we.ghclones.repl.co Open in urlscan Pro
35.186.245.55  Malicious Activity! Public Scan

6 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request sec.php Show response we.ghclones.repl.co/ZoneDNS/	26 KB 27 KB	558ms 201ms	Document text/html	35.186.245.55 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://we.ghclones.repl.co/ZoneDNS/sec.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 55.245.186.35.bc.googleusercontent.com Software / PHP/7.2.24-0ubuntu0.18.04.7 Resource Hash af29a220a56fc6a18515b726c0acde8f358b2ea55ab399f1d9e555fc1cbf95c0 Security Headers Name Value Strict-Transport-Security max-age=3504004; includeSubDomains Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers content-type text/html; charset=UTF-8 date Sun, 30 Jan 2022 08:56:40 GMT expect-ct max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791" host we.ghclones.repl.co replit-cluster global strict-transport-security max-age=3504004; includeSubDomains x-powered-by PHP/7.2.24-0ubuntu0.18.04.7
GET		ActiefGrotesque_W_Rg-1f437876.woff prod-cdn.wetransfer.net/packs/media/actiefgrotesque/	0 0
GET		ActiefGrotesque_W_Md-293e86f0.woff prod-cdn.wetransfer.net/packs/media/actiefgrotesque/	0 0
GET		GT-Super-WT-Super-1b214df1.woff prod-cdn.wetransfer.net/packs/media/gtsuperwt/	0 0
GET H2	200	application-9ca3e835.chunk.css prod-cdn.wetransfer.net/packs/css/	339 KB 45 KB	69ms 28ms	Stylesheet text/css	18.66.180.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css Requested by Host: we.ghclones.repl.co URL: https://we.ghclones.repl.co/ZoneDNS/sec.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.180.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-180-84.muc50.r.cloudfront.net Software AmazonS3 / Resource Hash 675500414d9041d5df9f7aa9bd5f57eb5f4aa8d62c2b929fa4e22002e94ca98f Request headers Accept-Language de-DE,de;q=0.9 Referer https://we.ghclones.repl.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 23 Jan 2022 11:33:41 GMT content-encoding gzip last-modified Tue, 22 Sep 2020 15:02:23 GMT server AmazonS3 age 595380 etag W/"1a2f44816c234e611dfc6fe78ad58644" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 5399a427cccb3191e8715ae58ba175aa.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop MUC50-P1 x-amz-cf-id xcmyLPe5uVMVIqqjWldyh4cL7I5W7m5hu2I12Iy1I054ma2BAbD-mQ==
GET H2	200	runtime~application-afd367b537134442b958.es6.js Show response prod-cdn.wetransfer.net/packs/esm/	6 KB 3 KB	65ms 24ms	Script application/javascript	18.66.180.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://prod-cdn.wetransfer.net/packs/esm/runtime~application-afd367b537134442b958.es6.js Requested by Host: we.ghclones.repl.co URL: https://we.ghclones.repl.co/ZoneDNS/sec.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.180.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-180-84.muc50.r.cloudfront.net Software AmazonS3 / Resource Hash 464bdfe676fd759af0a6e403185b579f6e73ca5135944a4672c53e226a2e81a2 Request headers Accept-Language de-DE,de;q=0.9 Referer https://we.ghclones.repl.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Wed, 26 Jan 2022 08:37:29 GMT content-encoding gzip last-modified Fri, 18 Sep 2020 10:53:36 GMT server AmazonS3 age 346752 etag W/"d12a56665871d73f1a876007f9d809c1" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 5399a427cccb3191e8715ae58ba175aa.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop MUC50-P1 x-amz-cf-id 4iswf-WjPaHX8jjxV9iVK8OrYYTFMVPHYSnudsI-f3Xsk6IUZ8EIZQ==
