www.kjmpartnership.com.au Open in urlscan Pro
192.185.149.24 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.kjmpartnership.com.au/wewatra/transferwetra/
Submission: On January 25 via automatic, source openphish (January 25th 2023, 1:06:02 am UTC) — Scanned from AU

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 7 domains to perform 13 HTTP transactions. The main IP is 192.185.149.24, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is www.kjmpartnership.com.au.

This is the only time www.kjmpartnership.com.au was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	192.185.149.24 192.185.149.24	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
2	104.18.10.207 104.18.10.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 3	13.33.33.12 13.33.33.12	16509 (AMAZON-02) (AMAZON-02)
3	13.35.8.121 13.35.8.121	16509 (AMAZON-02) (AMAZON-02)
3	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	69.16.175.42 69.16.175.42	20446 (STACKPATH...) (STACKPATH-CDN)
1	151.101.1.229 151.101.1.229	54113 (FASTLY) (FASTLY)
13	6

2 192.185.149.24 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 192-185-149-24.unifiedlayer.com

www.kjmpartnership.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.33.33.12 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-33-33-12.sin2.r.cloudfront.net

cdn.glitch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.35.8.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-8-121.sin5.r.cloudfront.net

cdn.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.16.175.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: tlb.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.229 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 199	48 KB
3	glitch.me cdn.glitch.me — Cisco Umbrella Rank: 96265	118 KB
3	glitch.com 3 redirects cdn.glitch.com — Cisco Umbrella Rank: 104692	1 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 672	34 KB
2	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2342	39 KB
2	kjmpartnership.com.au www.kjmpartnership.com.au	5 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 357	18 KB
13	7

	Domain	Requested by
3	cdnjs.cloudflare.com	www.kjmpartnership.com.au
3	cdn.glitch.me	www.kjmpartnership.com.au
3	cdn.glitch.com	3 redirects
2	code.jquery.com	www.kjmpartnership.com.au
2	stackpath.bootstrapcdn.com	www.kjmpartnership.com.au
2	www.kjmpartnership.com.au	www.kjmpartnership.com.au
1	cdn.jsdelivr.net	www.kjmpartnership.com.au
13	7

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://www.kjmpartnership.com.au/wewatra/transferwetra/
Frame ID: 4DB963D4E50B86F6BE4A2E0464BEFB46
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WeTransfer

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/popper\.js/([0-9.]+)

SweetAlert2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/npm/sweetalert2@([\d.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

13
Requests

62 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

6
IPs

2
Countries

262 kB
Transfer

661 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://cdn.glitch.com/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fbac.png HTTP 301
https://cdn.glitch.me/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fbac.png

Request Chain 2

https://cdn.glitch.com/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fbt.png HTTP 301
https://cdn.glitch.me/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fbt.png

Request Chain 3

https://cdn.glitch.com/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fwet.png HTTP 301
https://cdn.glitch.me/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fwet.png

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.kjmpartnership.com.au/wewatra/transferwetra/ 12 KB
5 KB 2741ms
317ms Document
text/html 192.185.149.24
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.kjmpartnership.com.au/wewatra/transferwetra/
Protocol: HTTP/1.1
Server: 192.185.149.24 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 192-185-149-24.unifiedlayer.com
Software: Apache /
Resource Hash: c18adff76c91977c1e69d20bf04ea626da69846788a474ba094efc5ed222dc95

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Upgrade, Keep-Alive
Content-Encoding: gzip
Content-Length: 4349
Content-Type: text/html
Date: Wed, 25 Jan 2023 01:05:56 GMT
Keep-Alive: timeout=5, max=75
Last-Modified: Thu, 14 Oct 2021 11:59:56 GMT
Server: Apache
Upgrade: h2,h2c
Vary: Accept-Encoding

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/ 157 KB
25 KB 473ms
268ms Stylesheet
text/css 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

