wetransfer.alexheisenberg.repl.co Open in urlscan Pro
35.201.120.147  Malicious Activity! Public Scan

6 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response wetransfer.alexheisenberg.repl.co/	26 KB 26 KB	318ms 146ms	Document text/html	35.201.120.147 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://wetransfer.alexheisenberg.repl.co/?email=williamchutchinson@legalshield.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.120.147 , Ascension Island, ASN15169 (GOOGLE, US), Reverse DNS 147.120.201.35.bc.googleusercontent.com Software / PHP/7.2.24-0ubuntu0.18.04.6 Resource Hash ad6e2a504bccd12f2861352c6ac0b6c4743021d798349e220f05537c1cf861c6 Request headers :method GET :authority wetransfer.alexheisenberg.repl.co :scheme https :path /?email=williamchutchinson@legalshield.com pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 cache-control no-store, no-cache, must-revalidate content-type text/html; charset=UTF-8 date Tue, 29 Sep 2020 07:35:00 GMT expect-ct max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791" expires Thu, 19 Nov 1981 08:52:00 GMT host wetransfer.alexheisenberg.repl.co pragma no-cache set-cookie PHPSESSID=vmvfuhvvuj5i9ibubgf33fdtkc; path=/ x-powered-by PHP/7.2.24-0ubuntu0.18.04.6
GET		ActiefGrotesque_W_Rg-1f437876.woff prod-cdn.wetransfer.net/packs/media/actiefgrotesque/	0 0
GET		ActiefGrotesque_W_Md-293e86f0.woff prod-cdn.wetransfer.net/packs/media/actiefgrotesque/	0 0
GET		GT-Super-WT-Super-1b214df1.woff prod-cdn.wetransfer.net/packs/media/gtsuperwt/	0 0
GET H2	200	application-9ca3e835.chunk.css prod-cdn.wetransfer.net/packs/css/	339 KB 45 KB	147ms 62ms	Stylesheet text/css	99.86.243.125 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css Requested by Host: wetransfer.alexheisenberg.repl.co URL: https://wetransfer.alexheisenberg.repl.co/?email=williamchutchinson@legalshield.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.86.243.125 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-243-125.vie50.r.cloudfront.net Software AmazonS3 / Resource Hash 675500414d9041d5df9f7aa9bd5f57eb5f4aa8d62c2b929fa4e22002e94ca98f Request headers Referer https://wetransfer.alexheisenberg.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 19 Sep 2020 00:16:01 GMT content-encoding gzip last-modified Fri, 18 Sep 2020 13:25:52 GMT server AmazonS3 age 890340 etag W/"1a2f44816c234e611dfc6fe78ad58644" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css status 200 cache-control public, max-age=31536000 x-amz-cf-pop VIE50-C1 x-amz-cf-id vDzwEY_mSJV5s6IlUpnp9JUA2CCpibu19-PSPZc_w9g9OcRuFRG7Aw== via 1.1 b48fca327a980187d93a198e7530195c.cloudfront.net (CloudFront)
GET H2	200	runtime~application-afd367b537134442b958.es6.js Show response prod-cdn.wetransfer.net/packs/esm/	6 KB 3 KB	126ms 42ms	Script application/javascript	99.86.243.125 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://prod-cdn.wetransfer.net/packs/esm/runtime~application-afd367b537134442b958.es6.js Requested by Host: wetransfer.alexheisenberg.repl.co URL: https://wetransfer.alexheisenberg.repl.co/?email=williamchutchinson@legalshield.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.86.243.125 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-243-125.vie50.r.cloudfront.net Software AmazonS3 / Resource Hash 464bdfe676fd759af0a6e403185b579f6e73ca5135944a4672c53e226a2e81a2 Request headers Referer https://wetransfer.alexheisenberg.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 18 Sep 2020 10:14:38 GMT content-encoding gzip last-modified Fri, 18 Sep 2020 10:11:46 GMT server AmazonS3 age 940823 etag W/"d12a56665871d73f1a876007f9d809c1" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 cache-control public, max-age=31536000 x-amz-cf-pop VIE50-C1 x-amz-cf-id fMufWYVMKL6AiNYRkvvKuCGoUm1bEhuSwhnLn79om0JxTVbU2CfKJg== via 1.1 b48fca327a980187d93a198e7530195c.cloudfront.net (CloudFront)
