wetransfer.alexheisenberg.repl.co Open in urlscan Pro
35.201.120.147 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://wetransfer.alexheisenberg.repl.co/
Submission: On September 21 via automatic, source openphish (September 21st 2020, 1:31:12 pm UTC)

Summary HTTP 22 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 7 domains to perform 22 HTTP transactions. The main IP is 35.201.120.147, located in Ascension Island and belongs to GOOGLE, US. The main domain is wetransfer.alexheisenberg.repl.co.

This is the only time wetransfer.alexheisenberg.repl.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	35.201.120.147 35.201.120.147	15169 (GOOGLE) (GOOGLE)
10	13.225.73.98 13.225.73.98	16509 (AMAZON-02) (AMAZON-02)
3	35.201.103.212 35.201.103.212	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:81a::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:21f... 2600:9000:21f3:a600:6:bbf2:440:21	16509 (AMAZON-02) (AMAZON-02)
1	216.58.212.134 216.58.212.134	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:817::2001	15169 (GOOGLE) (GOOGLE)
22	8

1 35.201.120.147 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 147.120.201.35.bc.googleusercontent.com

wetransfer.alexheisenberg.repl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 13.225.73.98 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-73-98.fra2.r.cloudfront.net

prod-cdn.wetransfer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.103.212 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 212.103.201.35.bc.googleusercontent.com

distributiontomatoes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81a::2008 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:a600:6:bbf2:440:21 (United States)

ASN16509 (AMAZON-02, US)

d19ptbnuzhibkh.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.134 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f134.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	wetransfer.net prod-cdn.wetransfer.net Failed	427 KB
3	distributiontomatoes.com distributiontomatoes.com	30 KB
2	googletagmanager.com 1 redirects www.googletagmanager.com	39 KB
1	googlesyndication.com tpc.googlesyndication.com
1	doubleclick.net ad.doubleclick.net	585 B
1	cloudfront.net d19ptbnuzhibkh.cloudfront.net	30 KB
1	repl.co wetransfer.alexheisenberg.repl.co	26 KB
22	7

	Domain	Requested by
10	prod-cdn.wetransfer.net	wetransfer.alexheisenberg.repl.co prod-cdn.wetransfer.net
3	distributiontomatoes.com	wetransfer.alexheisenberg.repl.co distributiontomatoes.com
2	www.googletagmanager.com	1 redirects wetransfer.alexheisenberg.repl.co
1	tpc.googlesyndication.com	distributiontomatoes.com
1	ad.doubleclick.net	distributiontomatoes.com
1	d19ptbnuzhibkh.cloudfront.net	wetransfer.alexheisenberg.repl.co
1	wetransfer.alexheisenberg.repl.co
22	7

This site contains links to these domains. Also see Links.

Domain
wetransfer.pr.co
wetransfer.homerun.co
twitter.com
www.facebook.com
www.instagram.com
www.youtube.com

Subject Issuer	Validity	Valid
wetransfer.net Amazon	`2020-08-11` - `2021-09-10`	a year	crt.sh
distributiontomatoes.com Let's Encrypt Authority X3	`2020-07-26` - `2020-10-24`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh

This page contains 2 frames:

Primary Page: http://wetransfer.alexheisenberg.repl.co/
Frame ID: A87FEAC301C115EE93939D8B5A642540
Requests: 21 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-23/html/container.html
Frame ID: FEC144FF3E8147555A3BF27C89F126C9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Google Cloud (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /^1\.1 google$/i

Page Statistics

22
Requests

68 %
HTTPS

43 %
IPv6

7
Domains

7
Subdomains

8
IPs

3
Countries

552 kB
Transfer

2060 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://wetransfer.pr.co/
Title: Press

Search URL Search Domain Scan URL

URL: https://wetransfer.homerun.co/
Title: Jobs

Search URL Search Domain Scan URL

URL: https://twitter.com/WeTransfer

Search URL Search Domain Scan URL

URL: https://www.facebook.com/wetransfer

Search URL Search Domain Scan URL

URL: https://www.instagram.com/WeTransfer/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/WeTransfer

