wetranferfile.us-south.cf.appdomain.cloud
Open in
urlscan Pro
169.47.124.25
Malicious Activity!
Public Scan
Effective URL: https://wetranferfile.us-south.cf.appdomain.cloud/web/?email=dW5kZWZpbmVk&?sid=db8f4d75ddbde15aba05b255aacc1a06ff78e5714fd985f85af3ab4ab9a03524aa5...
Submission: On April 23 via api from US
Summary
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on August 27th 2020. Valid for: a year.
This is the only time wetranferfile.us-south.cf.appdomain.cloud was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WeTransfer (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.204.230.185 52.204.230.185 | 14618 (AMAZON-AES) (AMAZON-AES) | |
12 | 169.47.124.25 169.47.124.25 | 36351 (SOFTLAYER) (SOFTLAYER) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:3b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 | 2a00:1450:400... 2a00:1450:4001:803::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::200a | 15169 (GOOGLE) (GOOGLE) | |
17 | 6 |
ASN36351 (SOFTLAYER, US)
PTR: 19.7c.2fa9.ip4.static.sl-reverse.com
wetranferfile.us-south.cf.appdomain.cloud |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
appdomain.cloud
wetranferfile.us-south.cf.appdomain.cloud |
704 KB |
2 |
googleapis.com
ajax.googleapis.com fonts.googleapis.com |
31 KB |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
10 KB |
1 |
jquery.com
code.jquery.com |
33 KB |
1 |
glitch.me
curvy-lightning-ease.glitch.me |
869 B |
17 | 5 |
Domain | Requested by | |
---|---|---|
12 | wetranferfile.us-south.cf.appdomain.cloud |
curvy-lightning-ease.glitch.me
wetranferfile.us-south.cf.appdomain.cloud |
1 | fonts.googleapis.com |
wetranferfile.us-south.cf.appdomain.cloud
|
1 | maxcdn.bootstrapcdn.com |
wetranferfile.us-south.cf.appdomain.cloud
|
1 | ajax.googleapis.com |
wetranferfile.us-south.cf.appdomain.cloud
|
1 | code.jquery.com |
wetranferfile.us-south.cf.appdomain.cloud
|
1 | curvy-lightning-ease.glitch.me | |
17 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
glitch.com Amazon |
2021-01-18 - 2022-02-15 |
a year | crt.sh |
*.us-south.cf.appdomain.cloud DigiCert SHA2 Secure Server CA |
2020-08-27 - 2021-09-01 |
a year | crt.sh |
jquery.org Sectigo RSA Domain Validation Secure Server CA |
2020-10-06 - 2021-10-16 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-03-23 - 2021-06-15 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-03-01 - 2022-02-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://wetranferfile.us-south.cf.appdomain.cloud/web/?email=dW5kZWZpbmVk&?sid=db8f4d75ddbde15aba05b255aacc1a06ff78e5714fd985f85af3ab4ab9a03524aa5269dd1c2f2c41fb0f89afbdc853eb
Frame ID: F79EDB24F9A1D9588FEC28DBF66672A4
Requests: 17 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://curvy-lightning-ease.glitch.me/ Page URL
- https://wetranferfile.us-south.cf.appdomain.cloud/web/?email=dW5kZWZpbmVk&?sid=db8f4d75ddbde15aba05b255aacc1a06ff78e5714fd985f... Page URL
Detected technologies
Amazon Web Services (PaaS) ExpandDetected patterns
- headers server /^AmazonS3$/i
Amazon S3 (Miscellaneous) Expand
Detected patterns
- headers server /^AmazonS3$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://curvy-lightning-ease.glitch.me/ Page URL
- https://wetranferfile.us-south.cf.appdomain.cloud/web/?email=dW5kZWZpbmVk&?sid=db8f4d75ddbde15aba05b255aacc1a06ff78e5714fd985f85af3ab4ab9a03524aa5269dd1c2f2c41fb0f89afbdc853eb Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
curvy-lightning-ease.glitch.me/ |
534 B 869 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
wetranferfile.us-south.cf.appdomain.cloud/web/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
code.jquery.com/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.4.0/js/ |
37 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
21 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
grwwk.css
wetranferfile.us-south.cf.appdomain.cloud/web/css/ |
235 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
wetranferfile.us-south.cf.appdomain.cloud/web/img/ |
63 KB 64 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
wetranferfile.us-south.cf.appdomain.cloud/web/vendor/jquery/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.bundle.min.js
wetranferfile.us-south.cf.appdomain.cloud/web/vendor/bootstrap/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.easing.min.js
wetranferfile.us-south.cf.appdomain.cloud/web/vendor/jquery-easing/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sb-admin-2.min.js
wetranferfile.us-south.cf.appdomain.cloud/web/js/ |
1 KB 961 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.jpg
wetranferfile.us-south.cf.appdomain.cloud/web/img/ |
496 KB 497 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow.png
wetranferfile.us-south.cf.appdomain.cloud/web/img/ |
58 KB 59 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tent.png
wetranferfile.us-south.cf.appdomain.cloud/web/img/ |
51 KB 51 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.bundle.min.js
wetranferfile.us-south.cf.appdomain.cloud/web/vendor/bootstrap/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.easing.min.js
wetranferfile.us-south.cf.appdomain.cloud/web/vendor/jquery-easing/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WeTransfer (Online)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
code.jquery.com
curvy-lightning-ease.glitch.me
fonts.googleapis.com
maxcdn.bootstrapcdn.com
wetranferfile.us-south.cf.appdomain.cloud
169.47.124.25
2001:4de0:ac18::1:a:3b
2606:4700::6812:bcf
2a00:1450:4001:803::200a
2a00:1450:4001:812::200a
52.204.230.185
0a5cfbf045af61b12e14293d0f7bec876e592d4d6ada400c3701d2c42fbe498e
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2d3ffe8452cb4bbaa2acafacb0b2a675f0494d6398e124d775017ea85c3a6570
468a524ffbc16d26f9237ef8b7bab0e8d92370f22f12630e2795c54b1297944b
4b940065e2a67c37e3bd02b23c651f4744a3c219aba2d4fb99a631113494d376
8b6d6466d4c3a772366cac90d2075c0f7537657291a3cb8e8ec696f416c8992e
909ae563eb34f7e4285a3a643ab5d7c21c5e6a80f3f455b949ac45f08d0389b4
924aa1d39f73a93d94492e0c71afe269bafc639a03f94d06928736455e14bfb6
ace77fd30206ec8338ee91a103f7f77adca8b2bdef251b1f350ce27d53d7bfcc
d989c9439ce32cfdf6e6ee57538e8f127b9074cf862682faece9e4e4673908be
f83a0f50000325deac64a58ebdb77aca091de863ac26b4c563bc28b8e8195f7f