GET H2	200	application-28470e6f548ac972d85d.es6.js Show response prod-cdn.wetransfer.net/packs/esm/	693 KB 176 KB	208ms 124ms	Script application/javascript	99.86.243.125 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://prod-cdn.wetransfer.net/packs/esm/application-28470e6f548ac972d85d.es6.js Requested by Host: wetransfer.alexheisenberg.repl.co URL: https://wetransfer.alexheisenberg.repl.co/?email=williamchutchinson@legalshield.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.86.243.125 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-243-125.vie50.r.cloudfront.net Software AmazonS3 / Resource Hash af3865d029d561ea53a927bb67167223409aa54322aeec232eedd651197d01e8 Request headers Referer https://wetransfer.alexheisenberg.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 18 Sep 2020 10:14:38 GMT content-encoding gzip last-modified Fri, 18 Sep 2020 10:11:45 GMT server AmazonS3 age 940823 etag W/"1b0f5e9ddead712fa4d87c05abc7a436" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 cache-control public, max-age=31536000 x-amz-cf-pop VIE50-C1 x-amz-cf-id yAaCPvIXjI5qSy9xlm0ZiMJ_5VV6i8oTf5zT0NDf50rjPGq1SuYZEg== via 1.1 b48fca327a980187d93a198e7530195c.cloudfront.net (CloudFront)
GET H2	200	vendor-14d41395b12ad1118065.es6.js Show response prod-cdn.wetransfer.net/packs/esm/	542 KB 165 KB	179ms 95ms	Script application/javascript	99.86.243.125 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://prod-cdn.wetransfer.net/packs/esm/vendor-14d41395b12ad1118065.es6.js Requested by Host: wetransfer.alexheisenberg.repl.co URL: https://wetransfer.alexheisenberg.repl.co/?email=williamchutchinson@legalshield.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.86.243.125 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-243-125.vie50.r.cloudfront.net Software AmazonS3 / Resource Hash 8c6111118295ae17101ccba402d62b1d900ab149ad4c357cc2faa153fa857233 Request headers Referer https://wetransfer.alexheisenberg.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 18 Sep 2020 10:14:38 GMT content-encoding gzip last-modified Fri, 18 Sep 2020 10:11:46 GMT server AmazonS3 age 940823 etag W/"d9e853f8e6c80c906283fb20b99ac554" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 cache-control public, max-age=31536000 x-amz-cf-pop VIE50-C1 x-amz-cf-id 3RpB9lwnmIp2AaJyhsB4DX-CCkUshAgQ-rkxFp6e_l0uu6VXWDgH_Q== via 1.1 b48fca327a980187d93a198e7530195c.cloudfront.net (CloudFront)
GET H2	200	v2ovpU2CjG2b9b2CSSmk-KywBiIuykfx_NELwupI-yj9ppydgPHID4NeDVxOhIz9b Show response distributiontomatoes.com/	95 KB 29 KB	124ms 50ms	Script text/javascript	35.201.103.212 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://distributiontomatoes.com/v2ovpU2CjG2b9b2CSSmk-KywBiIuykfx_NELwupI-yj9ppydgPHID4NeDVxOhIz9b Requested by Host: wetransfer.alexheisenberg.repl.co URL: https://wetransfer.alexheisenberg.repl.co/?email=williamchutchinson@legalshield.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.103.212 , Ascension Island, ASN15169 (GOOGLE, US), Reverse DNS 212.103.201.35.bc.googleusercontent.com Software / Resource Hash a0cdb0c221fc709906d6b3246db2efc173caf3b9d122d6236b5f09778546ee8a Security Headers Name Value Strict-Transport-Security max-age=15724800; preload Request headers Referer https://wetransfer.alexheisenberg.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=15724800; preload content-encoding br x-datacenter gce-europe-west1 etag "aa27b83629db7f77d75369fcc91bd69e7d2758008dc9e8459f5802b789dfed11" vary Accept-Encoding, Accept-Language x-hostname paris content-type text/javascript; charset=utf-8 status 200 cache-control private, must-revalidate, max-age=21600 date Tue, 29 Sep 2020 07:35:01 GMT timing-allow-origin *
GET H2	200	gtm.js Show response www.googletagmanager.com/	164 KB 40 KB	16ms 16ms	Script application/javascript	2a00:1450:4001:81a::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-N9N5GP Requested by Host: wetransfer.alexheisenberg.repl.co URL: https://wetransfer.alexheisenberg.repl.co/?email=williamchutchinson@legalshield.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 2956fff1d74cc15fd852b7bb84e720d54dd857bf5f5022c7493a61f7433156a4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://wetransfer.alexheisenberg.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 29 Sep 2020 07:35:01 GMT content-encoding br vary Accept-Encoding status 200 alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 41192 x-xss-protection 0 last-modified Tue, 29 Sep 2020 06:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 29 Sep 2020 07:35:01 GMT