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

http://www.googletagmanager.com/gtm.js?id=GTM-N9N5GP HTTP 302
https://www.googletagmanager.com/gtm.js?id=GTM-N9N5GP

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set / Show response
wetransfer.alexheisenberg.repl.co/ 26 KB
26 KB 184ms
137ms Document
text/html 35.201.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://wetransfer.alexheisenberg.repl.co/
Protocol: HTTP/1.1
Server: 35.201.120.147 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.201.35.bc.googleusercontent.com
Software: / PHP/7.2.24-0ubuntu0.18.04.6
Resource Hash: c1605b7249fc4712d3820ad11dc26a66a4dee8a574c6e7bf82e39a8d63a2daf9

Request headers

Host: wetransfer.alexheisenberg.repl.co
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Mon, 21 Sep 2020 13:30:27 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Host: wetransfer.alexheisenberg.repl.co
Pragma: no-cache
Set-Cookie: PHPSESSID=g5bj73m0eni3dnd854oh4an68r; path=/
X-Powered-By: PHP/7.2.24-0ubuntu0.18.04.6
Transfer-Encoding: chunked
Via: 1.1 google

GET ActiefGrotesque_W_Rg-1f437876.woff
prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ 0
0

GET ActiefGrotesque_W_Md-293e86f0.woff
prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ 0
0

GET GT-Super-WT-Super-1b214df1.woff
prod-cdn.wetransfer.net/packs/media/gtsuperwt/ 0
0

GET
H2 200 application-9ca3e835.chunk.css
prod-cdn.wetransfer.net/packs/css/ 339 KB
45 KB 96ms
31ms Stylesheet
text/css 13.225.73.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css
Requested by: Host: wetransfer.alexheisenberg.repl.co
URL: http://wetransfer.alexheisenberg.repl.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.73.98 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-98.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 675500414d9041d5df9f7aa9bd5f57eb5f4aa8d62c2b929fa4e22002e94ca98f

Request headers

Referer: http://wetransfer.alexheisenberg.repl.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 09:11:51 GMT
content-encoding: gzip
last-modified: Thu, 17 Sep 2020 08:38:53 GMT
server: AmazonS3
age: 361117
etag: W/"1a2f44816c234e611dfc6fe78ad58644"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
status: 200
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: XX_gOr12JiWxNvzRL7z7jk9B6UHQwv5cgR5haFz4-lDBUsq7Qb_IZQ==
via: 1.1 c7015d60d4f8f2170aaaa75e69e40618.cloudfront.net (CloudFront)

GET
H2 200 runtime~application-afd367b537134442b958.es6.js Show response
prod-cdn.wetransfer.net/packs/esm/ 6 KB
3 KB 97ms
33ms Script
application/javascript 13.225.73.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-cdn.wetransfer.net/packs/esm/runtime~application-afd367b537134442b958.es6.js
Requested by: Host: wetransfer.alexheisenberg.repl.co
URL: http://wetransfer.alexheisenberg.repl.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.73.98 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-98.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 464bdfe676fd759af0a6e403185b579f6e73ca5135944a4672c53e226a2e81a2

Request headers

Referer: http://wetransfer.alexheisenberg.repl.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Sep 2020 10:14:38 GMT
content-encoding: gzip
last-modified: Fri, 18 Sep 2020 10:11:46 GMT
server: AmazonS3
age: 270950
etag: W/"d12a56665871d73f1a876007f9d809c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: wTRt2j2mqcExKIJosg_d4EqdoIedzsxxfHu6sCvYX5bnRjMuM0A1CA==
via: 1.1 c7015d60d4f8f2170aaaa75e69e40618.cloudfront.net (CloudFront)