GET H2	200	application-28470e6f548ac972d85d.es6.js Show response prod-cdn.wetransfer.net/packs/esm/	693 KB 176 KB	211ms 170ms	Script application/javascript	18.66.180.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://prod-cdn.wetransfer.net/packs/esm/application-28470e6f548ac972d85d.es6.js Requested by Host: we.ghclones.repl.co URL: https://we.ghclones.repl.co/ZoneDNS/sec.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.180.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-180-84.muc50.r.cloudfront.net Software AmazonS3 / Resource Hash af3865d029d561ea53a927bb67167223409aa54322aeec232eedd651197d01e8 Request headers Accept-Language de-DE,de;q=0.9 Referer https://we.ghclones.repl.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 30 Jan 2022 08:56:41 GMT content-encoding gzip last-modified Mon, 21 Sep 2020 11:45:54 GMT server AmazonS3 x-amz-cf-pop MUC50-P1 etag W/"1b0f5e9ddead712fa4d87c05abc7a436" vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript via 1.1 5399a427cccb3191e8715ae58ba175aa.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-id _wHHrLl48JjQ4MyAbn-ctfwis8KnGJn5XRGTIn5XRePonFUKmoR7Bw==
GET H2	200	vendor-14d41395b12ad1118065.es6.js Show response prod-cdn.wetransfer.net/packs/esm/	542 KB 165 KB	232ms 192ms	Script application/javascript	18.66.180.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://prod-cdn.wetransfer.net/packs/esm/vendor-14d41395b12ad1118065.es6.js Requested by Host: we.ghclones.repl.co URL: https://we.ghclones.repl.co/ZoneDNS/sec.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.180.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-180-84.muc50.r.cloudfront.net Software AmazonS3 / Resource Hash 8c6111118295ae17101ccba402d62b1d900ab149ad4c357cc2faa153fa857233 Request headers Accept-Language de-DE,de;q=0.9 Referer https://we.ghclones.repl.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 30 Jan 2022 08:56:41 GMT content-encoding gzip last-modified Mon, 21 Sep 2020 11:45:55 GMT server AmazonS3 x-amz-cf-pop MUC50-P1 etag W/"d9e853f8e6c80c906283fb20b99ac554" vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript via 1.1 5399a427cccb3191e8715ae58ba175aa.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-id 1qvlhKPB_THE1GAvFK2PvSboFdndZgmo5ayX0Z_WWXutMpORwnfgAA==
GET H2	200	v2ovpU2CjG2b9b2CSSmk-KywBiIuykfx_NELwupI-yj9ppydgPHID4NeDVxOhIz9b Show response distributiontomatoes.com/	89 KB 27 KB	343ms 296ms	Script text/javascript	35.201.103.212 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://distributiontomatoes.com/v2ovpU2CjG2b9b2CSSmk-KywBiIuykfx_NELwupI-yj9ppydgPHID4NeDVxOhIz9b Requested by Host: we.ghclones.repl.co URL: https://we.ghclones.repl.co/ZoneDNS/sec.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.103.212 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 212.103.201.35.bc.googleusercontent.com Software / Resource Hash 7c8ccbda3eb6a121c87e25f8bc4ff91027adec63c9ba41991fd296c373864d92 Security Headers Name Value Strict-Transport-Security max-age=15724800; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://we.ghclones.repl.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=15724800; preload content-encoding br x-datacenter gce-europe-west1 etag "53525db650b364af85f72cf45ef631090142ca1e75413189b7693ae1c33d1777" vary Accept-Encoding, Accept-Language x-hostname fen-hoothoot-europe-west1-spot-d6q6 content-type text/javascript; charset=utf-8 cache-control private, must-revalidate, max-age=21600 date Sun, 30 Jan 2022 08:56:41 GMT timing-allow-origin *
GET H2	200	gtm.js Show response www.googletagmanager.com/	198 KB 55 KB	70ms 49ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-N9N5GP Requested by Host: we.ghclones.repl.co URL: https://we.ghclones.repl.co/ZoneDNS/sec.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash d0e073c7a4a341933483f3dbaf3712be90e6534d404e27073c50b03fca0581d4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://we.ghclones.repl.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 30 Jan 2022 08:56:40 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 55965 x-xss-protection 0 last-modified Sun, 30 Jan 2022 06:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Sun, 30 Jan 2022 08:56:40 GMT
