urlscan.io logo urlscan.io
SecurityTrails logo

mail-wetransfer000-bardeen-177e65.netlify.app Open in urlscan Pro
2a05:d014:275:cb01:1f85:932b:b797:22f9  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://mail-wetransfer000-bardeen-177e65.netlify.app/
Effective URL: https://mail-wetransfer000-bardeen-177e65.netlify.app/
Submission: On July 30 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 8 HTTP transactions. The main IP is 2a05:d014:275:cb01:1f85:932b:b797:22f9, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is mail-wetransfer000-bardeen-177e65.netlify.app.
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on March 9th 2021. Valid for: a year.
This is the only time mail-wetransfer000-bardeen-177e65.netlify.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

IP Address AS Autonomous System
1 2a05:d014:275... 16509 (AMAZON-02)
1 2 162.241.24.44 46606 (UNIFIEDLA...)
1 143.204.205.75 16509 (AMAZON-02)
1 198.54.120.22 22612 (NAMECHEAP...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
8 6
1    2a05:d014:275:cb01:1f85:932b:b797:22f9 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
mail-wetransfer000-bardeen-177e65.netlify.app
2    162.241.24.44 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5844.bluehost.com
mail-adk.com
1    143.204.205.75 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-205-75.fra53.r.cloudfront.net
cdn.glitch.com
1    198.54.120.22 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: host17.registrar-servers.com
ajax.googleapis.luchifab.com
1    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
Domain Requested by
2 mail-adk.com 1 redirects mail-wetransfer000-bardeen-177e65.netlify.app
1 stackpath.bootstrapcdn.com mail-wetransfer000-bardeen-177e65.netlify.app
1 ajax.googleapis.luchifab.com mail-wetransfer000-bardeen-177e65.netlify.app
1 cdn.glitch.com mail-wetransfer000-bardeen-177e65.netlify.app
1 mail-wetransfer000-bardeen-177e65.netlify.app
8 5

This site contains no links.

Subject Issuer Validity Valid
*.netlify.app
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-03-09 -
2022-03-01		 a year crt.sh
www.mail-adk.com
R3		 2021-04-24 -
2021-07-23		 3 months crt.sh
glitch.com
Amazon		 2021-01-18 -
2022-02-15		 a year crt.sh
ajax.googleapis.luchifab.com
ZeroSSL RSA Domain Secure Site CA		 2021-05-04 -
2021-08-02		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-03-01 -
2022-02-28		 a year crt.sh

This page contains 1 frames:

Primary Page: https://mail-wetransfer000-bardeen-177e65.netlify.app/
Frame ID: AE2D48E3FECD0CFC38EBFD8C2B044277
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://mail-wetransfer000-bardeen-177e65.netlify.app/ HTTP 307
    https://mail-wetransfer000-bardeen-177e65.netlify.app/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /\/wp-(?:content|includes)\//i
Overall confidence: 100%
Detected patterns
  • script /\/wp-(?:content|includes)\//i
Overall confidence: 100%
Detected patterns
  • script /\/wp-(?:content|includes)\//i
Overall confidence: 100%
Detected patterns
  • headers server /^Netlify/i

Page Statistics

8
Requests

50 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

212 kB
Transfer

538 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://mail-wetransfer000-bardeen-177e65.netlify.app/ HTTP 307
    https://mail-wetransfer000-bardeen-177e65.netlify.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://mail-adk.com/wp-content/nan/filewe/pdf.js HTTP 302
  • https://mail-adk.com/cgi-sys/suspendedpage.cgi

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
mail-wetransfer000-bardeen-177e65.netlify.app/
Redirect Chain
  • http://mail-wetransfer000-bardeen-177e65.netlify.app/
  • https://mail-wetransfer000-bardeen-177e65.netlify.app/
170 KB
119 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mail-wetransfer000-bardeen-177e65.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:275:cb01:1f85:932b:b797:22f9 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
8bff3c57d9e6b69c3c5c1f9e0025420eff7d101f99c6132f502e6f4699bc736f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:method
GET
:authority
mail-wetransfer000-bardeen-177e65.netlify.app
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cache-control
public, max-age=0, must-revalidate
content-type
text/html; charset=UTF-8
date
Thu, 29 Jul 2021 03:40:13 GMT
etag
"861dfe39bb92c9f8018fac6fe84f55b6-ssl-df"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-nf-request-id
01FBTX9HM4WSGAFY7QAPBYG149
server
Netlify
content-encoding
gzip
content-length
121686
vary
Accept-Encoding
age
91987

