jasf9a8asf34223h.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2f91 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://jasf9a8asf34223h.pages.dev/
Effective URL:
https://jasf9a8asf34223h.pages.dev/
Submission: On December 26 via api (December 26th 2023, 9:10:54 pm UTC) from US — Scanned from US

Summary HTTP 9 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 2606:4700:310c::ac42:2f91, located in United States and belongs to CLOUDFLARENET, US. The main domain is jasf9a8asf34223h.pages.dev.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 26th 2023. Valid for: a year.

This is the only time jasf9a8asf34223h.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 8	2606:4700:310... 2606:4700:310c::ac42:2f91	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	99.86.102.52 99.86.102.52	16509 (AMAZON-02) (AMAZON-02)
9	3

8 2606:4700:310c::ac42:2f91 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

jasf9a8asf34223h.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.86.102.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-102-52.iah50.r.cloudfront.net

backgrounds.wetransfer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	pages.dev 1 redirects jasf9a8asf34223h.pages.dev	318 KB
2	wetransfer.net backgrounds.wetransfer.net — Cisco Umbrella Rank: 28182
9	2

	Domain	Requested by
8	jasf9a8asf34223h.pages.dev	1 redirects jasf9a8asf34223h.pages.dev
2	backgrounds.wetransfer.net	jasf9a8asf34223h.pages.dev
9	2

This site contains links to these domains. Also see Links.

Domain
href.li

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-01-26` - `2024-01-26`	a year	crt.sh
wetransfer.net Amazon RSA 2048 M01	`2023-07-30` - `2024-08-28`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://jasf9a8asf34223h.pages.dev/
Frame ID: 63999DF7FE7A8F82E00F5613666DDB9A
Requests: 6 HTTP requests in this frame

Frame: https://jasf9a8asf34223h.pages.dev/WeTransfer_files/saved_resource
Frame ID: DE3C57BF407C890428759A09516B84E2
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WeTransfer

Page URL History Show full URLs

http://jasf9a8asf34223h.pages.dev/ HTTP 307
https://jasf9a8asf34223h.pages.dev/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

380 kB
Transfer

1012 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://href.li/?https://wetransfer.com/help
Title: Help

Search URL Search Domain Scan URL

URL: https://href.li/?https://wetransfer.com/about
Title: About us

Search URL Search Domain Scan URL

URL: https://href.li/?https://wetransfer.com/sign-in
Title: Got Plus?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://jasf9a8asf34223h.pages.dev/ HTTP 307
https://jasf9a8asf34223h.pages.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://jasf9a8asf34223h.pages.dev/WeTransfer_files/saved_resource.html HTTP 308
https://jasf9a8asf34223h.pages.dev/WeTransfer_files/saved_resource

9 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
jasf9a8asf34223h.pages.dev/
Redirect Chain

http://jasf9a8asf34223h.pages.dev/
https://jasf9a8asf34223h.pages.dev/

12 KB
4 KB

273ms
177ms

Document
text/html

2606:4700:310c::ac42:2f91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jasf9a8asf34223h.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:310c::ac42:2f91 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e505904799edba9b29eef8d8ff19438cbbee8e3a0429830988b36c99918fac7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 83bc500fdf2a4bc1-BUF
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 26 Dec 2023 21:10:49 GMT
etag: W/"cd56e54a4c353e5493d3fbc224cc448a"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wPDN1U3b6Ne8KpnJE7B7PNRFy5uipCnXA77MvzMjEhcT%2Flpt6TeUaCAIlV2uCowedIT1zWlrViGcYsYSvXEzcvVjN7YDE2KMM1%2F0fjlkh5H79vtZ%2BysJ6UeZ3YoPaLyQKdhiUuCT8%2BzpIec9sLoPK0PyxmXv%2FoemYg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://jasf9a8asf34223h.pages.dev/
Non-Authoritative-Reason: HSTS

GET
H2 200 c3442423467.css
jasf9a8asf34223h.pages.dev/WeTransfer_files/ 515 B
577 B 158ms
156ms Stylesheet
text/css 2606:4700:310c::ac42:2f91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jasf9a8asf34223h.pages.dev/WeTransfer_files/c3442423467.css

Requested by

Host: jasf9a8asf34223h.pages.dev
URL: https://jasf9a8asf34223h.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:310c::ac42:2f91 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ec272bed7aae5cdeaea1a6dee497bab6dcb813b285c410ba1727683b1b41cad

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://jasf9a8asf34223h.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 21:10:49 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3dfb7c83c5c0c0fe440ff72118c2c287"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q0wu%2BtcWaFTPjkCXBvGkZ20QzXFl%2Bu6NQw3toH5kYB%2BXIVBxWraVIU%2Fm7HwqinWrEvIttI7oh44kkzt0bUEWgjLv5kLyqVlt43%2B4ebBky7nHW%2BALfL6x%2F3QHwPhw7Npp9EMbbEm51G%2FbMLBv0cRpiyEBgBFEfcSWXg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 83bc5011a82b4bc1-BUF
alt-svc: h3=":443"; ma=86400

