetransfeer.com/assets/freightsans/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FaktProWeb-Medium-fd3bbe8c665638bbd898d20dbf232f1bac9d2b11c31eefc006370f43ee8f1994.woff
weetransfeer.com/assets/faktpro/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ri.gif
weetransfeer.com/resources/a_data/ Frame 2903 |
43 B 137 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.htm
weetransfeer.com/resources/a_data/ Frame 1634 |
18 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FaktCyrWeb-Normal-0038c5aa5c3243bb2995139e9aeb9519f62f098d0e0f7fab6c8b655a292d857d.woff
weetransfeer.com/assets/faktpro/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wallpaper-toolbox-2.css
weetransfeer.com/resources/a_data/index_data/ Frame 1634 |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paste.png
weetransfeer.com/resources/a_data/index_data/ Frame 1634 |
171 KB 171 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.svg
weetransfeer.com/resources/a_data/index_data/ Frame 1634 |
6 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wallpaper-api-2.js
weetransfeer.com/resources/a_data/index_data/ Frame 1634 |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wallpaper-toolbox-2.js
weetransfeer.com/resources/a_data/index_data/ Frame 1634 |
222 KB 65 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FaktGrkWeb-Normal-9e5daf8f10b7da71bbd3309ebb7c95657cf2e585986d1512700d1c1bec005507.woff
weetransfeer.com/assets/faktpro/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FaktGrkWeb-Medium-8eb863415ca103c7f90b369e54e6be4786c90c30a06ce32f3dca803206bf74dd.woff
weetransfeer.com/assets/faktpro/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1px.png
backgrounds.wetransfer.net/53/1811/paste_wp2_make_v3/assets/images/ Frame 1634 |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WeTransfer (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
backgrounds.wetransfer.net
weetransfeer.com
172.96.186.145
54.230.202.73
1fd7ade374faaf1e5ab4a1b13e97e476bd0167d1c25ca0e198bed49d2e53928a
2357b0e11223f3968f52b17b666be061affffdeb141522b698b7353f7e63a92d
2c5968a107e4fdbb9a3ae3d67c10780c8a644e8d4d1e73dacc32ec78b5712038
3475c0f6ac3099b489771a17e1c9e4fb455f264dcccc78e0e83356534a3010f8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f0e2ab7c96d41a23fc8224241baebc72bf8a96fce83b3e992d83187fb0d8e22
5f9a997a3a1a8d3b876a2270c620a65c1ef645a641302306009f678d595686f6
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8b6e0324622d592afe7c8f0fe7dd460b2b552071d509d95e3864f81cf061218a
aabeb0f86914c5fad8082257102e7eae8d3b73609632d5599b853ea96f2b6bc0
c0131cf00ff7d3df50d43df3e1ce38ad6c128d1ccf4fd7854d8cac20d30c52df
df3be4871c67d370d0ed397e5154b457c900e7c871ad044f93ff9e3132c2e976
e71c3d2662302e03c641d793b4d3f132b4f4d92b0f4e9bd2444d16c63c92d3df