GET
H2 200 application-28470e6f548ac972d85d.es6.js Show response
prod-cdn.wetransfer.net/packs/esm/ 693 KB
176 KB 93ms
32ms Script
application/javascript 13.225.73.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-cdn.wetransfer.net/packs/esm/application-28470e6f548ac972d85d.es6.js
Requested by: Host: wetransfer.alexheisenberg.repl.co
URL: http://wetransfer.alexheisenberg.repl.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.73.98 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-98.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: af3865d029d561ea53a927bb67167223409aa54322aeec232eedd651197d01e8

Request headers

Referer: http://wetransfer.alexheisenberg.repl.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Sep 2020 10:14:38 GMT
content-encoding: gzip
last-modified: Fri, 18 Sep 2020 10:11:45 GMT
server: AmazonS3
age: 270950
etag: W/"1b0f5e9ddead712fa4d87c05abc7a436"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: IXPTplDqamXBhUyw7FNwTr-u6ctVn-4SAonDuGO1m5HnGs8gDA2xuw==
via: 1.1 c7015d60d4f8f2170aaaa75e69e40618.cloudfront.net (CloudFront)

GET
H2 200 vendor-14d41395b12ad1118065.es6.js Show response
prod-cdn.wetransfer.net/packs/esm/ 542 KB
165 KB 93ms
33ms Script
application/javascript 13.225.73.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-cdn.wetransfer.net/packs/esm/vendor-14d41395b12ad1118065.es6.js
Requested by: Host: wetransfer.alexheisenberg.repl.co
URL: http://wetransfer.alexheisenberg.repl.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.73.98 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-98.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8c6111118295ae17101ccba402d62b1d900ab149ad4c357cc2faa153fa857233

Request headers

Referer: http://wetransfer.alexheisenberg.repl.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Sep 2020 10:14:38 GMT
content-encoding: gzip
last-modified: Fri, 18 Sep 2020 10:11:46 GMT
server: AmazonS3
age: 270950
etag: W/"d9e853f8e6c80c906283fb20b99ac554"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: VcCYAjmWa6_71Ut1IRb9iV7S5_MdRPVn4sAU37MJ_RR9oDQW6lViqQ==
via: 1.1 c7015d60d4f8f2170aaaa75e69e40618.cloudfront.net (CloudFront)

GET
H2 200 v2ovpU2CjG2b9b2CSSmk-KywBiIuykfx_NELwupI-yj9ppydgPHID4NeDVxOhIz9b Show response
distributiontomatoes.com/ 95 KB
29 KB 127ms
54ms Script
text/javascript 35.201.103.212
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://distributiontomatoes.com/v2ovpU2CjG2b9b2CSSmk-KywBiIuykfx_NELwupI-yj9ppydgPHID4NeDVxOhIz9b

Requested by

Host: wetransfer.alexheisenberg.repl.co
URL: http://wetransfer.alexheisenberg.repl.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.103.212 , Ascension Island, ASN15169 (GOOGLE, US),

Reverse DNS

212.103.201.35.bc.googleusercontent.com

Software

Resource Hash

a71a3f15ff241e36e75cdc50d53cbef1e1b11ce957cd4bba5b8b5ead7366f16f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: http://wetransfer.alexheisenberg.repl.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "802c1df280d38fb99ada620e30c110d2c27dccbba4f01bc34888ae3193959829"
vary: Accept-Encoding, Accept-Language
x-hostname: paris
content-type: text/javascript; charset=utf-8
status: 200
cache-control: private, must-revalidate, max-age=21600
date: Mon, 21 Sep 2020 13:30:27 GMT
timing-allow-origin: *

GET
H2

200

gtm.js Show response
www.googletagmanager.com/
Redirect Chain

http://www.googletagmanager.com/gtm.js?id=GTM-N9N5GP
https://www.googletagmanager.com/gtm.js?id=GTM-N9N5GP

152 KB
39 KB

28ms
27ms

Script
application/javascript

2a00:1450:4001:81a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N9N5GP

Requested by

Host: wetransfer.alexheisenberg.repl.co
URL: http://wetransfer.alexheisenberg.repl.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6093cd90feb5a92c9619a827acb7db5cfd59e8a561251a594e82afe98838cd6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://wetransfer.alexheisenberg.repl.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 13:30:28 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40090
x-xss-protection: 0
last-modified: Mon, 21 Sep 2020 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 21 Sep 2020 13:30:28 GMT