GET
H2 200 application-c41c8e8c4e3a4bd73dcb63d6d0cd571394257da00641bcf59af8f44c4d1410fd.css
jasf9a8asf34223h.pages.dev/WeTransfer_files/ 385 KB
51 KB 158ms
157ms Stylesheet
text/css 2606:4700:310c::ac42:2f91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jasf9a8asf34223h.pages.dev/WeTransfer_files/application-c41c8e8c4e3a4bd73dcb63d6d0cd571394257da00641bcf59af8f44c4d1410fd.css

Requested by

Host: jasf9a8asf34223h.pages.dev
URL: https://jasf9a8asf34223h.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:310c::ac42:2f91 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e5020b68e00cfdef10c4341228eeab9c5f0c7cab1bbc1db924966e48ec0600e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://jasf9a8asf34223h.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 21:10:49 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"128447a68ba7c2c86792feae6bea2948"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z9%2BnBUTDBiqsUcX6JQ4aToTULXGYI53uKf1e2ZHAhBWsC8r3V05sVBadb1uK%2B3sm47LvGPMpJ7fJEKgNgDJ2W9MSOYWlGzyswZYTxtIC%2FckLTkOMNTorYSPgnsKwFbznaesS8YvCAAm9cQsurMcxwD%2BH3AU8HGdeTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 83bc5011a82f4bc1-BUF
alt-svc: h3=":443"; ma=86400

GET
H2 200 ressstyl.css
jasf9a8asf34223h.pages.dev/ 28 KB
7 KB 160ms
159ms Stylesheet
text/css 2606:4700:310c::ac42:2f91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jasf9a8asf34223h.pages.dev/ressstyl.css

Requested by

Host: jasf9a8asf34223h.pages.dev
URL: https://jasf9a8asf34223h.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:310c::ac42:2f91 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

115e26b0d2eb00950fdd7250772ad0bf83e627d04346894b3d6c85cf5c253df9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://jasf9a8asf34223h.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 21:10:49 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"5cd5cc9fbdb738068e26eb25d6366a47"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BQUbOPY%2F0nVpTF%2BRgw57xR0GcbH%2BzgNIbg2rIfpvGMI9xhFQNtBFVGGgqjRkmWJewYLe4%2BnD%2BbBYnWBv%2FiylMQl%2BoAv6MzNQt0fly3zwG3I6BRFRH%2BJbuY9bLcQZjifQvBhC17hgpsdSIyxNRFQEn3RvzUYp8Xt2cg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 83bc5011a8344bc1-BUF
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
jasf9a8asf34223h.pages.dev/ 110 KB
35 KB 324ms
323ms Script
application/x-javascript 2606:4700:310c::ac42:2f91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jasf9a8asf34223h.pages.dev/jquery.min.js

Requested by

Host: jasf9a8asf34223h.pages.dev
URL: https://jasf9a8asf34223h.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:310c::ac42:2f91 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e404dc2f39a7b3b217c7fe9be6371f655a6a6a4e7e139100f8f32cc0ccbf3315

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://jasf9a8asf34223h.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 21:10:50 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"b42cb316c6f51e5b8b5ef1907e5436f7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7uXX%2F%2B2e%2FsehrucFX8dU0ZLUKlH0kat4Br4i2SQ9BFYZJbrPWOlErzOxyRBNfSti37eRJbqv4pl4ozsE2KQfFH8AgHZYpsPFKhxNGUMNQHR7ONEDyeX3ocOYn4e%2BOhKli%2FZyePncdo3ysQxLBzdKX756RqacMj8ZBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 83bc5011a8374bc1-BUF
alt-svc: h3=":443"; ma=86400

GET
H2 200 wetransfer_logo_we_transfer.png
jasf9a8asf34223h.pages.dev/WeTransfer_files/ 125 KB
126 KB 325ms
324ms Image
image/png 2606:4700:310c::ac42:2f91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://jasf9a8asf34223h.pages.dev/WeTransfer_files/wetransfer_logo_we_transfer.png

Requested by

Host: jasf9a8asf34223h.pages.dev
URL: https://jasf9a8asf34223h.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:310c::ac42:2f91 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

baac93855451e14898a6b5aaf78da07ffa9b61bb4d75c3a5353b18bb6660eab5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://jasf9a8asf34223h.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 21:10:50 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "d06f8df0319a507018a53234b8528aac"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4hPpHIHfLn5%2FZlTFdvE791mhP5RIkp3ceYSr1778dnoO4WdbU0vaWCn5ZWDS7tK9U9FEjVVYK92js%2FoUMIQObGUo%2F83lCGrQL%2BYpfDC5LNOP1OfV%2BfLQq4%2FiL%2B9eGgn8wjSlBRIaUQqSGxk1ziYc9FWUu9zwtnZ0PA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 83bc5011a83b4bc1-BUF
alt-svc: h3=":443"; ma=86400
content-length: 128338

