weetransfeer.com Open in urlscan Pro
172.96.186.145 Malicious Activity! Public Scan

URL:
https://weetransfeer.com/?q=
Submission: On July 16 via manual (July 16th 2019, 12:25:35 pm UTC) from IL

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 19 HTTP transactions. The main IP is 172.96.186.145, located in Fergus, Canada and belongs to SINGLEHOP-LLC - SingleHop LLC, US. The main domain is weetransfeer.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 8th 2019. Valid for: 3 months.

This is the only time weetransfeer.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address	AS Autonomous System
18	172.96.186.145 172.96.186.145	32475 (SINGLEHOP...) (SINGLEHOP-LLC - SingleHop LLC)
1	54.230.202.73 54.230.202.73	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
19	2

18 172.96.186.145 (Fergus, Canada)

ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US)
PTR: 172.96.186.145-static.reverse.arandomserver.com

weetransfeer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.202.73 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-202-73.fra50.r.cloudfront.net

backgrounds.wetransfer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	weetransfeer.com weetransfeer.com	326 KB
1	wetransfer.net backgrounds.wetransfer.net	15 KB
19	2

	Domain	Requested by
18	weetransfeer.com	weetransfeer.com
1	backgrounds.wetransfer.net	weetransfeer.com
19	2

This site contains no links.

Subject Issuer	Validity	Valid
weetransfeer.com Let's Encrypt Authority X3	`2019-07-08` - `2019-10-06`	3 months	crt.sh
wetransfer.net Amazon	`2018-08-28` - `2019-09-28`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://weetransfeer.com/?q=
Frame ID: 4BCD51062835783CE2B9BF0395408503
Requests: 10 HTTP requests in this frame

Frame: https://weetransfeer.com/resources/a.htm
Frame ID: 29035A650C486C7128D9D64711E1BBC0
Requests: 2 HTTP requests in this frame

Frame: https://weetransfeer.com/resources/a_data/index.htm
Frame ID: 1634F86F1D7226DFFCEF3798D8BE2B96
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