Redirect headers

Location
https://mail-wetransfer000-bardeen-177e65.netlify.app/
Non-Authoritative-Reason
HSTS
suspendedpage.cgi
mail-adk.com/cgi-sys/
Redirect Chain
  • https://mail-adk.com/wp-content/nan/filewe/pdf.js
  • https://mail-adk.com/cgi-sys/suspendedpage.cgi
0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://mail-adk.com/cgi-sys/suspendedpage.cgi
Requested by
Host: mail-wetransfer000-bardeen-177e65.netlify.app
URL: https://mail-wetransfer000-bardeen-177e65.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.24.44 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
box5844.bluehost.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://mail-wetransfer000-bardeen-177e65.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

location
https://mail-adk.com/cgi-sys/suspendedpage.cgi
date
Fri, 30 Jul 2021 05:13:21 GMT
content-length
230
server
nginx/1.19.10
host-header
c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-server-cache
false
content-type
text/html; charset=iso-8859-1
a9bfcce0-422b-46e4-9074-3147cbc03390%2Ficon.ico
cdn.glitch.com/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.glitch.com/a9bfcce0-422b-46e4-9074-3147cbc03390%2Ficon.ico?v=1600376585636
Requested by
Host: mail-wetransfer000-bardeen-177e65.netlify.app
URL: https://mail-wetransfer000-bardeen-177e65.netlify.app/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-75.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d12161435ace47c6883360e08466508593325f134c1852b1d0e6e75d5f76adda

Request headers

Referer
https://mail-wetransfer000-bardeen-177e65.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 12 Feb 2021 05:42:35 GMT
Via
1.1 48391c4ed2c51e95dcabcb70cf613127.cloudfront.net (CloudFront)
Age
14513445
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
41566
Last-Modified
Thu, 17 Sep 2020 21:03:07 GMT
Server
AmazonS3
ETag
"692e1c7339c359b6412f059c9c9a0474"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET, HEAD, POST
Content-Type
image/x-icon
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
X-Amz-Cf-Pop
FRA53-C1
X-Amz-Cf-Id
K_c8dABnCrEKex2GjMLwG2GwXcdhp_fAqKzONP-adrAe1Tbhy-HNfQ==
jquery-3.2.1.slim.min.js
mail-adk.com/wp-content/nan/filewe/ 		0
0
popper.min.js
mail-adk.com/wp-content/nan/filewe/ 		0
0
bootstrap.min.js
mail-adk.com/wp-content/nan/filewe/ 		0
0
jquery.min.js
ajax.googleapis.luchifab.com/ajax.googleapis/ajax/libs/jquery/2.2.4/ 		161 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.luchifab.com/ajax.googleapis/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: mail-wetransfer000-bardeen-177e65.netlify.app
URL: https://mail-wetransfer000-bardeen-177e65.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.54.120.22 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
host17.registrar-servers.com
Software
Apache /
Resource Hash
f3fa859a8074c8bd145687f49de4526c425f9529033546f3b7695b69e8961079

Request headers

Referer
https://mail-wetransfer000-bardeen-177e65.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 05:13:22 GMT
content-encoding
gzip
last-modified
Sun, 23 May 2021 22:03:57 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
38120
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 		50 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Requested by
Host: mail-wetransfer000-bardeen-177e65.netlify.app
URL: https://mail-wetransfer000-bardeen-177e65.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://mail-wetransfer000-bardeen-177e65.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 05:13:21 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
723, 718
age
11174718
cdn-cachedat
2021-03-11 11:57:52
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:06 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
48f4598378fe1b699fcee6ac68d6cc25
cf-ray
676c18e5fa8f3140-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
truncated
/ 		117 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d053cc4aa99896f1668d403fc44b23d7a4e9a90d300443b585edc11ac05957a1

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/jpeg

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
mail-adk.com
URL
https://mail-adk.com/wp-content/nan/filewe/jquery-3.2.1.slim.min.js
Domain
mail-adk.com
URL
https://mail-adk.com/wp-content/nan/filewe/popper.min.js
Domain
mail-adk.com
URL
https://mail-adk.com/wp-content/nan/filewe/bootstrap.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| updateclock function| WorldClock number| zone boolean| isitlocal string| ampm string| p2 object| _0x4f93 function| _0x21cf function| _0x476c66 function| $ function| jQuery object| bootstrap object| now number| ofst number| secs number| sec number| mins number| min number| hr number| hrs string| statusampm string| hr2

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload