![](/screenshots/cb15f94e-3cdc-4fa6-9024-b9858309e2f1.png)
wetransfer-log-in.duckdns.org
Open in
urlscan Pro
37.46.150.197
Malicious Activity!
Public Scan
Effective URL: https://wetransfer-log-in.duckdns.org/1/
Submission: On February 11 via manual from GH
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 24th 2021. Valid for: 3 months.
This is the only time wetransfer-log-in.duckdns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WeTransfer (Online)Domain & IP information
ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)
zpmcvwct1jqyxcxeto1bgw-on.drv.tw | |
drv.tw |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN15169 (GOOGLE, US)
PTR: 147.120.201.35.bc.googleusercontent.com
paypalsignin.franca100.repl.co |
ASN20446 (HIGHWINDS3, US)
maxcdn.bootstrapcdn.com | |
stackpath.bootstrapcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
fontawesome.com
use.fontawesome.com |
178 KB |
3 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com |
47 KB |
3 |
duckdns.org
wetransfer-log-in.duckdns.org |
25 KB |
2 |
googleapis.com
fonts.googleapis.com ajax.googleapis.com |
30 KB |
2 |
google-analytics.com
www.google-analytics.com |
19 KB |
2 |
drv.tw
zpmcvwct1jqyxcxeto1bgw-on.drv.tw drv.tw |
1 KB |
1 |
gstatic.com
fonts.gstatic.com |
13 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
6 KB |
1 |
jquery.com
code.jquery.com |
24 KB |
1 |
megaurl.co
1 redirects
megaurl.co |
988 B |
1 |
repl.co
paypalsignin.franca100.repl.co |
3 KB |
1 |
doubleclick.net
stats.g.doubleclick.net |
98 B |
1 |
googletagmanager.com
www.googletagmanager.com |
38 KB |
22 | 13 |
Domain | Requested by | |
---|---|---|
4 | use.fontawesome.com |
wetransfer-log-in.duckdns.org
use.fontawesome.com |
3 | wetransfer-log-in.duckdns.org |
wetransfer-log-in.duckdns.org
|
2 | maxcdn.bootstrapcdn.com |
wetransfer-log-in.duckdns.org
|
2 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | stackpath.bootstrapcdn.com |
wetransfer-log-in.duckdns.org
|
1 | ajax.googleapis.com |
wetransfer-log-in.duckdns.org
|
1 | cdnjs.cloudflare.com |
wetransfer-log-in.duckdns.org
|
1 | code.jquery.com |
wetransfer-log-in.duckdns.org
|
1 | fonts.googleapis.com |
wetransfer-log-in.duckdns.org
|
1 | megaurl.co | 1 redirects |
1 | paypalsignin.franca100.repl.co | |
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | www.googletagmanager.com |
drv.tw
|
1 | drv.tw |
zpmcvwct1jqyxcxeto1bgw-on.drv.tw
|
1 | zpmcvwct1jqyxcxeto1bgw-on.drv.tw | |
22 | 16 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.drv.tw R3 |
2021-02-01 - 2021-05-02 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2021-01-19 - 2021-04-13 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1O1 |
2021-01-26 - 2021-04-20 |
3 months | crt.sh |
franca100.repl.co R3 |
2021-01-31 - 2021-05-01 |
3 months | crt.sh |
wetransfer-log-in.duckdns.org cPanel, Inc. Certification Authority |
2021-01-24 - 2021-04-24 |
3 months | crt.sh |
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA |
2020-09-22 - 2021-10-12 |
a year | crt.sh |
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2020-11-13 - 2021-12-14 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-01-26 - 2021-04-20 |
3 months | crt.sh |
jquery.org Sectigo RSA Domain Validation Secure Server CA |
2020-10-06 - 2021-10-16 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
*.gstatic.com GTS CA 1O1 |
2021-01-19 - 2021-04-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://wetransfer-log-in.duckdns.org/1/
Frame ID: B3E731FECC04B43615456616D51D90CD
Requests: 22 HTTP requests in this frame
Screenshot
![](/screenshots/cb15f94e-3cdc-4fa6-9024-b9858309e2f1.png)
Page URL History Show full URLs
- https://zpmcvwct1jqyxcxeto1bgw-on.drv.tw/al/2.html Page URL
- https://paypalsignin.franca100.repl.co/ Page URL
-
http://megaurl.co/g2cyle5fslru3dhgc7edbnpfhivglbajmt91700wtlssd8hu42fuwzxliqxfevbqkoxfmxxenz8z...
HTTP 301
https://wetransfer-log-in.duckdns.org/1/ Page URL
Detected technologies
![](/vendor/wappa/icons/Ubuntu.png)
Detected patterns
- headers server /Ubuntu/i
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- html /<link[^>]* href="https:\/\/use\.fontawesome\.com\/releases\/v([^>]+)\/css\//i
![](/vendor/wappa/icons/Google Font API.png)
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://zpmcvwct1jqyxcxeto1bgw-on.drv.tw/al/2.html Page URL
- https://paypalsignin.franca100.repl.co/ Page URL
-
http://megaurl.co/g2cyle5fslru3dhgc7edbnpfhivglbajmt91700wtlssd8hu42fuwzxliqxfevbqkoxfmxxenz8zdtzrbg0jwrjpjajffq6wzmoxs4nbah6xnl1rxs1aah9qmvyp1q78qd8hju8171fmqve9vit7kkv3dzdj0t5sqhzw4km8afr4uhe6881t8jkm1mms5bygh48l43j7igdlt7byakkbpuametni0ugz95xbhnz2j4qugq8e2b9qgsm7kfz13pmlylq3mjcrqzbdpr6jludxkn22co6suk88hjxs30mg2nl0mtd3tl2e10kjvztk4dn26d6y2gbfbbw37xbjssn8q0tp3jdgins3disrtysryv80ejnfc6zscind9rueiecv0cskprbs02bmztjjkg0vzduykx1yqukh1al54tdkoavx7dhdy6c9ap6qt31xcmtxay22tikj8sjy134b3zgamfwtwfr52o54y831qla8cdx5p6lmqjueftdf0s72p6jdyfklah3s4w46jc4qxnk9q3upcdrueygesplo3ydkub5hxbmsq8lx5k8h4hh4lyfl4vrxwfn3tws7h7lwrs8l13wvhmrn2uqi294kloybureir74vmwao9h67fs8tx4dci5nf7ddy0d8lymgd80erh9or8shakxvmji0h9cazx78b56tj7e1vxwyip35jr56yi1jyf5rr9klpagxf4axe0npyvblqzsialek332s6giaad4fu20ccpus8j1pjtbacc3475zooofh2lanhz9z1x3w9orw0wchlo2qa5bcoopkps0stccsyy9vqfmarz80xcr2fnesrkt8u8fp02rzql545b3gxxrfhaxmlx4y4ax8exafmbwppe745ofn9d5n7bnl3v36v66h6besnneuyhboyffm705v887zrqtpf67k1jj2mcpn4enxolf6213fgtig757ws333pw5h52yx55de1nzivui4tanvk9tsikm116k81m428fxf1s26v992ectyq8lz7ofor0em01245ytmnjvxgztd0p8q4468ohic3cetbisn6v3xonxu9dppfx16e3mtp5bcr0yv3r5i3byz0wc0n005tx31aps8z2nndhfyxk8npyxajn1inyxu6xor2fx45rly5kllworzzbcp9wcp1bfpisjubyfiz1skcf5v8552wj1dkp88fmsky0t102gt2fqpmcesp6vsn03gohf4c4xl1ep116kydnlfpbfy7e2gud0vv0dqcq8g1s4im969knc8gloadqv26whx2d1syx5heeuthgz65zw40wtm26pugm4g1t60qwrdmku2fa2abjklbjateq3vyo3343s5h6ew0nnb7ov5kuduc3tkiwwy7q9hs0j5vdk1pa8zmewifunxa4j8348htqqnwpqqigm739c7t7i9iy6s4pjpe1rlwgquls9ogvcu18rqkrziwkxc4dxug4gf860s11bb0w8tgq0rd4g13738z8m2ebft0gx9k97wz7agjji90u3i8c4108ewp603l10dl7zret1uahpu1ad3gai8q2tu1a660c1xgp5g7m1afqm0vju59zxkgtdnj5ua2pbf6gc41gldpv7xebs74w954cpedndcczd7jul69endofun3yjekd4wf0wbwzkgvox8vmf95e10jfto6xm6r4be5h5o86rrbbkavd5oe02p7qw1lgr7b2r0j1ba93zqrc5jnntsjyfxi74qny77142yhasf4gh5p9ycrtf8vlwezfrxa5a7bi1epig7le1fv1eqe0ur8euho38o0z8r4x1h43hv7jncktvg92zp63dptg8lfmxxwfepgmg7gdbk2yogp3nipb4yecgxq5gwhhtx8g0c4hgckujnxq5aslza78xrdvbos16idgygwts8gg602w8s7ljmvprp0oid8snze8hbj1jp6w0gmc98lvieidegha1e3wg7u3hy4/e2bf67a49dedf68b202ac0b1511f3f8a
HTTP 301
https://wetransfer-log-in.duckdns.org/1/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
2.html
zpmcvwct1jqyxcxeto1bgw-on.drv.tw/al/ |
1021 B 819 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wd.js
drv.tw/inc/ |
365 B 592 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
97 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
46 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3-Q050 |
collect
www.google-analytics.com/j/ |
2 B 401 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
1 B 98 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