GET
H3

200

saved_resource Show response
jasf9a8asf34223h.pages.dev/WeTransfer_files/ Frame DE3C
Redirect Chain

https://jasf9a8asf34223h.pages.dev/WeTransfer_files/saved_resource.html
https://jasf9a8asf34223h.pages.dev/WeTransfer_files/saved_resource

290 KB
95 KB

410ms
410ms

Document
text/html

2606:4700:310c::ac42:2f91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jasf9a8asf34223h.pages.dev/WeTransfer_files/saved_resource

Requested by

Host: jasf9a8asf34223h.pages.dev
URL: https://jasf9a8asf34223h.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2f91 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

503c4ebf9e6050143b292e20a60acabd839d3a68f7584a67ec68710fb49c03b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://jasf9a8asf34223h.pages.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 83bc501469af4bc7-BUF
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 26 Dec 2023 21:10:50 GMT
etag: W/"9b849ed2015f58e80f27d2b67ce8cbf7"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T01WgPI0By26rWnr50UOqYUJaASKPviKyiqzwO79STHhhHRtzpofirMrhOMB%2F%2BwPlJgkYy%2B%2BPPa3pAq02BT171j5czhoh%2F1wLm8VcxbBfM33enJB841Wg1C%2F1vEc2a77lG6mSCMpHZYvr4x12YT2xhlWaOQVo2PvyA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-ray: 83bc501409164bc7-BUF
content-length: 0
date: Tue, 26 Dec 2023 21:10:50 GMT
location: /WeTransfer_files/saved_resource
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hb8ox6Zx4QXp%2B%2FzTt5PXGKSxkpvTGrKdPXdQOqz8697LqX0b33PFy%2F%2F1B0T6y1Ar8s0wv3OQ8Mq2RH%2FhcahlyMxbo4q%2Bdb77bPu9muRj4ATNzq0QhRsebWSJH2x0%2Bk%2B6bOrUJFpm7es%2BUr%2FFRyC5X2zo%2B8sulzMgBw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 index.html Show response
backgrounds.wetransfer.net/plus/201708/custom_yellow_v1/ Frame DE3C 0
0 525ms
379ms Script
text/html 99.86.102.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://backgrounds.wetransfer.net/plus/201708/custom_yellow_v1/index.html?_origin=https://wetransfer.com
Requested by: Host: jasf9a8asf34223h.pages.dev
URL: https://jasf9a8asf34223h.pages.dev/WeTransfer_files/saved_resource
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.102.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-102-52.iah50.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://jasf9a8asf34223h.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame DE3C 31 KB
31 KB Font
binary/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b1bcbffc5c91bbbdb3be9fc5d559acebc9c76ecf2c9f62837f0c46ccabbdcb1

Request headers

Referer
Origin: https://jasf9a8asf34223h.pages.dev
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: binary/octet-stream

GET
DATA 200
OK truncated
/ Frame DE3C 31 KB
31 KB Font
binary/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b238d791af67274dc5ab77119ae5df014e05523afe3ce1e7074dc22241668bd4

Request headers

Referer
Origin: https://jasf9a8asf34223h.pages.dev
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: binary/octet-stream

GET
H2 200 index.html Show response
backgrounds.wetransfer.net/plus/201708/custom_yellow_v1/ Frame DE3C 0
0 58ms
58ms Script
text/html 99.86.102.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://backgrounds.wetransfer.net/plus/201708/custom_yellow_v1/index.html?_origin=https://wetransfer.com
Requested by: Host: jasf9a8asf34223h.pages.dev
URL: https://jasf9a8asf34223h.pages.dev/WeTransfer_files/saved_resource
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.102.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-102-52.iah50.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://jasf9a8asf34223h.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

backgrounds.wetransfer.net
jasf9a8asf34223h.pages.dev
2606:4700:310c::ac42:2f91
99.86.102.52
115e26b0d2eb00950fdd7250772ad0bf83e627d04346894b3d6c85cf5c253df9
3b1bcbffc5c91bbbdb3be9fc5d559acebc9c76ecf2c9f62837f0c46ccabbdcb1
3ec272bed7aae5cdeaea1a6dee497bab6dcb813b285c410ba1727683b1b41cad
503c4ebf9e6050143b292e20a60acabd839d3a68f7584a67ec68710fb49c03b5
8e5020b68e00cfdef10c4341228eeab9c5f0c7cab1bbc1db924966e48ec0600e
8e505904799edba9b29eef8d8ff19438cbbee8e3a0429830988b36c99918fac7
b238d791af67274dc5ab77119ae5df014e05523afe3ce1e7074dc22241668bd4
baac93855451e14898a6b5aaf78da07ffa9b61bb4d75c3a5353b18bb6660eab5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e404dc2f39a7b3b217c7fe9be6371f655a6a6a4e7e139100f8f32cc0ccbf3315

jasf9a8asf34223h.pages.dev Open in urlscan Pro 2606:4700:310c::ac42:2f91 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

380 kBTransfer

1012 kBSize

0 Cookies

3 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

jasf9a8asf34223h.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2f91 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

380 kB
Transfer

1012 kB
Size

0
Cookies

9 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!