GET H2	200	sp.js Show response d19ptbnuzhibkh.cloudfront.net/2.10.2/	96 KB 30 KB	31ms 9ms	Script application/javascript	2600:9000:21f3:9c00:6:bbf2:440:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d19ptbnuzhibkh.cloudfront.net/2.10.2/sp.js Requested by Host: wetransfer.alexheisenberg.repl.co URL: https://wetransfer.alexheisenberg.repl.co/?email=williamchutchinson@legalshield.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21f3:9c00:6:bbf2:440:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash d9a9b2a15666ace13ce304e0a34baaa8a82ce5bc9d01480872869c9871dc552c Request headers Referer https://wetransfer.alexheisenberg.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 10 Sep 2020 03:12:35 GMT content-encoding gzip last-modified Tue, 30 Apr 2019 15:14:08 GMT server AmazonS3 age 1657347 etag "c7b65b3f4e8761897af9a3ca5d76682e" x-cache Hit from cloudfront content-type application/javascript status 200 cache-control max-age=315360000 x-amz-cf-pop FRA2-C2 accept-ranges bytes content-length 29895 via 1.1 2afacc6ad96dbba3f0b477cd95f16459.cloudfront.net (CloudFront) x-amz-cf-id w5C_UXca0pOlooKr17YUflm9FJs14MV_P6eST_pSKWOFFnkuHIssGg==
GET H2	200	en-fefc43b9a18cd895204b.es6.js Show response prod-cdn.wetransfer.net/packs/esm/runtime~locale/	2 KB 1 KB	105ms 42ms	Script application/javascript	99.86.243.125 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://prod-cdn.wetransfer.net/packs/esm/runtime~locale/en-fefc43b9a18cd895204b.es6.js Requested by Host: wetransfer.alexheisenberg.repl.co URL: https://wetransfer.alexheisenberg.repl.co/?email=williamchutchinson@legalshield.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.86.243.125 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-243-125.vie50.r.cloudfront.net Software AmazonS3 / Resource Hash decb59a28fd5ab4495e5d79b039fab95c87aff44a072398e5e1148b535adc407 Request headers Referer https://wetransfer.alexheisenberg.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 11 Sep 2020 13:36:38 GMT content-encoding gzip last-modified Fri, 11 Sep 2020 10:39:22 GMT server AmazonS3 age 1533503 etag W/"67e20ce6a36c5c9522ddc5646906e083" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 cache-control public, max-age=31536000 x-amz-cf-pop VIE50-C1 x-amz-cf-id -gJFhUm65muvm3dnveF8pTfrYq1FdACm11EgcWwyWPfjHHl8q_Sjtg== via 1.1 b48fca327a980187d93a198e7530195c.cloudfront.net (CloudFront)
GET H2	200	en-038180970828db4fa404.es6.js Show response prod-cdn.wetransfer.net/packs/esm/locale/	108 KB 33 KB	147ms 84ms	Script application/javascript	99.86.243.125 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://prod-cdn.wetransfer.net/packs/esm/locale/en-038180970828db4fa404.es6.js Requested by Host: wetransfer.alexheisenberg.repl.co URL: https://wetransfer.alexheisenberg.repl.co/?email=williamchutchinson@legalshield.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.86.243.125 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-243-125.vie50.r.cloudfront.net Software AmazonS3 / Resource Hash 369ca8c349ad1dfc603a649b69e73e0df9be7bc4f32506f5ea860159e3b47a94 Request headers Referer https://wetransfer.alexheisenberg.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 17 Sep 2020 09:11:52 GMT content-encoding gzip last-modified Thu, 17 Sep 2020 08:38:54 GMT server AmazonS3 age 1030989 etag W/"7cf6efcfe577eeed2bddaf63009226c1" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 cache-control public, max-age=31536000 x-amz-cf-pop VIE50-C1 x-amz-cf-id 4_o2A5LCuNqh2L58mJbml520O96atRWxhs35TRU1Ep3fV26zcz0deg== via 1.1 b48fca327a980187d93a198e7530195c.cloudfront.net (CloudFront)
GET H2	200	advertising-4aee5180207621f94abeb04df0d9e7e52f4496bf16a55f712b2feb788c8f89f4.js Show response prod-cdn.wetransfer.net/assets/	349 B 705 B	104ms 41ms	Script application/javascript	99.86.243.125 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://prod-cdn.wetransfer.net/assets/advertising-4aee5180207621f94abeb04df0d9e7e52f4496bf16a55f712b2feb788c8f89f4.js Requested by Host: wetransfer.alexheisenberg.repl.co URL: https://wetransfer.alexheisenberg.repl.co/?email=williamchutchinson@legalshield.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.86.243.125 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-243-125.vie50.r.cloudfront.net Software AmazonS3 / Resource Hash 4aee5180207621f94abeb04df0d9e7e52f4496bf16a55f712b2feb788c8f89f4 Request headers Referer https://wetransfer.alexheisenberg.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 12 Sep 2020 02:51:39 GMT via 1.1 b48fca327a980187d93a198e7530195c.cloudfront.net (CloudFront) last-modified Fri, 11 Sep 2020 10:40:11 GMT server AmazonS3 age 1485802 etag "019dafef616906d42b64043fce694aa3" x-cache Hit from cloudfront content-type application/javascript status 200 cache-control public, max-age=31536000 x-amz-cf-pop VIE50-C1 accept-ranges bytes content-length 349 x-amz-cf-id qg9V72rUu0x1Sl_5o4xdtfIVWRDHJX8Gbjt7ZU1kt7_VYkVpUjjmEA==
