www.luhanieehlers.co.za
Open in
urlscan Pro
184.154.120.40
Malicious Activity!
Public Scan
Effective URL: https://www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer.html?cmd=login_submit&id=985c81cf8dd9235225c...
Submission: On June 07 via manual from FR
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on April 10th 2018. Valid for: 3 months.
This is the only time www.luhanieehlers.co.za was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WeTransfer (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 216.58.206.16 216.58.206.16 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
4 21 | 184.154.120.40 184.154.120.40 | 32475 (SINGLEHOP...) (SINGLEHOP-LLC - SingleHop LLC) | |
1 | 13.32.222.199 13.32.222.199 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 13.32.222.214 13.32.222.214 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
20 | 5 |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s20-in-f16.1e100.net
storage.googleapis.com |
ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US)
PTR: vps.dnshoster.net
www.luhanieehlers.co.za |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-222-199.fra56.r.cloudfront.net
cdn.wetransfer.net |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-222-214.fra56.r.cloudfront.net
backgrounds.wetransfer.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
luhanieehlers.co.za
4 redirects
www.luhanieehlers.co.za |
917 KB |
2 |
wetransfer.net
cdn.wetransfer.net backgrounds.wetransfer.net |
73 KB |
1 |
googleapis.com
storage.googleapis.com |
2 KB |
20 | 3 |
Domain | Requested by | |
---|---|---|
21 | www.luhanieehlers.co.za |
4 redirects
storage.googleapis.com
www.luhanieehlers.co.za |
1 | backgrounds.wetransfer.net |
www.luhanieehlers.co.za
|
1 | cdn.wetransfer.net |
www.luhanieehlers.co.za
|
1 | storage.googleapis.com | |
20 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
wetransfer.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.storage.googleapis.com Google Internet Authority G3 |
2018-05-15 - 2018-08-07 |
3 months | crt.sh |
luhanieehlers.co.za Let's Encrypt Authority X3 |
2018-04-10 - 2018-07-09 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer.html?cmd=login_submit&id=985c81cf8dd9235225c66ace4d0d2f40985c81cf8dd9235225c66ace4d0d2f40&session=985c81cf8dd9235225c66ace4d0d2f40985c81cf8dd9235225c66ace4d0d2f40
Frame ID: 501AFFB77B8E44314F6F0593B86EF82C
Requests: 13 HTTP requests in this frame
Frame:
https://www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/saved_resource.html
Frame ID: 5920FE932892A91C2D9BEEC8B8B15BA8
Requests: 1 HTTP requests in this frame
Frame:
https://www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/index.html
Frame ID: CBF11E659B2761E9E4E18E30673BAB6F
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://storage.googleapis.com/idwet/wetsign.html Page URL
-
https://www.luhanieehlers.co.za/wtr/wet
HTTP 301
https://www.luhanieehlers.co.za/wtr/wet/ HTTP 302
https://www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a HTTP 301
https://www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/ HTTP 302
https://www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer.html?cmd=login_submit&id... Page URL
Detected technologies
Ruby (Programming Languages) ExpandDetected patterns
- meta csrf-param /authenticity_token/i
Ruby on Rails (Web Frameworks) Expand
Detected patterns
- meta csrf-param /authenticity_token/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Terms of Service
Search URL Search Domain Scan URL
Title: Cookie Policy
Search URL Search Domain Scan URL
Title: WeTransfer
Search URL Search Domain Scan URL
Title: Plus
Search URL Search Domain Scan URL
Title: Apps
Search URL Search Domain Scan URL
Title: Advertise
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://storage.googleapis.com/idwet/wetsign.html Page URL
-
https://www.luhanieehlers.co.za/wtr/wet
HTTP 301
https://www.luhanieehlers.co.za/wtr/wet/ HTTP 302
https://www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a HTTP 301
https://www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/ HTTP 302
https://www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer.html?cmd=login_submit&id=985c81cf8dd9235225c66ace4d0d2f40985c81cf8dd9235225c66ace4d0d2f40&session=985c81cf8dd9235225c66ace4d0d2f40985c81cf8dd9235225c66ace4d0d2f40 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
wetsign.html
storage.googleapis.com/idwet/ |
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
WeTransfer.html
www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/ Redirect Chain
|