GET H2	200	sp.js Show response d19ptbnuzhibkh.cloudfront.net/2.10.2/	96 KB 30 KB	64ms 22ms	Script application/javascript	2600:9000:2156:4800:6:bbf2:440:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d19ptbnuzhibkh.cloudfront.net/2.10.2/sp.js Requested by Host: we.ghclones.repl.co URL: https://we.ghclones.repl.co/ZoneDNS/sec.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:4800:6:bbf2:440:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash d9a9b2a15666ace13ce304e0a34baaa8a82ce5bc9d01480872869c9871dc552c Request headers Accept-Language de-DE,de;q=0.9 Referer https://we.ghclones.repl.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Wed, 24 Nov 2021 05:28:19 GMT content-encoding gzip last-modified Tue, 30 Apr 2019 15:14:08 GMT server AmazonS3 age 5801302 etag "c7b65b3f4e8761897af9a3ca5d76682e" x-cache Hit from cloudfront content-type application/javascript via 1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront) cache-control max-age=315360000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-length 29895 x-amz-cf-id lz09wgGqZwEyGOHBvXgXZRSBbDsvors9tVGA8s8VeM4NvgG0Sg_k3Q==
GET H2	200	en-fefc43b9a18cd895204b.es6.js Show response prod-cdn.wetransfer.net/packs/esm/runtime~locale/	1 KB 1 KB	55ms 48ms	Script application/javascript	18.66.180.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://prod-cdn.wetransfer.net/packs/esm/runtime~locale/en-fefc43b9a18cd895204b.es6.js Requested by Host: we.ghclones.repl.co URL: https://we.ghclones.repl.co/ZoneDNS/sec.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.180.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-180-84.muc50.r.cloudfront.net Software AmazonS3 / Resource Hash 6ad7a2b3de7e875e7eadb81dd928bfbd1628490b2ceed0e86d20e692972a17ba Request headers Accept-Language de-DE,de;q=0.9 Referer https://we.ghclones.repl.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 10:33:41 GMT content-encoding gzip last-modified Thu, 08 Oct 2020 15:54:28 GMT server AmazonS3 age 1030979 etag W/"554bf6c0de6b05c91b47b37b7ecc30ad" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 5399a427cccb3191e8715ae58ba175aa.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop MUC50-P1 x-amz-cf-id GM83vE5_fpiGbpG1dmP-WqN6TocHTrwMXNDQ1RMOcgvrJoF8Icykbg==
GET H2	200	en-038180970828db4fa404.es6.js Show response prod-cdn.wetransfer.net/packs/esm/locale/	108 KB 33 KB	49ms 42ms	Script application/javascript	18.66.180.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://prod-cdn.wetransfer.net/packs/esm/locale/en-038180970828db4fa404.es6.js Requested by Host: we.ghclones.repl.co URL: https://we.ghclones.repl.co/ZoneDNS/sec.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.180.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-180-84.muc50.r.cloudfront.net Software AmazonS3 / Resource Hash 64532dc502168483fac470c4cef3f1fee7c6d79425d201e014e2e46abfedf5b3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://we.ghclones.repl.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 28 Jan 2022 10:41:38 GMT content-encoding gzip last-modified Fri, 18 Sep 2020 10:53:36 GMT server AmazonS3 age 166503 etag W/"07bfb19d8ac878fe1373d06c1b77e104" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 5399a427cccb3191e8715ae58ba175aa.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop MUC50-P1 x-amz-cf-id XefWosyqhTNWXJCj0Pur80gA8G1yLeHhsQUFS-KUhJPUkkdw5IMCzQ==
GET H2	200	advertising-4aee5180207621f94abeb04df0d9e7e52f4496bf16a55f712b2feb788c8f89f4.js Show response prod-cdn.wetransfer.net/assets/	349 B 714 B	22ms 15ms	Script application/javascript	18.66.180.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://prod-cdn.wetransfer.net/assets/advertising-4aee5180207621f94abeb04df0d9e7e52f4496bf16a55f712b2feb788c8f89f4.js Requested by Host: we.ghclones.repl.co URL: https://we.ghclones.repl.co/ZoneDNS/sec.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.180.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-180-84.muc50.r.cloudfront.net Software AmazonS3 / Resource Hash 4aee5180207621f94abeb04df0d9e7e52f4496bf16a55f712b2feb788c8f89f4 Request headers Accept-Language de-DE,de;q=0.9 Referer https://we.ghclones.repl.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 03 Sep 2021 03:57:54 GMT via 1.1 5399a427cccb3191e8715ae58ba175aa.cloudfront.net (CloudFront) last-modified Thu, 02 Sep 2021 12:38:30 GMT server AmazonS3 age 12891527 etag "019dafef616906d42b64043fce694aa3" x-cache Hit from cloudfront content-type application/javascript cache-control public, max-age=31536000 x-amz-cf-pop MUC50-P1 accept-ranges bytes content-length 349 x-amz-cf-id wDNiKdjXa1P1kOgp0Eo7IOD0Zk-e88Y3W68vFK5Wxr6KXr2IqEfKtg==