GET H2	200	cross-dark-ec4d805a.svg prod-cdn.wetransfer.net/packs/media/pro/	710 B 1 KB	39ms 39ms	Image image/svg+xml	99.86.243.125 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://prod-cdn.wetransfer.net/packs/media/pro/cross-dark-ec4d805a.svg Requested by Host: prod-cdn.wetransfer.net URL: https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.86.243.125 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-243-125.vie50.r.cloudfront.net Software AmazonS3 / Resource Hash 6137a1b17801e62f7eb45af085364abd96bf00c2c781df10ed7a7b216dcdfab1 Request headers Referer https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 16 Sep 2020 07:13:53 GMT via 1.1 b48fca327a980187d93a198e7530195c.cloudfront.net (CloudFront) last-modified Tue, 15 Sep 2020 15:12:14 GMT server AmazonS3 age 1124469 etag "e1ea74b8203083a2df662e1fdf0e775f" x-cache Hit from cloudfront content-type image/svg+xml status 200 cache-control public, max-age=31536000 x-amz-cf-pop VIE50-C1 accept-ranges bytes content-length 710 x-amz-cf-id 5Wp5t29XkCoJ3qRdrHvFfgknJj0apKfLRiG47lCMjHA68ShcWFjMBA==
GET H2	200	check-ae560310.svg prod-cdn.wetransfer.net/packs/media/images/	1 KB 957 B	39ms 39ms	Image image/svg+xml	99.86.243.125 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://prod-cdn.wetransfer.net/packs/media/images/check-ae560310.svg Requested by Host: prod-cdn.wetransfer.net URL: https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.86.243.125 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-243-125.vie50.r.cloudfront.net Software AmazonS3 / Resource Hash bf170345e058d8bcc3ec09e9064394dc4cb71c2c6037165e5637a0a926cba144 Request headers Referer https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 11 Sep 2020 23:11:20 GMT content-encoding gzip last-modified Fri, 11 Sep 2020 10:39:42 GMT server AmazonS3 age 1499022 etag W/"f1e6def956f57d4fb30b16daf04f4c5b" vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml status 200 cache-control public, max-age=31536000 x-amz-cf-pop VIE50-C1 x-amz-cf-id UFqDVW-_rxZe2F1nVIfU_vexCmvomNfgDsLR3IHNYYE29SAjL3D3Ow== via 1.1 b48fca327a980187d93a198e7530195c.cloudfront.net (CloudFront)
GET H2	200	globe-dd3d31e7.svg prod-cdn.wetransfer.net/packs/media/images/	841 B 1 KB	39ms 39ms	Image image/svg+xml	99.86.243.125 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://prod-cdn.wetransfer.net/packs/media/images/globe-dd3d31e7.svg Requested by Host: prod-cdn.wetransfer.net URL: https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.86.243.125 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-243-125.vie50.r.cloudfront.net Software AmazonS3 / Resource Hash 38209c8fb7d72a610b8354aebf269c82a0bcb7a03eeee94a4f64193e671db2b1 Request headers Referer https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 18 Sep 2020 08:43:20 GMT via 1.1 b48fca327a980187d93a198e7530195c.cloudfront.net (CloudFront) last-modified Fri, 18 Sep 2020 08:37:38 GMT server AmazonS3 age 946302 etag "e8ffef2e96af9a1e327b5cfc3d3e1c6d" x-cache Hit from cloudfront content-type image/svg+xml status 200 cache-control public, max-age=31536000 x-amz-cf-pop VIE50-C1 accept-ranges bytes content-length 841 x-amz-cf-id 3LebBIlO_071-CgudCe5-p40JNpRRgUkbS13T1KAsWRiClYZ7YabZw==
GET		ActiefGrotesque_W_Bd-1bdd99f9.woff prod-cdn.wetransfer.net/packs/media/actiefgrotesque/	0 0