341 kB
Transfer

933 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response weetransfeer.com/	10 KB 3 KB	7739ms 200ms	Document text/html	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://weetransfeer.com/?q= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / PHP/7.1.30 Resource Hash `5f9a997a3a1a8d3b876a2270c620a65c1ef645a641302306009f678d595686f6` Request headers :method GET :authority weetransfeer.com :scheme https :path /?q= pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 x-powered-by PHP/7.1.30 content-type text/html; charset=UTF-8 content-encoding br vary Accept-Encoding date Tue, 16 Jul 2019 12:25:19 GMT server LiteSpeed alt-svc quic=":443"; ma=2592000; v="35,39,43,44"
GET H2	200	style.css weetransfeer.com/resources/	391 KB 45 KB	98ms 97ms	Stylesheet text/css	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://weetransfeer.com/resources/style.css Requested by Host: weetransfeer.com URL: https://weetransfeer.com/?q= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `4f0e2ab7c96d41a23fc8224241baebc72bf8a96fce83b3e992d83187fb0d8e22` Request headers Referer https://weetransfeer.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 16 Jul 2019 12:25:19 GMT content-encoding br last-modified Sun, 07 Jul 2019 20:55:57 GMT server LiteSpeed vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="35,39,43,44" content-length 46128 expires Tue, 23 Jul 2019 12:25:19 GMT
GET H2	200	jquery-3.2.1.min.js Show response weetransfeer.com/resources/	85 KB 29 KB	293ms 292ms	Script application/javascript	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://weetransfeer.com/resources/jquery-3.2.1.min.js Requested by Host: weetransfeer.com URL: https://weetransfeer.com/?q= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de` Request headers Referer https://weetransfeer.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 16 Jul 2019 12:25:19 GMT content-encoding br last-modified Sun, 07 Jul 2019 20:55:50 GMT server LiteSpeed vary Accept-Encoding content-type application/javascript status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="35,39,43,44" content-length 29530 expires Tue, 23 Jul 2019 12:25:19 GMT
GET H2	200	main.js Show response weetransfeer.com/resources/	1 KB 442 B	296ms 296ms	Script application/javascript	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://weetransfeer.com/resources/main.js Requested by Host: weetransfeer.com URL: https://weetransfeer.com/?q= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `e71c3d2662302e03c641d793b4d3f132b4f4d92b0f4e9bd2444d16c63c92d3df` Request headers Referer https://weetransfeer.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 16 Jul 2019 12:25:20 GMT content-encoding br last-modified Sun, 07 Jul 2019 20:55:50 GMT server LiteSpeed vary Accept-Encoding content-type application/javascript status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="35,39,43,44" content-length 400 expires Tue, 23 Jul 2019 12:25:19 GMT
GET H2	200	a.htm Show response weetransfeer.com/resources/ Frame 2903	893 B 422 B	292ms 292ms	Document text/html	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://weetransfeer.com/resources/a.htm Requested by Host: weetransfeer.com URL: https://weetransfeer.com/?q= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `df3be4871c67d370d0ed397e5154b457c900e7c871ad044f93ff9e3132c2e976` Request headers :method GET :authority weetransfeer.com :scheme https :path /resources/a.htm pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 referer https://weetransfeer.com/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://weetransfeer.com/ Response headers status 200 last-modified Sun, 07 Jul 2019 20:55:36 GMT content-type text/html content-length 326 accept-ranges bytes content-encoding br vary Accept-Encoding date Tue, 16 Jul 2019 12:25:20 GMT server LiteSpeed alt-svc quic=":443"; ma=2592000; v="35,39,43,44"
GET H2	404	FaktProWeb-Normal-8468a6ca1e0907b839ebc6e8899b4dd39b386b7cfa33743da1ffb30a68c924f6.woff weetransfeer.com/assets/faktpro/	0 0	98ms 97ms	Font text/html	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://weetransfeer.com/assets/faktpro/FaktProWeb-Normal-8468a6ca1e0907b839ebc6e8899b4dd39b386b7cfa33743da1ffb30a68c924f6.woff Requested by Host: weetransfeer.com URL: https://weetransfeer.com/?q= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://weetransfeer.com/resources/style.css Origin https://weetransfeer.com Response headers pragma no-cache date Tue, 16 Jul 2019 12:25:20 GMT server LiteSpeed content-type text/html status 404 cache-control private, no-cache, no-store, must-revalidate, max-age=0 alt-svc quic=":443"; ma=2592000; v="35,39,43,44" content-length 618
GET H2	404	FreightSans-Pro-Medium-b238d791af67274dc5ab77119ae5df014e05523afe3ce1e7074dc22241668bd4.woff weetransfeer.com/assets/freightsans/	0 0	98ms 97ms	Font text/html	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://weetransfeer.com/assets/freightsans/FreightSans-Pro-Medium-b238d791af67274dc5ab77119ae5df014e05523afe3ce1e7074dc22241668bd4.woff Requested by Host: weetransfeer.com URL: https://weetransfeer.com/?q= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://weetransfeer.com/resources/style.css Origin https://weetransfeer.com Response headers pragma no-cache date Tue, 16 Jul 2019 12:25:20 GMT server LiteSpeed content-type text/html status 404 cache-control private, no-cache, no-store, must-revalidate, max-age=0 alt-svc quic=":443"; ma=2592000; v="35,39,43,44" content-length 618