GET H2	200	cross-dark-ec4d805a.svg prod-cdn.wetransfer.net/packs/media/pro/	710 B 1 KB	15ms 15ms	Image image/svg+xml	18.66.180.84 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://prod-cdn.wetransfer.net/packs/media/pro/cross-dark-ec4d805a.svg Requested by Host: prod-cdn.wetransfer.net URL: https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.180.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-180-84.muc50.r.cloudfront.net Software AmazonS3 / Resource Hash 6137a1b17801e62f7eb45af085364abd96bf00c2c781df10ed7a7b216dcdfab1 Request headers Accept-Language de-DE,de;q=0.9 Referer https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 15 Oct 2021 23:37:39 GMT via 1.1 5399a427cccb3191e8715ae58ba175aa.cloudfront.net (CloudFront) last-modified Fri, 15 Oct 2021 15:34:57 GMT server AmazonS3 age 9191942 etag "e1ea74b8203083a2df662e1fdf0e775f" x-cache Hit from cloudfront content-type image/svg+xml cache-control public, max-age=31536000 x-amz-cf-pop MUC50-P1 accept-ranges bytes content-length 710 x-amz-cf-id OgtxtstZJDO3lDO4Ba_5RH2InfjixJ6hUCw9duek8fq1iFT8q9BXTQ==
GET H2	200	check-ae560310.svg prod-cdn.wetransfer.net/packs/media/images/	1 KB 965 B	15ms 15ms	Image image/svg+xml	18.66.180.84 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://prod-cdn.wetransfer.net/packs/media/images/check-ae560310.svg Requested by Host: prod-cdn.wetransfer.net URL: https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.180.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-180-84.muc50.r.cloudfront.net Software AmazonS3 / Resource Hash bf170345e058d8bcc3ec09e9064394dc4cb71c2c6037165e5637a0a926cba144 Request headers Accept-Language de-DE,de;q=0.9 Referer https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Wed, 13 Oct 2021 13:41:31 GMT content-encoding gzip last-modified Wed, 13 Oct 2021 12:41:34 GMT server AmazonS3 age 9400509 etag W/"f1e6def956f57d4fb30b16daf04f4c5b" vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml via 1.1 5399a427cccb3191e8715ae58ba175aa.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop MUC50-P1 x-amz-cf-id LbT_xKfr3OHMxi-C6YWJLCQRj7LGQ6E3CPkY7e2EemqD9Rns0b_xPw==
GET H2	200	globe-dd3d31e7.svg prod-cdn.wetransfer.net/packs/media/images/	841 B 1 KB	14ms 14ms	Image image/svg+xml	18.66.180.84 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://prod-cdn.wetransfer.net/packs/media/images/globe-dd3d31e7.svg Requested by Host: prod-cdn.wetransfer.net URL: https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.180.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-180-84.muc50.r.cloudfront.net Software AmazonS3 / Resource Hash 38209c8fb7d72a610b8354aebf269c82a0bcb7a03eeee94a4f64193e671db2b1 Request headers Accept-Language de-DE,de;q=0.9 Referer https://prod-cdn.wetransfer.net/packs/css/application-9ca3e835.chunk.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 24 Apr 2021 10:46:48 GMT via 1.1 5399a427cccb3191e8715ae58ba175aa.cloudfront.net (CloudFront) last-modified Fri, 23 Apr 2021 15:43:36 GMT server AmazonS3 age 24271793 etag "e8ffef2e96af9a1e327b5cfc3d3e1c6d" x-cache Hit from cloudfront content-type image/svg+xml cache-control public, max-age=31536000 x-amz-cf-pop MUC50-P1 accept-ranges bytes content-length 841 x-amz-cf-id wUxAWInRuXfgGBJGk7Q2rKJVzh03gT9uF514OAslXFh0-6JKA-E_Sg==
GET		ActiefGrotesque_W_Bd-1bdd99f9.woff prod-cdn.wetransfer.net/packs/media/actiefgrotesque/	0 0
