wetransfer.com Open in urlscan Pro
34.240.21.9 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwetransfer.com%2fdownloads%2fb7f62c1bc946f1cd9718fddffbd0b04b20200629182421%...
Effective URL:
https://wetransfer.com/downloads/b7f62c1bc946f1cd9718fddffbd0b04b20200629182421/193fee0aa9b2827fadb2559f65966f4f2020062...
Submission: On June 30 via manual (June 30th 2020, 1:00:10 am UTC) from IN

Summary HTTP 13 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 13 HTTP transactions. The main IP is 34.240.21.9, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is wetransfer.com.
TLS certificate: Issued by Amazon on October 2nd 2019. Valid for: a year.

This is the only time wetransfer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	52.28.83.204 52.28.83.204	16509 (AMAZON-02) (AMAZON-02)
1	34.240.21.9 34.240.21.9	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:219... 2600:9000:2190:7c00:6:bbf2:440:21	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:824::2008	15169 (GOOGLE) (GOOGLE)
13	4

1 52.28.83.204 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-83-204.eu-central-1.compute.amazonaws.com

linkprotect.cudasvc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.240.21.9 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-21-9.eu-west-1.compute.amazonaws.com

wetransfer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:7c00:6:bbf2:440:21 (United States)

ASN16509 (AMAZON-02, US)

d19ptbnuzhibkh.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	googletagmanager.com www.googletagmanager.com	31 KB
1	cloudfront.net d19ptbnuzhibkh.cloudfront.net	30 KB
1	wetransfer.com wetransfer.com	6 KB
1	cudasvc.com 1 redirects linkprotect.cudasvc.com	857 B
0	wetransfer.net Failed prod-cdn.wetransfer.net Failed
13	5

	Domain	Requested by
1	www.googletagmanager.com	wetransfer.com
1	d19ptbnuzhibkh.cloudfront.net	wetransfer.com
1	wetransfer.com
1	linkprotect.cudasvc.com	1 redirects
0	prod-cdn.wetransfer.net Failed	wetransfer.com
13	5

This site contains links to these domains. Also see Links.

Domain
wetransfer.zendesk.com

Subject Issuer	Validity	Valid
wetransfer.com Amazon	`2019-10-02` - `2020-11-02`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://wetransfer.com/downloads/b7f62c1bc946f1cd9718fddffbd0b04b20200629182421/193fee0aa9b2827fadb2559f65966f4f20200629182438/01dcee?utm_campaign=WT_email_tracking&utm_content=general&utm_medium=download_button&utm_source=notify_recipient_email
Frame ID: 26ADD2DCE6456ACECFF2F1C6601A2AF2
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwetransfer.com%2fdownloads%2fb7f62c1bc946f1cd9718fddffbd... HTTP 302
https://wetransfer.com/downloads/b7f62c1bc946f1cd9718fddffbd0b04b20200629182421/193fee0aa9b2827fadb... Page URL

Detected technologies

Ruby (Programming Languages) Expand

Overall confidence: 50%
Detected patterns

meta csrf-param /^authenticity_token$/i

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 50%
Detected patterns

meta csrf-param /^authenticity_token$/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i

Page Statistics

13
Requests

23 %
HTTPS

50 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

67 kB
Transfer

215 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://wetransfer.zendesk.com/
Title: help center

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwetransfer.com%2fdownloads%2fb7f62c1bc946f1cd9718fddffbd0b04b20200629182421%2f193fee0aa9b2827fadb2559f65966f4f20200629182438%2f01dcee%3futm_campaign%3dWT_email_tracking%26utm_content%3dgeneral%26utm_medium%3ddownload_button%26utm_source%3dnotify_recipient_email&c=E,1,tQ4DqYQpUJ3-yJwRowi2YVBsVysheeGGoaphmeeU99OR70rc2AoKfhkJwXzfVDYAeUs8smIXi44-ht2x1Pwsiq9DeXOAeocaBkITHb-n3F1B&typo=1 HTTP 302
https://wetransfer.com/downloads/b7f62c1bc946f1cd9718fddffbd0b04b20200629182421/193fee0aa9b2827fadb2559f65966f4f20200629182438/01dcee?utm_campaign=WT_email_tracking&utm_content=general&utm_medium=download_button&utm_source=notify_recipient_email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request 01dcee Show response
wetransfer.com/downloads/b7f62c1bc946f1cd9718fddffbd0b04b20200629182421/193fee0aa9b2827fadb2559f65966f4f20200629182438/
Redirect Chain

https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwetransfer.com%2fdownloads%2fb7f62c1bc946f1cd9718fddffbd0b04b20200629182421%2f193fee0aa9b2827fadb2559f65966f4f20200629182438%2f01dcee%3futm_campa...
https://wetransfer.com/downloads/b7f62c1bc946f1cd9718fddffbd0b04b20200629182421/193fee0aa9b2827fadb2559f65966f4f20200629182438/01dcee?utm_campaign=WT_email_tracking&utm_content=general&utm_medium=d...