GET H2	200	Bpze Show response ad.doubleclick.net/ddm/adj/Adalk/	11 B 653 B	108ms 38ms	Script text/javascript	216.58.212.134 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ad.doubleclick.net/ddm/adj/Adalk/Bpze Requested by Host: distributiontomatoes.com URL: https://distributiontomatoes.com/v2ovpU2CjG2b9b2CSSmk-KywBiIuykfx_NELwupI-yj9ppydgPHID4NeDVxOhIz9b Protocol H2 Security TLS 1.3, , AES_128_GCM Server 216.58.212.134 Mountain View, United States, ASN15169 (GOOGLE, US), Reverse DNS ams15s21-in-f134.1e100.net Software cafe / Resource Hash f1e945400c04241ef089d71de3b0cf7e202431ac4685ada318714fe07ee9dcb0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://wetransfer.alexheisenberg.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Tue, 29 Sep 2020 07:35:01 GMT content-encoding br x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" status 200 cache-control no-cache, must-revalidate content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	container.html tpc.googlesyndication.com/safeframe/1-0-23/html/ Frame 91AE	0 0	27ms 6ms	Document text/html	2a00:1450:4001:801::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/safeframe/1-0-23/html/container.html Requested by Host: distributiontomatoes.com URL: https://distributiontomatoes.com/v2ovpU2CjG2b9b2CSSmk-KywBiIuykfx_NELwupI-yj9ppydgPHID4NeDVxOhIz9b Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /safeframe/1-0-23/html/container.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://wetransfer.alexheisenberg.repl.co/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://wetransfer.alexheisenberg.repl.co/ Response headers status 200 accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html timing-allow-origin * content-length 1479 date Mon, 28 Sep 2020 07:40:39 GMT expires Tue, 28 Sep 2021 07:40:39 GMT last-modified Tue, 10 Apr 2018 14:51:09 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, immutable, max-age=31536000 age 86062 alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
POST H2	200	v2noopg7is6v7QUY_cX198UnQkhJ8U7leCv9yhq6rh4SQKHHjs3j2YwSsj5s91oOedqL-pFZ4kalSrwNs Show response distributiontomatoes.com/	216 B 623 B	119ms 47ms	Fetch application/json	35.201.103.212 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://distributiontomatoes.com/v2noopg7is6v7QUY_cX198UnQkhJ8U7leCv9yhq6rh4SQKHHjs3j2YwSsj5s91oOedqL-pFZ4kalSrwNs Requested by Host: distributiontomatoes.com URL: https://distributiontomatoes.com/v2ovpU2CjG2b9b2CSSmk-KywBiIuykfx_NELwupI-yj9ppydgPHID4NeDVxOhIz9b Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.103.212 , Ascension Island, ASN15169 (GOOGLE, US), Reverse DNS 212.103.201.35.bc.googleusercontent.com Software / Resource Hash 4618524331f6a97b9627147222bc1ef547702c1ac0bac250108480665a893af8 Security Headers Name Value Strict-Transport-Security max-age=15724800; preload Request headers Referer https://wetransfer.alexheisenberg.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers strict-transport-security max-age=15724800; preload x-datacenter gce-europe-west1 status 200 date Tue, 29 Sep 2020 07:35:02 GMT vary Accept-Encoding, Origin access-control-allow-methods POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://wetransfer.alexheisenberg.repl.co cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true x-hostname paris timing-allow-origin * access-control-allow-headers DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie content-length 216 expires Tue, 29 Sep 2020 07:35:01 GMT
POST H2	200	v2yetHXjxKg36hOpvHL1XlDYSzlW1m1It5VpuxFQRjTI17VmKMUvgbUbba8k9ujzBci_GCCwVJZDgAx27 Show response distributiontomatoes.com/	3 B 36 B	72ms 72ms	Fetch application/json	35.201.103.212 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://distributiontomatoes.com/v2yetHXjxKg36hOpvHL1XlDYSzlW1m1It5VpuxFQRjTI17VmKMUvgbUbba8k9ujzBci_GCCwVJZDgAx27 Requested by Host: distributiontomatoes.com URL: https://distributiontomatoes.com/v2ovpU2CjG2b9b2CSSmk-KywBiIuykfx_NELwupI-yj9ppydgPHID4NeDVxOhIz9b Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.103.212 , Ascension Island, ASN15169 (GOOGLE, US), Reverse DNS 212.103.201.35.bc.googleusercontent.com Software / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Security Headers Name Value Strict-Transport-Security max-age=15724800; preload Request headers Referer https://wetransfer.alexheisenberg.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers strict-transport-security max-age=15724800; preload x-datacenter gce-europe-west1 status 200 date Tue, 29 Sep 2020 07:35:02 GMT vary Accept-Encoding, Origin access-control-allow-methods POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://wetransfer.alexheisenberg.repl.co access-control-allow-credentials true x-hostname paris timing-allow-origin * access-control-allow-headers DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie content-length 3