paypalsignin.franca100.repl.co/ |
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
wetransfer-log-in.duckdns.org/1/ Redirect Chain
|
15 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ |
141 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
use.fontawesome.com/releases/v5.6.1/css/ |
52 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
777 B 483 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
wetransfer-log-in.duckdns.org/1/css/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
wetransfer-log-in.duckdns.org/1/images/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 13 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
use.fontawesome.com/releases/v5.6.1/webfonts/ |
77 KB 78 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-regular-400.woff2
use.fontawesome.com/releases/v5.6.1/webfonts/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zOL64pLDlL1D99S8g8PtiKchq-dmjcDidBc.woff2
fonts.gstatic.com/s/abrilfatface/v12/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-brands-400.woff2
use.fontawesome.com/releases/v5.6.1/webfonts/ |
72 KB 73 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WeTransfer (Online)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| Popper object| bootstrap0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdnjs.cloudflare.com
code.jquery.com
drv.tw
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
megaurl.co
paypalsignin.franca100.repl.co
stackpath.bootstrapcdn.com
stats.g.doubleclick.net
use.fontawesome.com
wetransfer-log-in.duckdns.org
www.google-analytics.com
www.googletagmanager.com
zpmcvwct1jqyxcxeto1bgw-on.drv.tw
2001:4de0:ac19::1:b:1b
2001:4de0:ac19::1:b:3b
23.111.9.35
2606:4700:3035::6815:36f3
2606:4700::6810:135e
2a00:1450:4001:801::2008
2a00:1450:4001:803::200a
2a00:1450:4001:80f::200a
2a00:1450:4001:811::2003
2a00:1450:4001:812::200e
2a00:1450:400c:c00::9b
35.201.120.147
37.46.150.197
47.254.94.70
040b7a66d0cc5ae40aa826e3a235d80c52968ee1cf1271faede03c53898a020f
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
08aa3a5ee68a21d5771a70b20495b6da1c0f996c46982cd1b0447ad2db730d11
0ad566dc413dc461da7226c879736861ca20368337b0fc82e8abe747dcbe60c1
10e6f9152d4c8b20774f5f49d7ea4b30312227d17517428190e56530356ae43f
25c7ecee2561c61b186e28d2264becdb736fe772e3a1078b6f2ac4a5512596d8
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
453893f7daa3d8fe9716f8c6d0f36f8ade8cacfc0093e164f4f998b46427959e
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
621f59e87c01610c253ac2f9c3f8f7df5f6492c1d2f804088948278849124b33
676a0e775f32b14038916a4c23f73ab8237afb3c9489ca0c40a80eab48605fbd
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
74b035d1c461ceebf0fe1bb0e8e1fadd832995931b3fded8c6496d2cd5cc5b2d
9082e01ba9ebc853dd057388fce1b52ca1efe200f6cbf313a081a462fc12349a
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
c885e9f2017a2ed7075db9e876d40a04aa3208114443803bdb120a34afd3b1d6
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e5c1d9e7bdeaf3372dee724d175d25aca879ed52ae9afd018f503e9d74e09b50
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
eeb1ba28ac2f76c30a5d65db99a7698ddbfaf5637644742cf689093abb38fd89