GET H2	404	FaktProWeb-Medium-fd3bbe8c665638bbd898d20dbf232f1bac9d2b11c31eefc006370f43ee8f1994.woff weetransfeer.com/assets/faktpro/	0 0	99ms 99ms	Font text/html	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://weetransfeer.com/assets/faktpro/FaktProWeb-Medium-fd3bbe8c665638bbd898d20dbf232f1bac9d2b11c31eefc006370f43ee8f1994.woff Requested by Host: weetransfeer.com URL: https://weetransfeer.com/?q= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://weetransfeer.com/resources/style.css Origin https://weetransfeer.com Response headers pragma no-cache date Tue, 16 Jul 2019 12:25:20 GMT server LiteSpeed content-type text/html status 404 cache-control private, no-cache, no-store, must-revalidate, max-age=0 alt-svc quic=":443"; ma=2592000; v="35,39,43,44" content-length 618
GET H2	200	ri.gif weetransfeer.com/resources/a_data/ Frame 2903	43 B 137 B	98ms 97ms	Image image/gif	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Show image Full URL https://weetransfeer.com/resources/a_data/ri.gif Requested by Host: weetransfeer.com URL: https://weetransfeer.com/resources/a.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49` Request headers Referer https://weetransfeer.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 16 Jul 2019 12:25:20 GMT last-modified Sun, 07 Jul 2019 20:56:05 GMT server LiteSpeed content-type image/gif status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="35,39,43,44" content-length 43 expires Tue, 23 Jul 2019 12:25:20 GMT
GET H2	200	index.htm Show response weetransfeer.com/resources/a_data/ Frame 1634	18 KB 5 KB	98ms 98ms	Document text/html	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://weetransfeer.com/resources/a_data/index.htm Requested by Host: weetransfeer.com URL: https://weetransfeer.com/resources/a.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `c0131cf00ff7d3df50d43df3e1ce38ad6c128d1ccf4fd7854d8cac20d30c52df` Request headers :method GET :authority weetransfeer.com :scheme https :path /resources/a_data/index.htm pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 referer https://weetransfeer.com/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://weetransfeer.com/ Response headers status 200 last-modified Sun, 07 Jul 2019 20:56:06 GMT content-type text/html content-length 5049 accept-ranges bytes content-encoding br vary Accept-Encoding date Tue, 16 Jul 2019 12:25:20 GMT server LiteSpeed alt-svc quic=":443"; ma=2592000; v="35,39,43,44"
GET H2	404	FaktCyrWeb-Normal-0038c5aa5c3243bb2995139e9aeb9519f62f098d0e0f7fab6c8b655a292d857d.woff weetransfeer.com/assets/faktpro/	0 0	98ms 97ms	Font text/html	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://weetransfeer.com/assets/faktpro/FaktCyrWeb-Normal-0038c5aa5c3243bb2995139e9aeb9519f62f098d0e0f7fab6c8b655a292d857d.woff Requested by Host: weetransfeer.com URL: https://weetransfeer.com/?q= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://weetransfeer.com/resources/style.css Origin https://weetransfeer.com Response headers pragma no-cache date Tue, 16 Jul 2019 12:25:20 GMT server LiteSpeed content-type text/html status 404 cache-control private, no-cache, no-store, must-revalidate, max-age=0 alt-svc quic=":443"; ma=2592000; v="35,39,43,44" content-length 618
GET H2	200	wallpaper-toolbox-2.css weetransfeer.com/resources/a_data/index_data/ Frame 1634	5 KB 1 KB	98ms 97ms	Stylesheet text/css	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://weetransfeer.com/resources/a_data/index_data/wallpaper-toolbox-2.css Requested by Host: weetransfeer.com URL: https://weetransfeer.com/resources/a_data/index.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `2c5968a107e4fdbb9a3ae3d67c10780c8a644e8d4d1e73dacc32ec78b5712038` Request headers Referer https://weetransfeer.com/resources/a_data/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 16 Jul 2019 12:25:20 GMT content-encoding br last-modified Sun, 07 Jul 2019 20:56:14 GMT server LiteSpeed vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="35,39,43,44" content-length 1286 expires Tue, 23 Jul 2019 12:25:20 GMT
GET H2	200	paste.png weetransfeer.com/resources/a_data/index_data/ Frame 1634	171 KB 171 KB	98ms 97ms	Image image/png	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Show image Full URL https://weetransfeer.com/resources/a_data/index_data/paste.png Requested by Host: weetransfeer.com URL: https://weetransfeer.com/resources/a_data/index.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `3475c0f6ac3099b489771a17e1c9e4fb455f264dcccc78e0e83356534a3010f8` Request headers Referer https://weetransfeer.com/resources/a_data/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 16 Jul 2019 12:25:20 GMT last-modified Sun, 07 Jul 2019 20:56:14 GMT server LiteSpeed content-type image/png status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="35,39,43,44" content-length 174955 expires Tue, 23 Jul 2019 12:25:20 GMT