Redirect headers

Location: https://www.googletagmanager.com/gtm.js?id=GTM-N9N5GP
Date: Mon, 21 Sep 2020 13:30:27 GMT
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK sp.js Show response
d19ptbnuzhibkh.cloudfront.net/2.10.2/ 96 KB
30 KB 53ms
34ms Script
application/javascript 2600:9000:21f3:a600:6:bbf2:440:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://d19ptbnuzhibkh.cloudfront.net/2.10.2/sp.js
Requested by: Host: wetransfer.alexheisenberg.repl.co
URL: http://wetransfer.alexheisenberg.repl.co/
Protocol: HTTP/1.1
Server: 2600:9000:21f3:a600:6:bbf2:440:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d9a9b2a15666ace13ce304e0a34baaa8a82ce5bc9d01480872869c9871dc552c

Request headers

Referer: http://wetransfer.alexheisenberg.repl.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 14 Sep 2020 00:22:59 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Tue, 30 Apr 2019 15:14:08 GMT
Server: AmazonS3
Age: 652049
ETag: "c7b65b3f4e8761897af9a3ca5d76682e"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 216b2e0a8a27f8fca1b540a1c4ea6922.cloudfront.net (CloudFront)
Cache-Control: max-age=315360000
X-Amz-Cf-Pop: FRA2-C2
Accept-Ranges: bytes
Content-Length: 29895
X-Amz-Cf-Id: DW9j4iduBTayFz7jkRDub6E4kN6qTKhOhnOCB0O49uOHoQa5T_I2aQ==

GET
H2 200 en-fefc43b9a18cd895204b.es6.js Show response
prod-cdn.wetransfer.net/packs/esm/runtime~locale/ 2 KB
1 KB 81ms
33ms Script
application/javascript 13.225.73.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-cdn.wetransfer.net/packs/esm/runtime~locale/en-fefc43b9a18cd895204b.es6.js
Requested by: Host: wetransfer.alexheisenberg.repl.co
URL: http://wetransfer.alexheisenberg.repl.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.73.98 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-98.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: decb59a28fd5ab4495e5d79b039fab95c87aff44a072398e5e1148b535adc407

Request headers

Referer: http://wetransfer.alexheisenberg.repl.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 11 Sep 2020 13:36:38 GMT
content-encoding: gzip
last-modified: Fri, 11 Sep 2020 10:39:22 GMT
server: AmazonS3
age: 863630
etag: W/"67e20ce6a36c5c9522ddc5646906e083"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: 5L9drJyMSYDpGptBvQLhD-PfRXIlQTdWSwo65TYVvvbHDaEsJQdwlg==
via: 1.1 c7015d60d4f8f2170aaaa75e69e40618.cloudfront.net (CloudFront)

GET
H2 200 en-038180970828db4fa404.es6.js Show response
prod-cdn.wetransfer.net/packs/esm/locale/ 108 KB
33 KB 140ms
92ms Script
application/javascript 13.225.73.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-cdn.wetransfer.net/packs/esm/locale/en-038180970828db4fa404.es6.js
Requested by: Host: wetransfer.alexheisenberg.repl.co
URL: http://wetransfer.alexheisenberg.repl.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.73.98 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-98.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 369ca8c349ad1dfc603a649b69e73e0df9be7bc4f32506f5ea860159e3b47a94

Request headers

Referer: http://wetransfer.alexheisenberg.repl.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 09:11:52 GMT
content-encoding: gzip
last-modified: Thu, 17 Sep 2020 08:38:54 GMT
server: AmazonS3
age: 361116
etag: W/"7cf6efcfe577eeed2bddaf63009226c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: 8F7oaErw_TYItMccgfy-wOJZ-LGPPOIv284_jdEspklkS58b7IUb6Q==
via: 1.1 c7015d60d4f8f2170aaaa75e69e40618.cloudfront.net (CloudFront)