180 KB 180 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application-a36f7c449e60b3be635ac6593b388fc865598f034585feaa6469e3fbc49a51ab.css
www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/ |
342 KB 342 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
analytics.js.download
www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/ |
34 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bWqOLA69nu2fsMi45LjA.js.download
www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/ |
74 KB 74 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtm.js.download
www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/ |
32 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saved_resource.html
www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/ Frame 5920 |
812 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
terms_and_conditions-0adc3e44cceb63fdd236bfdc05474db144b03819fee59576fc92418a60633fa6.mp4
cdn.wetransfer.net/assets/transfer_window/ |
58 KB 58 KB |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.html
www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/ Frame CBF1 |
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
advertising-af72fc2e53268ff36ec4fb73e4dd756c514c393eaf213d8c2dbe527c72494405.js.download
www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/ |
346 B 600 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor-01b9ca410ec1add124bc4a02de17444e36d5b0a4e9cf8766290d7e5ac6b5b0b6.js.download
www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/ |
192 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application-1de0c0f6f947eb6a4500ac274ac76a98491b76715bc4ec05537f234102d0a2f5.js.download
www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/ |
128 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
o365small.png
www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/ |
0 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
email-iconsmall.png
www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wallpaper-toolbox-2.0.1.css
www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/ Frame CBF1 |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
copy.svg
www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/ Frame CBF1 |
30 KB 30 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow.svg
www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/ Frame CBF1 |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wallpaper-api-2.1.0.js.download
www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/ Frame CBF1 |
7 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wallpaper-toolbox-2.0.1.js.download
www.luhanieehlers.co.za/wtr/wet/a5e95330afdb43bc8908e1a32f3c5d6a/WeTransfer_files/ Frame CBF1 |
216 KB 216 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
1px.png
backgrounds.wetransfer.net/wetransfer/product/1804/onboarding1_v1/assets/images/ Frame CBF1 |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WeTransfer (Online)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showWhite function| hideWhite function| popupwnd function| ga object| gaplugins object| _i18n_ object| __session__ object| __manifest__ object| Wallpapers object| __dataLayerPayload__ undefined| transfer object| dataLayer boolean| __ads_enabled__ object| _snaq object| Snowplow0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
backgrounds.wetransfer.net
cdn.wetransfer.net
storage.googleapis.com
www.luhanieehlers.co.za
13.32.222.199
13.32.222.214
184.154.120.40
216.58.206.16
0adc3e44cceb63fdd236bfdc05474db144b03819fee59576fc92418a60633fa6
0f3fda9e7854ab4e6744c9327649571657fe260c96aa754ff42298e64a31f73c
1292ea64e8b7a5b59bc2e5abbd0a26259315f97fe3c38061eac7656ef4dd3b17
1fd7ade374faaf1e5ab4a1b13e97e476bd0167d1c25ca0e198bed49d2e53928a
2218bbf47b340278b7b696dbe3af4eed89edffa709c19abd6747b18147c3a675
5249152a75f1647f516ba23ffcd85d7ca12d3b6bddb99f933155826d8565e4c0
594f6ca1f9b6097945d1bb1c9deb5693c0b56c8c60f0630067a543f32447d11c
68fd4cf20c4de5c72271c3c1e59716342cc428612f8a4070f1ad658fd2f43991
6fdf626403e47e262ef78014e89d8effd5d4140aba9fc50bb63e16d579ee8cdd
833839e8127e87558f88c875025a042c3e809b5a01377e46fed4a18385e4cec1
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
a36f7c449e60b3be635ac6593b388fc865598f034585feaa6469e3fbc49a51ab
a6d75aad5c009d0bdf36d4c1d68d90e2848460fce782adb137819228842eefe0
af72fc2e53268ff36ec4fb73e4dd756c514c393eaf213d8c2dbe527c72494405
b2e6fe11a519d87f182349789f8c1b0f65b4c2f308256d28296135c7b02f97e9
e5e0f9eb170d1b1f328c716834b72f54a1778803eff1630384f7608e78001361
f853a4748c24a0bb46838616302c10e98c4e71826cc107ad8e293786bf5461c4