GET H2	200	logo.svg weetransfeer.com/resources/a_data/index_data/ Frame 1634	6 KB 2 KB	201ms 200ms	Image image/svg+xml	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Show image Full URL https://weetransfeer.com/resources/a_data/index_data/logo.svg Requested by Host: weetransfeer.com URL: https://weetransfeer.com/resources/a_data/index.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `8b6e0324622d592afe7c8f0fe7dd460b2b552071d509d95e3864f81cf061218a` Request headers Referer https://weetransfeer.com/resources/a_data/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 16 Jul 2019 12:25:20 GMT content-encoding br last-modified Sun, 07 Jul 2019 20:56:10 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="35,39,43,44" content-length 2290 expires Tue, 23 Jul 2019 12:25:20 GMT
GET H2	200	wallpaper-api-2.js Show response weetransfeer.com/resources/a_data/index_data/ Frame 1634	8 KB 3 KB	198ms 197ms	Script application/javascript	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://weetransfeer.com/resources/a_data/index_data/wallpaper-api-2.js Requested by Host: weetransfeer.com URL: https://weetransfeer.com/resources/a_data/index.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `2357b0e11223f3968f52b17b666be061affffdeb141522b698b7353f7e63a92d` Request headers Referer https://weetransfeer.com/resources/a_data/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 16 Jul 2019 12:25:20 GMT content-encoding br last-modified Sun, 07 Jul 2019 20:56:12 GMT server LiteSpeed vary Accept-Encoding content-type application/javascript status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="35,39,43,44" content-length 2901 expires Tue, 23 Jul 2019 12:25:20 GMT
GET H2	200	wallpaper-toolbox-2.js Show response weetransfeer.com/resources/a_data/index_data/ Frame 1634	222 KB 65 KB	198ms 198ms	Script application/javascript	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://weetransfeer.com/resources/a_data/index_data/wallpaper-toolbox-2.js Requested by Host: weetransfeer.com URL: https://weetransfeer.com/resources/a_data/index.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `aabeb0f86914c5fad8082257102e7eae8d3b73609632d5599b853ea96f2b6bc0` Request headers Referer https://weetransfeer.com/resources/a_data/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 16 Jul 2019 12:25:20 GMT content-encoding br last-modified Sun, 07 Jul 2019 20:56:18 GMT server LiteSpeed vary Accept-Encoding content-type application/javascript status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="35,39,43,44" content-length 66848 expires Tue, 23 Jul 2019 12:25:20 GMT
GET H2	404	FaktGrkWeb-Normal-9e5daf8f10b7da71bbd3309ebb7c95657cf2e585986d1512700d1c1bec005507.woff weetransfeer.com/assets/faktpro/	0 0	137ms 137ms	Font text/html	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://weetransfeer.com/assets/faktpro/FaktGrkWeb-Normal-9e5daf8f10b7da71bbd3309ebb7c95657cf2e585986d1512700d1c1bec005507.woff Requested by Host: weetransfeer.com URL: https://weetransfeer.com/?q= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://weetransfeer.com/resources/style.css Origin https://weetransfeer.com Response headers pragma no-cache date Tue, 16 Jul 2019 12:25:20 GMT server LiteSpeed content-type text/html status 404 cache-control private, no-cache, no-store, must-revalidate, max-age=0 alt-svc quic=":443"; ma=2592000; v="35,39,43,44" content-length 618
GET H2	404	FaktGrkWeb-Medium-8eb863415ca103c7f90b369e54e6be4786c90c30a06ce32f3dca803206bf74dd.woff weetransfeer.com/assets/faktpro/	0 0	135ms 135ms	Font text/html	172.96.186.145 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://weetransfeer.com/assets/faktpro/FaktGrkWeb-Medium-8eb863415ca103c7f90b369e54e6be4786c90c30a06ce32f3dca803206bf74dd.woff Requested by Host: weetransfeer.com URL: https://weetransfeer.com/?q= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.96.186.145 Fergus, Canada, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS 172.96.186.145-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://weetransfeer.com/resources/style.css Origin https://weetransfeer.com Response headers pragma no-cache date Tue, 16 Jul 2019 12:25:20 GMT server LiteSpeed content-type text/html status 404 cache-control private, no-cache, no-store, must-revalidate, max-age=0 alt-svc quic=":443"; ma=2592000; v="35,39,43,44" content-length 618
GET H2	200	1px.png backgrounds.wetransfer.net/53/1811/paste_wp2_make_v3/assets/images/ Frame 1634	15 KB 15 KB	223ms 154ms	Image image/png	54.230.202.73 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://backgrounds.wetransfer.net/53/1811/paste_wp2_make_v3/assets/images/1px.png Requested by Host: weetransfeer.com URL: https://weetransfeer.com/resources/a_data/index.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.230.202.73 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-54-230-202-73.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash `1fd7ade374faaf1e5ab4a1b13e97e476bd0167d1c25ca0e198bed49d2e53928a` Request headers Referer https://weetransfeer.com/resources/a_data/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 11 Jul 2019 06:14:38 GMT via 1.1 e89c67951b2bc58773e3664c08702f34.cloudfront.net (CloudFront) last-modified Wed, 21 Nov 2018 12:20:23 GMT server AmazonS3 x-amz-cf-pop FRA50 etag "c3d9ca9b5f619af2605d125aade2bc7a" x-cache RefreshHit from cloudfront content-type image/png status 200 accept-ranges bytes content-length 14987 x-amz-cf-id frDon5Js-PojEMdlTHRL7IyVZk_feEsTCsJnOCcezYuA9kTEYlPPag==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