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

prod-cdn.wetransfer.net

URL

https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Rg-1f437876.woff

Domain

prod-cdn.wetransfer.net

URL

https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Md-293e86f0.woff

Domain

prod-cdn.wetransfer.net

URL

https://prod-cdn.wetransfer.net/packs/media/gtsuperwt/GT-Super-WT-Super-1b214df1.woff

Domain

prod-cdn.wetransfer.net

URL

https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Bd-1bdd99f9.woff

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| webpackJsonp object| _i18n_ object| Wallpapers boolean| __ads_enabled__ object| google_tag_manager object| dataLayer function| admiral function| 4dm1r11545242527 function| _typeof object| _snaq object| Snowplow

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.wetransfer.alexheisenberg.repl.co/	1970-01-20 15:06:12	Name: _awl Value: 4.1601364902.0.4-29b6e17c-5ffaa6343973cff9309167092583c6df-6763652d6575726f70652d7765737431-5f72e3a6-0
			wetransfer.alexheisenberg.repl.co/	1969-12-31 23:59:59	Name: PHPSESSID Value: vmvfuhvvuj5i9ibubgf33fdtkc

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
d19ptbnuzhibkh.cloudfront.net
distributiontomatoes.com
prod-cdn.wetransfer.net
tpc.googlesyndication.com
wetransfer.alexheisenberg.repl.co
www.googletagmanager.com
prod-cdn.wetransfer.net
216.58.212.134
2600:9000:21f3:9c00:6:bbf2:440:21
2a00:1450:4001:801::2001
2a00:1450:4001:81a::2008
35.201.103.212
35.201.120.147
99.86.243.125
2956fff1d74cc15fd852b7bb84e720d54dd857bf5f5022c7493a61f7433156a4
369ca8c349ad1dfc603a649b69e73e0df9be7bc4f32506f5ea860159e3b47a94
38209c8fb7d72a610b8354aebf269c82a0bcb7a03eeee94a4f64193e671db2b1
4618524331f6a97b9627147222bc1ef547702c1ac0bac250108480665a893af8
464bdfe676fd759af0a6e403185b579f6e73ca5135944a4672c53e226a2e81a2
4aee5180207621f94abeb04df0d9e7e52f4496bf16a55f712b2feb788c8f89f4
6137a1b17801e62f7eb45af085364abd96bf00c2c781df10ed7a7b216dcdfab1
675500414d9041d5df9f7aa9bd5f57eb5f4aa8d62c2b929fa4e22002e94ca98f
8c6111118295ae17101ccba402d62b1d900ab149ad4c357cc2faa153fa857233
a0cdb0c221fc709906d6b3246db2efc173caf3b9d122d6236b5f09778546ee8a
ad6e2a504bccd12f2861352c6ac0b6c4743021d798349e220f05537c1cf861c6
af3865d029d561ea53a927bb67167223409aa54322aeec232eedd651197d01e8
bf170345e058d8bcc3ec09e9064394dc4cb71c2c6037165e5637a0a926cba144
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d9a9b2a15666ace13ce304e0a34baaa8a82ce5bc9d01480872869c9871dc552c
decb59a28fd5ab4495e5d79b039fab95c87aff44a072398e5e1148b535adc407
f1e945400c04241ef089d71de3b0cf7e202431ac4685ada318714fe07ee9dcb0