16 KB
6 KB

378ms
240ms

Document
text/html

34.240.21.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://wetransfer.com/downloads/b7f62c1bc946f1cd9718fddffbd0b04b20200629182421/193fee0aa9b2827fadb2559f65966f4f20200629182438/01dcee?utm_campaign=WT_email_tracking&utm_content=general&utm_medium=download_button&utm_source=notify_recipient_email

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.240.21.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-21-9.eu-west-1.compute.amazonaws.com

Software

Resource Hash

cfc2af50eae7f0d9504a9183eff19074d6f01ae322053a3ebc20470e0ef2fc81

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: wetransfer.com
:scheme: https
:path: /downloads/b7f62c1bc946f1cd9718fddffbd0b04b20200629182421/193fee0aa9b2827fadb2559f65966f4f20200629182438/01dcee?utm_campaign=WT_email_tracking&utm_content=general&utm_medium=download_button&utm_source=notify_recipient_email
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Tue, 30 Jun 2020 00:59:55 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache, no-store
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: _wt_snowplowid.38f1=d24e4581-c2fb-4367-8e51-e8ff30e5baf6.1593478794.0.1593478794.; domain=.wetransfer.com; path=/; expires=Thu, 30 Jun 2022 00:59:54 GMT; secure _wt_session=bkl4MVdxaTgwTm5hMDJHN2lZNzRnUzdSUm43UTVZL0lEL1krbGI1TGR2bDFIamxCR0xVRkt1bk9DNjErME4rUlhtVm8velVtemw5bko3TTFqa3RaYTQ5YW1weVpZTHE4eDl2ZUpKSjFYN0MzRFVLaVo5c1lwc3RlampTNEk1c3ZTNUgzVmJEM0gvNUozcUVYSkZoY3ZnPT0tLW5PT2JtTjJkVy9kUjAyL29VWGx2bHc9PQ%3D%3D--8887174a82539d18eb5220285deb7131cefafd2e; domain=wetransfer.com; path=/; secure; HttpOnly; SameSite=Lax
vary: Accept-Encoding, Origin
content-encoding: gzip
etag: W/"77a6ace9fce2095d819e242329d17f4b"
x-request-id: 885728d2-72b8-4791-9d7f-77dd4c076aba
x-opaque: 0605abe0265d430045c022922a8fa3357e1ea439-031554b2b5408ee72-17623
x-runtime: 0.170892
strict-transport-security: max-age=15552000; includeSubDomains;

Redirect headers

Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: default-src 'self'; style-src 'self' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; frame-src 'self'; frame-ancestors 'none'
Content-Type: text/html
Date: Tue, 30 Jun 2020 00:59:54 GMT
Expires: -1
Location: https://wetransfer.com/downloads/b7f62c1bc946f1cd9718fddffbd0b04b20200629182421/193fee0aa9b2827fadb2559f65966f4f20200629182438/01dcee?utm_campaign=WT_email_tracking&utm_content=general&utm_medium=download_button&utm_source=notify_recipient_email
Pragma: no-cache
Referrer-Policy: no-referrer
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 154
Connection: keep-alive

GET runtime~application-d18c1e40102e8da98432.es6.js
prod-cdn.wetransfer.net/packs/esm/ 0
0

GET application-74c40f88c4437a0b44af.es6.js
prod-cdn.wetransfer.net/packs/esm/ 0
0

GET vendor-6385481b37030c21af80.es6.js
prod-cdn.wetransfer.net/packs/esm/ 0
0

GET ActiefGrotesque_W_Rg-1f437876.woff
prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ 0
0

GET ActiefGrotesque_W_Md-293e86f0.woff
prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ 0
0

GET GT-Super-WT-Super-1b214df1.woff
prod-cdn.wetransfer.net/packs/media/gtsuperwt/ 0
0

GET application-13eb6a14.chunk.css
prod-cdn.wetransfer.net/packs/css/ 0
0

GET en-0910081e25ca955731be.es6.js
prod-cdn.wetransfer.net/packs/esm/runtime~locale/ 0
0

GET en-46c59bd4c8b34b6c3678.es6.js
prod-cdn.wetransfer.net/packs/esm/locale/ 0
0

GET advertising-4aee5180207621f94abeb04df0d9e7e52f4496bf16a55f712b2feb788c8f89f4.js
prod-cdn.wetransfer.net/assets/ 0
0

GET
H2 200 sp.js Show response
d19ptbnuzhibkh.cloudfront.net/2.10.2/ 96 KB
30 KB 58ms
15ms Script
application/javascript 2600:9000:2190:7c00:6:bbf2:440:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d19ptbnuzhibkh.cloudfront.net/2.10.2/sp.js
Requested by: Host: wetransfer.com
URL: https://wetransfer.com/downloads/b7f62c1bc946f1cd9718fddffbd0b04b20200629182421/193fee0aa9b2827fadb2559f65966f4f20200629182438/01dcee?utm_campaign=WT_email_tracking&utm_content=general&utm_medium=download_button&utm_source=notify_recipient_email
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:7c00:6:bbf2:440:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d9a9b2a15666ace13ce304e0a34baaa8a82ce5bc9d01480872869c9871dc552c