backgrounds.wetransfer.net
weetransfeer.com
172.96.186.145
54.230.202.73
1fd7ade374faaf1e5ab4a1b13e97e476bd0167d1c25ca0e198bed49d2e53928a
2357b0e11223f3968f52b17b666be061affffdeb141522b698b7353f7e63a92d
2c5968a107e4fdbb9a3ae3d67c10780c8a644e8d4d1e73dacc32ec78b5712038
3475c0f6ac3099b489771a17e1c9e4fb455f264dcccc78e0e83356534a3010f8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f0e2ab7c96d41a23fc8224241baebc72bf8a96fce83b3e992d83187fb0d8e22
5f9a997a3a1a8d3b876a2270c620a65c1ef645a641302306009f678d595686f6
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8b6e0324622d592afe7c8f0fe7dd460b2b552071d509d95e3864f81cf061218a
aabeb0f86914c5fad8082257102e7eae8d3b73609632d5599b853ea96f2b6bc0
c0131cf00ff7d3df50d43df3e1ce38ad6c128d1ccf4fd7854d8cac20d30c52df
df3be4871c67d370d0ed397e5154b457c900e7c871ad044f93ff9e3132c2e976
e71c3d2662302e03c641d793b4d3f132b4f4d92b0f4e9bd2444d16c63c92d3df

weetransfeer.com Open in urlscan Pro 172.96.186.145 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

341 kBTransfer

933 kBSize

0 Cookies

0 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

Indicators

weetransfeer.com Open in urlscan Pro
172.96.186.145 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

341 kB
Transfer

933 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!