GET H2	200	skeleton.gif static.adsafeprotected.com/	43 B 480 B	51ms 9ms	Image image/gif	2600:9000:224a:2800:8:48e:53c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://static.adsafeprotected.com/skeleton.gif Requested by Host: we.ghclones.repl.co URL: https://we.ghclones.repl.co/ZoneDNS/sec.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:224a:2800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2 Request headers Accept-Language de-DE,de;q=0.9 Referer https://we.ghclones.repl.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 06 Aug 2021 16:14:35 GMT via 1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront) age 15266527 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED content-length 43 last-modified Mon, 17 Aug 2020 23:55:15 GMT server AmazonS3 etag "45cf913e5d9d3c9b2058033056d3dd23" x-amz-version-id iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja cache-control max-age=315360000 x-amz-cf-pop DUS51-P1 accept-ranges bytes content-type image/gif x-amz-cf-id xGnh99ii1TAGdLpeo9ebe4ZksSoUMx1-Gu4GAwKcpdmOB72eBuzWAQ==
POST H2	200	v2kwfgNcdJbcxXk9KLnyFZvTyQOf1UhgzH8GnuLw16LcKLhmX-ZVqt0Xwh-tQ165yoemIVP8H Show response wtaccesscontrol.com/	209 B 628 B	222ms 15ms	Fetch application/json	35.190.74.222 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://wtaccesscontrol.com/v2kwfgNcdJbcxXk9KLnyFZvTyQOf1UhgzH8GnuLw16LcKLhmX-ZVqt0Xwh-tQ165yoemIVP8H Requested by Host: distributiontomatoes.com URL: https://distributiontomatoes.com/v2ovpU2CjG2b9b2CSSmk-KywBiIuykfx_NELwupI-yj9ppydgPHID4NeDVxOhIz9b Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.190.74.222 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 222.74.190.35.bc.googleusercontent.com Software / Resource Hash c1fbae1baea44d1adc46113116461fcc0bd32828947c84b350cb90f3652e291d Security Headers Name Value Strict-Transport-Security max-age=15724800; preload Request headers Referer https://we.ghclones.repl.co/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers strict-transport-security max-age=15724800; preload x-datacenter gce-europe-west1 date Sun, 30 Jan 2022 08:56:41 GMT vary Accept-Encoding, Origin access-control-allow-methods POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://we.ghclones.repl.co cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true x-hostname fen-hoothoot-europe-west1-spot-d6q6 timing-allow-origin * access-control-allow-headers DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie content-length 209 expires Sun, 30 Jan 2022 08:56:40 GMT
POST H2	200	v2mpn7T2qhHpS1yu-C9C5anj6txvOw2DS_COvAEOLu5rXeY__rS-ODcx_hy0SPka8ZjME_ywW Show response wtaccesscontrol.com/	361 B 396 B	215ms 215ms	Fetch application/json	35.190.74.222 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://wtaccesscontrol.com/v2mpn7T2qhHpS1yu-C9C5anj6txvOw2DS_COvAEOLu5rXeY__rS-ODcx_hy0SPka8ZjME_ywW Requested by Host: distributiontomatoes.com URL: https://distributiontomatoes.com/v2ovpU2CjG2b9b2CSSmk-KywBiIuykfx_NELwupI-yj9ppydgPHID4NeDVxOhIz9b Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.190.74.222 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 222.74.190.35.bc.googleusercontent.com Software / Resource Hash be6e31130bd35098c8f3beb4775d9f5c890cfe4aba84453cee010c2b8885cf48 Security Headers Name Value Strict-Transport-Security max-age=15724800; preload Request headers Referer https://we.ghclones.repl.co/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers strict-transport-security max-age=15724800; preload x-datacenter gce-europe-west1 date Sun, 30 Jan 2022 08:56:41 GMT vary Accept-Encoding, Origin access-control-allow-methods POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://we.ghclones.repl.co access-control-allow-credentials true x-hostname fen-hoothoot-europe-west1-spot-d6q6 timing-allow-origin * access-control-allow-headers DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie content-length 361