Requested by

Host: www.kjmpartnership.com.au
URL: http://www.kjmpartnership.com.au/wewatra/transferwetra/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.kjmpartnership.com.au/
Origin: http://www.kjmpartnership.com.au
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 01:05:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 987
cdn-cachedat: 09/13/2022 20:52:10
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:10 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"3afe15e976734d9daac26310110c4594"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: a81cd797958ad18ce14f4a685f91198d
timing-allow-origin: *
cdn-requestcountrycode: BR
cdn-status: 200
cf-ray: 78ed1a7bcd10aaf3-SYD
cdn-requestpullsuccess: True

GET
H/1.1

200
OK

8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fbac.png
cdn.glitch.me/
Redirect Chain

https://cdn.glitch.com/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fbac.png
https://cdn.glitch.me/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fbac.png

57 KB
58 KB

968ms
569ms

Image
image/png

13.35.8.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.me/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fbac.png

Requested by

Host: www.kjmpartnership.com.au
URL: http://www.kjmpartnership.com.au/wewatra/transferwetra/

Protocol

HTTP/1.1

Server

13.35.8.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-35-8-121.sin5.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

91736bd15b0bf3374dd29cfd056dfa4a5ef1043f72d058095724812c72507ab6

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://www.kjmpartnership.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Wed, 25 Jan 2023 01:05:59 GMT
Via: 1.1 dcb42c70bda10759ea456b517bba08fa.cloudfront.net (CloudFront)
Content-Security-Policy: script-src 'none'
Last-Modified: Mon, 10 May 2021 03:46:57 GMT
Server: AmazonS3
X-Amz-Cf-Pop: SIN5-C1
ETag: "ede74c4c46ad6577ea3d9f06720b8024"
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Content-Length: 58441
X-Amz-Cf-Id: 2ZCZDhxXWmIMK1ifbq1k3HVwlHbZak3P90ujWBMBxotUH-UvOz1QSA==

Redirect headers

Date: Tue, 24 Jan 2023 15:42:14 GMT
Via: 1.1 a0111b438d5ff26611042379c81df136.cloudfront.net (CloudFront)
Server: AmazonS3
X-Amz-Cf-Pop: SIN2-P1
Age: 33824
Vary: Origin
X-Cache: Hit from cloudfront
Location: https://cdn.glitch.me/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fbac.png
Connection: keep-alive
Content-Length: 0
X-Amz-Cf-Id: z9I-tVCIx7u7bTireMitq8JD4rscOQfJ2YpzSgLibS3A8js4-7f-ww==

GET
H/1.1

200
OK

8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fbt.png
cdn.glitch.me/
Redirect Chain

https://cdn.glitch.com/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fbt.png
https://cdn.glitch.me/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fbt.png

30 KB
30 KB

1103ms
707ms

Image
image/png

13.35.8.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.me/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fbt.png

Requested by

Host: www.kjmpartnership.com.au
URL: http://www.kjmpartnership.com.au/wewatra/transferwetra/

Protocol

HTTP/1.1

Server

13.35.8.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-35-8-121.sin5.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

90f600fc99a54b410e7b1652b271ae94273e22e75b86c9fe6eee7bc986e9e8d2

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://www.kjmpartnership.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Wed, 25 Jan 2023 01:05:59 GMT
Via: 1.1 34a84b82ff144b427f99aaae61510d20.cloudfront.net (CloudFront)
Content-Security-Policy: script-src 'none'
Last-Modified: Mon, 10 May 2021 03:39:50 GMT
Server: AmazonS3
X-Amz-Cf-Pop: SIN5-C1
ETag: "683f362b6912d14194eeae45bbe7ab3a"
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Content-Length: 30307
X-Amz-Cf-Id: S94gq4Hl9-Cq9xWjplsMoRHV1BzhVjv8PJywqmsemy8uB9TnBO44PA==