Request headers

Referer: https://wetransfer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Jun 2020 23:55:00 GMT
content-encoding: gzip
last-modified: Tue, 30 Apr 2019 15:14:08 GMT
server: AmazonS3
age: 90296
etag: "c7b65b3f4e8761897af9a3ca5d76682e"
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=315360000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 29895
via: 1.1 8455bcb2c0203b0c4ee93b610d75e69b.cloudfront.net (CloudFront)
x-amz-cf-id: apkYoz0TFW0s-ZLtOFNXS9KhqLRV1VLxDmfgM_44UOHBDVUH9e9zzQ==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 104 KB
31 KB 26ms
14ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N9N5GP

Requested by

Host: wetransfer.com
URL: https://wetransfer.com/downloads/b7f62c1bc946f1cd9718fddffbd0b04b20200629182421/193fee0aa9b2827fadb2559f65966f4f20200629182438/01dcee?utm_campaign=WT_email_tracking&utm_content=general&utm_medium=download_button&utm_source=notify_recipient_email

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9a8f0db9979df8b2da60fdb74f1219d1c1e45e77a826c0a0f4d8d78b0e823409

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://wetransfer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 00:59:55 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31412
x-xss-protection: 0
last-modified: Tue, 30 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jun 2020 00:59:55 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: prod-cdn.wetransfer.net
URL: https://prod-cdn.wetransfer.net/packs/esm/runtime~application-d18c1e40102e8da98432.es6.js

Domain: prod-cdn.wetransfer.net
URL: https://prod-cdn.wetransfer.net/packs/esm/application-74c40f88c4437a0b44af.es6.js

Domain: prod-cdn.wetransfer.net
URL: https://prod-cdn.wetransfer.net/packs/esm/vendor-6385481b37030c21af80.es6.js

Domain: prod-cdn.wetransfer.net
URL: https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Rg-1f437876.woff

Domain: prod-cdn.wetransfer.net
URL: https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Md-293e86f0.woff

Domain: prod-cdn.wetransfer.net
URL: https://prod-cdn.wetransfer.net/packs/media/gtsuperwt/GT-Super-WT-Super-1b214df1.woff

Domain: prod-cdn.wetransfer.net
URL: https://prod-cdn.wetransfer.net/packs/css/application-13eb6a14.chunk.css

Domain: prod-cdn.wetransfer.net
URL: https://prod-cdn.wetransfer.net/packs/esm/runtime~locale/en-0910081e25ca955731be.es6.js

Domain: prod-cdn.wetransfer.net
URL: https://prod-cdn.wetransfer.net/packs/esm/locale/en-46c59bd4c8b34b6c3678.es6.js

Domain: prod-cdn.wetransfer.net
URL: https://prod-cdn.wetransfer.net/assets/advertising-4aee5180207621f94abeb04df0d9e7e52f4496bf16a55f712b2feb788c8f89f4.js

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.wetransfer.com/	1969-12-31 23:59:59	Name: _wt_session Value: bkl4MVdxaTgwTm5hMDJHN2lZNzRnUzdSUm43UTVZL0lEL1krbGI1TGR2bDFIamxCR0xVRkt1bk9DNjErME4rUlhtVm8velVtemw5bko3TTFqa3RaYTQ5YW1weVpZTHE4eDl2ZUpKSjFYN0MzRFVLaVo5c1lwc3RlampTNEk1c3ZTNUgzVmJEM0gvNUozcUVYSkZoY3ZnPT0tLW5PT2JtTjJkVy9kUjAyL29VWGx2bHc9PQ%3D%3D--8887174a82539d18eb5220285deb7131cefafd2e
			.wetransfer.com/	1970-01-20 04:09:10	Name: _wt_snowplowid.38f1 Value: d24e4581-c2fb-4367-8e51-e8ff30e5baf6.1593478794.0.1593478794.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d19ptbnuzhibkh.cloudfront.net
linkprotect.cudasvc.com
prod-cdn.wetransfer.net
wetransfer.com
www.googletagmanager.com
prod-cdn.wetransfer.net
2600:9000:2190:7c00:6:bbf2:440:21
2a00:1450:4001:824::2008
34.240.21.9
52.28.83.204
9a8f0db9979df8b2da60fdb74f1219d1c1e45e77a826c0a0f4d8d78b0e823409
cfc2af50eae7f0d9504a9183eff19074d6f01ae322053a3ebc20470e0ef2fc81
d9a9b2a15666ace13ce304e0a34baaa8a82ce5bc9d01480872869c9871dc552c

wetransfer.com Open in urlscan Pro 34.240.21.9 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

23 %HTTPS

50 %IPv6

5 Domains

5 Subdomains

4 IPs

3 Countries

67 kBTransfer

215 kBSize

2 Cookies

1 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

wetransfer.com Open in urlscan Pro
34.240.21.9 Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

23 %
HTTPS

50 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

67 kB
Transfer

215 kB
Size

2
Cookies

13 HTTP transactions
0 data transactions