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

prod-cdn.wetransfer.net

URL

https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Rg-1f437876.woff

Domain

prod-cdn.wetransfer.net

URL

https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Md-293e86f0.woff

Domain

prod-cdn.wetransfer.net

URL

https://prod-cdn.wetransfer.net/packs/media/gtsuperwt/GT-Super-WT-Super-1b214df1.woff

Domain

prod-cdn.wetransfer.net

URL

https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Bd-1bdd99f9.woff

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackJsonp object| _i18n_ object| Wallpapers boolean| __ads_enabled__ function| _typeof object| _snaq object| Snowplow object| google_tag_manager object| dataLayer function| admiral function| 4dm1r11545242527

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.we.ghclones.repl.co/	1970-01-21 02:49:01	Name: _awl Value: 4.1643533001.0.5-0ab5b0b48ab253ffd33af8cbe10d75e9-6763652d6575726f70652d7765737431-0
			.we.ghclones.repl.co/	1970-01-21 02:49:01	Name: _admrla Value: 4.2-f739eabf26353108-8b113941-81aa-11ec-85e1-fbfe7c7c2073

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://we.ghclones.repl.co/ZoneDNS/sec.php Message: Access to font at 'https://prod-cdn.wetransfer.net/packs/media/gtsuperwt/GT-Super-WT-Super-1b214df1.woff' from origin 'https://we.ghclones.repl.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://prod-cdn.wetransfer.net/packs/media/gtsuperwt/GT-Super-WT-Super-1b214df1.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://we.ghclones.repl.co/ZoneDNS/sec.php Message: Access to font at 'https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Rg-1f437876.woff' from origin 'https://we.ghclones.repl.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Rg-1f437876.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://we.ghclones.repl.co/ZoneDNS/sec.php Message: Access to font at 'https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Md-293e86f0.woff' from origin 'https://we.ghclones.repl.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Md-293e86f0.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://we.ghclones.repl.co/ZoneDNS/sec.php Message: Access to font at 'https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Bd-1bdd99f9.woff' from origin 'https://we.ghclones.repl.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Bd-1bdd99f9.woff Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=3504004; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d19ptbnuzhibkh.cloudfront.net
distributiontomatoes.com
prod-cdn.wetransfer.net
static.adsafeprotected.com
we.ghclones.repl.co
wtaccesscontrol.com
www.googletagmanager.com
prod-cdn.wetransfer.net
18.66.180.84
2600:9000:2156:4800:6:bbf2:440:21
2600:9000:224a:2800:8:48e:53c0:93a1
2a00:1450:4001:82f::2008
35.186.245.55
35.190.74.222
35.201.103.212
38209c8fb7d72a610b8354aebf269c82a0bcb7a03eeee94a4f64193e671db2b1
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
464bdfe676fd759af0a6e403185b579f6e73ca5135944a4672c53e226a2e81a2
4aee5180207621f94abeb04df0d9e7e52f4496bf16a55f712b2feb788c8f89f4
6137a1b17801e62f7eb45af085364abd96bf00c2c781df10ed7a7b216dcdfab1
64532dc502168483fac470c4cef3f1fee7c6d79425d201e014e2e46abfedf5b3
675500414d9041d5df9f7aa9bd5f57eb5f4aa8d62c2b929fa4e22002e94ca98f
6ad7a2b3de7e875e7eadb81dd928bfbd1628490b2ceed0e86d20e692972a17ba
7c8ccbda3eb6a121c87e25f8bc4ff91027adec63c9ba41991fd296c373864d92
8c6111118295ae17101ccba402d62b1d900ab149ad4c357cc2faa153fa857233
af29a220a56fc6a18515b726c0acde8f358b2ea55ab399f1d9e555fc1cbf95c0
af3865d029d561ea53a927bb67167223409aa54322aeec232eedd651197d01e8
be6e31130bd35098c8f3beb4775d9f5c890cfe4aba84453cee010c2b8885cf48
bf170345e058d8bcc3ec09e9064394dc4cb71c2c6037165e5637a0a926cba144
c1fbae1baea44d1adc46113116461fcc0bd32828947c84b350cb90f3652e291d
d0e073c7a4a341933483f3dbaf3712be90e6534d404e27073c50b03fca0581d4
d9a9b2a15666ace13ce304e0a34baaa8a82ce5bc9d01480872869c9871dc552c