Redirect headers

Date: Tue, 24 Jan 2023 15:42:14 GMT
Via: 1.1 a0111b438d5ff26611042379c81df136.cloudfront.net (CloudFront)
Server: AmazonS3
X-Amz-Cf-Pop: SIN2-P1
Age: 33824
Vary: Origin
X-Cache: Hit from cloudfront
Location: https://cdn.glitch.me/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fbt.png
Connection: keep-alive
Content-Length: 0
X-Amz-Cf-Id: 2SUA4UdlbFtzcTK-a2uia4z3W7Kduj3F85b6urQWbK7W_4yq7mTzrQ==

GET
H/1.1

200
OK

8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fwet.png
cdn.glitch.me/
Redirect Chain

https://cdn.glitch.com/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fwet.png
https://cdn.glitch.me/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fwet.png

30 KB
31 KB

592ms
203ms

Image
image/png

13.35.8.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.me/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fwet.png

Requested by

Host: www.kjmpartnership.com.au
URL: http://www.kjmpartnership.com.au/wewatra/transferwetra/

Protocol

HTTP/1.1

Server

13.35.8.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-35-8-121.sin5.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

00c87957cdfc488016d227f3225112c0acb1e1138bddedc5a842db01c768b49c

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://www.kjmpartnership.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Tue, 24 Jan 2023 15:42:16 GMT
Via: 1.1 b4eebfe47952c39ed1b8a9637b729eb4.cloudfront.net (CloudFront)
Content-Security-Policy: script-src 'none'
Last-Modified: Mon, 10 May 2021 03:22:59 GMT
Server: AmazonS3
X-Amz-Cf-Pop: SIN5-C1
Age: 33822
ETag: "0bcde8b15c13d06478dd4caf8cc23c61"
Vary: Origin
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Content-Length: 30793
X-Amz-Cf-Id: 4YCeToW67HPk_jUM1Ce6uqmMf9DR2-oyKmEjwNd_7bvdwRhINbIVRA==

Redirect headers

Date: Tue, 24 Jan 2023 15:42:15 GMT
Via: 1.1 a0111b438d5ff26611042379c81df136.cloudfront.net (CloudFront)
Server: AmazonS3
X-Amz-Cf-Pop: SIN2-P1
Age: 33823
Vary: Origin
X-Cache: Hit from cloudfront
Location: https://cdn.glitch.me/8f9608dc-d0c3-4d19-8cea-5ba677c58109%2Fwet.png
Connection: keep-alive
Content-Length: 0
X-Amz-Cf-Id: AIv4XW-NvmOxFxasKLTDq64GccV1E7D2JSdAu-MPNW4S8J5ONTbmFw==

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ 87 KB
28 KB 313ms
108ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: www.kjmpartnership.com.au
URL: http://www.kjmpartnership.com.au/wewatra/transferwetra/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://www.kjmpartnership.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 01:05:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1060360
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27958
last-modified: Mon, 04 May 2020 23:01:39 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb09ed3-15d84"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dWSB61rgZPcnIETA%2F9F7Ybsp2EzvxHLNzjQvK0mpjiTQJECfiHs%2F4R9zHXOUTnEiGjfTTW9BiwjwfETl%2ByuT4Agx8yUK51b6gBzj11SpbGdLgvH0DZEVq0X6x2qb7VamGUZYs5IZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 78ed1a7bee83a898-SYD
expires: Mon, 15 Jan 2024 01:05:57 GMT

GET
H2 200 bootstrap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/js/ 59 KB
14 KB 310ms
106ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/js/bootstrap.min.js

Requested by

Host: www.kjmpartnership.com.au
URL: http://www.kjmpartnership.com.au/wewatra/transferwetra/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.kjmpartnership.com.au/
Origin: http://www.kjmpartnership.com.au
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 01:05:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 16752882
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13080
last-modified: Tue, 12 May 2020 17:56:41 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5ebae359-eb0e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x3eggQ6Ex4ofVUtWv6brX%2BLdT1L3zB0n1b%2F%2F%2FyZDg0aJ1d32H4nK6d01Qp1lAEWfwg%2FbtHd1vuqg4ZbPEEqZT61OuzkQGCKu1f3Da6%2BV%2F2V2MAwmdo%2BjJqPFHkiZ%2BAqmKG3laOUO"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 78ed1a7be851a88c-SYD
expires: Mon, 15 Jan 2024 01:05:57 GMT