GET
H2 200 advertising-4aee5180207621f94abeb04df0d9e7e52f4496bf16a55f712b2feb788c8f89f4.js Show response
prod-cdn.wetransfer.net/assets/ 349 B
703 B 80ms
32ms Script
application/javascript 13.225.73.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-cdn.wetransfer.net/assets/advertising-4aee5180207621f94abeb04df0d9e7e52f4496bf16a55f712b2feb788c8f89f4.js
Requested by: Host: wetransfer.alexheisenberg.repl.co
URL: http://wetransfer.alexheisenberg.repl.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.73.98 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-98.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4aee5180207621f94abeb04df0d9e7e52f4496bf16a55f712b2feb788c8f89f4

Request headers

Referer: http://wetransfer.alexheisenberg.repl.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 12 Sep 2020 02:51:39 GMT
via: 1.1 c7015d60d4f8f2170aaaa75e69e40618.cloudfront.net (CloudFront)
last-modified: Fri, 11 Sep 2020 10:40:11 GMT
server: AmazonS3
age: 815929
etag: "019dafef616906d42b64043fce694aa3"
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 349
x-amz-cf-id: Rd5u56oW_frSCnXy00JBSjU6e3W6mrvjh9Oy-k4sKf5LW5E7BirKrQ==

GET
H2 200 cross-dark-ec4d805a.svg
prod-cdn.wetransfer.net/packs/media/pro/ 710 B
1 KB 33ms
29ms Image
image/svg+xml 13.225.73.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-cdn.wetransfer.net/packs/media/pro/cross-dark-ec4d805a.svg
Requested by: Host: prod-cdn.wetransfer.net
URL: https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.73.98 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-98.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6137a1b17801e62f7eb45af085364abd96bf00c2c781df10ed7a7b216dcdfab1

Request headers

Referer: https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 07:13:53 GMT
via: 1.1 c7015d60d4f8f2170aaaa75e69e40618.cloudfront.net (CloudFront)
last-modified: Tue, 15 Sep 2020 15:12:14 GMT
server: AmazonS3
age: 454595
etag: "e1ea74b8203083a2df662e1fdf0e775f"
x-cache: Hit from cloudfront
content-type: image/svg+xml
status: 200
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 710
x-amz-cf-id: UHYPPmuBL1wWqp6FSPyAO6MTeoRVeHXZ8B2GNJIyuv2tOCJ6FeJS4g==

GET
H2 200 check-ae560310.svg
prod-cdn.wetransfer.net/packs/media/images/ 1 KB
922 B 34ms
31ms Image
image/svg+xml 13.225.73.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-cdn.wetransfer.net/packs/media/images/check-ae560310.svg
Requested by: Host: prod-cdn.wetransfer.net
URL: https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.73.98 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-98.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bf170345e058d8bcc3ec09e9064394dc4cb71c2c6037165e5637a0a926cba144

Request headers

Referer: https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Apr 2020 11:55:12 GMT
content-encoding: gzip
last-modified: Thu, 30 Apr 2020 09:57:33 GMT
server: AmazonS3
age: 12447317
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
status: 200
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: i2rhLd9xVfG0wVNmLfYF_XSdFEN5yrz2pYBzcVRBhXG54p0l6XO3WQ==
via: 1.1 c7015d60d4f8f2170aaaa75e69e40618.cloudfront.net (CloudFront)

GET
H2 200 globe-dd3d31e7.svg
prod-cdn.wetransfer.net/packs/media/images/ 841 B
1 KB 35ms
31ms Image
image/svg+xml 13.225.73.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-cdn.wetransfer.net/packs/media/images/globe-dd3d31e7.svg
Requested by: Host: prod-cdn.wetransfer.net
URL: https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.73.98 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-98.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 38209c8fb7d72a610b8354aebf269c82a0bcb7a03eeee94a4f64193e671db2b1

Request headers

Referer: https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Sep 2020 08:43:20 GMT
via: 1.1 c7015d60d4f8f2170aaaa75e69e40618.cloudfront.net (CloudFront)
last-modified: Fri, 18 Sep 2020 08:37:38 GMT
server: AmazonS3
age: 276428
etag: "e8ffef2e96af9a1e327b5cfc3d3e1c6d"
x-cache: Hit from cloudfront
content-type: image/svg+xml
status: 200
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 841
x-amz-cf-id: _Lv95q6FaT5b-yEmx6OwyxsifrM2rS5iZzSiXSlFR2bv6NHrP7Z8kw==

GET ActiefGrotesque_W_Bd-1bdd99f9.woff
prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ 0
0

GET
H/1.1 200
OK Acqbko Show response
ad.doubleclick.net/ddm/adj/Bhjr/ 11 B
585 B 61ms
41ms Script
text/javascript 216.58.212.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://ad.doubleclick.net/ddm/adj/Bhjr/Acqbko

Requested by

Host: distributiontomatoes.com
URL: https://distributiontomatoes.com/v2ovpU2CjG2b9b2CSSmk-KywBiIuykfx_NELwupI-yj9ppydgPHID4NeDVxOhIz9b

Protocol

HTTP/1.1

Server

216.58.212.134 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f134.1e100.net

Software

cafe /

Resource Hash

f1e945400c04241ef089d71de3b0cf7e202431ac4685ada318714fe07ee9dcb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://wetransfer.alexheisenberg.repl.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Sep 2020 13:30:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
Timing-Allow-Origin: *
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache, must-revalidate
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 31
X-XSS-Protection: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-23/html/ Frame FEC1 0
0 37ms
11ms Document
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-23/html/container.html

Requested by

Host: distributiontomatoes.com
URL: https://distributiontomatoes.com/v2ovpU2CjG2b9b2CSSmk-KywBiIuykfx_NELwupI-yj9ppydgPHID4NeDVxOhIz9b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-23/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://wetransfer.alexheisenberg.repl.co/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://wetransfer.alexheisenberg.repl.co/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 1479
date: Mon, 21 Sep 2020 05:55:50 GMT
expires: Tue, 21 Sep 2021 05:55:50 GMT
last-modified: Tue, 10 Apr 2018 14:51:09 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 27279
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 v2brmoLzYturGj7sWLC-3reX0CwEo5ucsXihSiBGb2FmHmAChIQtmvBGBozkPei-RS0tt5ZYDZsd3hVh6 Show response
distributiontomatoes.com/ 216 B
623 B 105ms
36ms Fetch
application/json 35.201.103.212
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://distributiontomatoes.com/v2brmoLzYturGj7sWLC-3reX0CwEo5ucsXihSiBGb2FmHmAChIQtmvBGBozkPei-RS0tt5ZYDZsd3hVh6

Requested by

Host: distributiontomatoes.com
URL: https://distributiontomatoes.com/v2ovpU2CjG2b9b2CSSmk-KywBiIuykfx_NELwupI-yj9ppydgPHID4NeDVxOhIz9b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.103.212 , Ascension Island, ASN15169 (GOOGLE, US),

Reverse DNS

212.103.201.35.bc.googleusercontent.com

Software

Resource Hash

1266b8107bab267a61c7321762ce021be42ba1b7efa7f9e05d035409e4e1b696

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: http://wetransfer.alexheisenberg.repl.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
status: 200
date: Mon, 21 Sep 2020 13:30:29 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: http://wetransfer.alexheisenberg.repl.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: paris
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 216
expires: Mon, 21 Sep 2020 13:30:28 GMT

POST
H2 200 v2lkeWoMTTn0Hdy2usUmm_a6V4gjxtl_gmdjetT-uTbXOE_lO7xGo2zIhElD04eDtm-w-3Hrj5lGhsd0h Show response
distributiontomatoes.com/ 3 B
36 B 60ms
59ms Fetch
application/json 35.201.103.212
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://distributiontomatoes.com/v2lkeWoMTTn0Hdy2usUmm_a6V4gjxtl_gmdjetT-uTbXOE_lO7xGo2zIhElD04eDtm-w-3Hrj5lGhsd0h

Requested by

Host: distributiontomatoes.com
URL: https://distributiontomatoes.com/v2ovpU2CjG2b9b2CSSmk-KywBiIuykfx_NELwupI-yj9ppydgPHID4NeDVxOhIz9b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.103.212 , Ascension Island, ASN15169 (GOOGLE, US),

Reverse DNS

212.103.201.35.bc.googleusercontent.com

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: http://wetransfer.alexheisenberg.repl.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
status: 200
date: Mon, 21 Sep 2020 13:30:29 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: http://wetransfer.alexheisenberg.repl.co
access-control-allow-credentials: true
x-hostname: paris
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 3

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: prod-cdn.wetransfer.net
URL: https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Rg-1f437876.woff

Domain: prod-cdn.wetransfer.net
URL: https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Md-293e86f0.woff

Domain: prod-cdn.wetransfer.net
URL: https://prod-cdn.wetransfer.net/packs/media/gtsuperwt/GT-Super-WT-Super-1b214df1.woff

Domain: prod-cdn.wetransfer.net
URL: https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Bd-1bdd99f9.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
d19ptbnuzhibkh.cloudfront.net
distributiontomatoes.com
prod-cdn.wetransfer.net
tpc.googlesyndication.com
wetransfer.alexheisenberg.repl.co
www.googletagmanager.com
prod-cdn.wetransfer.net
13.225.73.98
216.58.212.134
2600:9000:21f3:a600:6:bbf2:440:21
2a00:1450:4001:817::2001
2a00:1450:4001:81a::2008
35.201.103.212
35.201.120.147
1266b8107bab267a61c7321762ce021be42ba1b7efa7f9e05d035409e4e1b696
369ca8c349ad1dfc603a649b69e73e0df9be7bc4f32506f5ea860159e3b47a94
38209c8fb7d72a610b8354aebf269c82a0bcb7a03eeee94a4f64193e671db2b1
464bdfe676fd759af0a6e403185b579f6e73ca5135944a4672c53e226a2e81a2
4aee5180207621f94abeb04df0d9e7e52f4496bf16a55f712b2feb788c8f89f4
6093cd90feb5a92c9619a827acb7db5cfd59e8a561251a594e82afe98838cd6c
6137a1b17801e62f7eb45af085364abd96bf00c2c781df10ed7a7b216dcdfab1
675500414d9041d5df9f7aa9bd5f57eb5f4aa8d62c2b929fa4e22002e94ca98f
8c6111118295ae17101ccba402d62b1d900ab149ad4c357cc2faa153fa857233
a71a3f15ff241e36e75cdc50d53cbef1e1b11ce957cd4bba5b8b5ead7366f16f
af3865d029d561ea53a927bb67167223409aa54322aeec232eedd651197d01e8
bf170345e058d8bcc3ec09e9064394dc4cb71c2c6037165e5637a0a926cba144
c1605b7249fc4712d3820ad11dc26a66a4dee8a574c6e7bf82e39a8d63a2daf9
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d9a9b2a15666ace13ce304e0a34baaa8a82ce5bc9d01480872869c9871dc552c
decb59a28fd5ab4495e5d79b039fab95c87aff44a072398e5e1148b535adc407
f1e945400c04241ef089d71de3b0cf7e202431ac4685ada318714fe07ee9dcb0

wetransfer.alexheisenberg.repl.co Open in urlscan Pro 35.201.120.147 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

22 Requests

68 %HTTPS

43 %IPv6

7 Domains

7 Subdomains

8 IPs

3 Countries

552 kBTransfer

2060 kBSize

0 Cookies

6 Outgoing links

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

0 Cookies

Indicators

wetransfer.alexheisenberg.repl.co Open in urlscan Pro
35.201.120.147 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

68 %
HTTPS

43 %
IPv6

7
Domains

7
Subdomains

8
IPs

3
Countries

552 kB
Transfer

2060 kB
Size

0
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!