GET
H/1.1 404
Not Found main.js
www.kjmpartnership.com.au/wewatra/transferwetra/ 0
0 319ms
317ms Script
text/html 192.185.149.24
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.kjmpartnership.com.au/wewatra/transferwetra/main.js
Requested by: Host: www.kjmpartnership.com.au
URL: http://www.kjmpartnership.com.au/wewatra/transferwetra/
Protocol: HTTP/1.1
Server: 192.185.149.24 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 192-185-149-24.unifiedlayer.com
Software: Apache /
Resource Hash

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://www.kjmpartnership.com.au/wewatra/transferwetra/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Wed, 25 Jan 2023 01:05:57 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Sep 2022 11:48:57 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=74
Content-Length: 4677

GET
H2 200 jquery-3.3.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 740ms
246ms Script
application/javascript 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.min.js
Requested by: Host: www.kjmpartnership.com.au
URL: http://www.kjmpartnership.com.au/wewatra/transferwetra/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: nginx /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://www.kjmpartnership.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 01:05:57 GMT
content-encoding: gzip
x-sp-metadata: HS256.CIWdwp4GEooBCiRkZTQzYzI1MS1iMWY2LTRkOWQtOTQzZC05YmZmZDNlNmZmMzcQ+OiCoKvU+wIaBgj1gMKeBiIPMTczLjI0NS4yMDkuMTQxKJz9AjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGiwIARIkZTIzYzYzZDctODQwYS00OGEwLTk3NzMtNWM3OWFlMmM3ZmU0GNDsASIYCAISFGNkczEwNi5sYTMuaHdjZG4ubmV0.VM1p/47sjvFILi4IP0dzAqna+VYwbOIaXuoPgIyRgN4=
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-1538f"
vary: Accept-Encoding
x-hw: 1674608757.dop007.la3.t,1674608757.cds284.la3.hn,1674608757.cds106.la3.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30288

GET
H2 200 jquery-migrate-3.1.0.min.js Show response
code.jquery.com/ 9 KB
4 KB 655ms
492ms Script
application/javascript 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-migrate-3.1.0.min.js
Requested by: Host: www.kjmpartnership.com.au
URL: http://www.kjmpartnership.com.au/wewatra/transferwetra/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: nginx /
Resource Hash: c9c25e5db965f66edd1ca79a3db5c19191fc06e3fdf5298f9bff2ae4ef926c17

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://www.kjmpartnership.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 01:05:57 GMT
content-encoding: gzip
x-sp-metadata: HS256.CIWdwp4GEooBCiQzY2I5NTVlMi01YWNiLTQ5ODMtYjMxNy00ZTNhNGZiMmQ5NGQQ+OiCoKvU+wIaBgj1gMKeBiIPMTczLjI0NS4yMDkuMTQxKJz9AjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGisIARIkODUyODFkODAtZDNhYS00ZjNjLWIwOGYtMzQ5MDJlZmFiYTc4GNsZIhgIAhIUY2RzMjYzLmxhMy5od2Nkbi5uZXQ=.Ej2wcttcAiXZIEhKnl/1YS/7LZ1nX3udhGsv8uKNN4w=
last-modified: Fri, 12 Aug 2022 13:47:02 GMT
server: nginx
etag: W/"62f659d6-231e"
vary: Accept-Encoding
x-hw: 1674608757.dop007.la3.t,1674608757.cds284.la3.hn,1674608757.cds263.la3.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 3291

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/ 20 KB
7 KB 105ms
104ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js

Requested by

Host: www.kjmpartnership.com.au
URL: http://www.kjmpartnership.com.au/wewatra/transferwetra/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.kjmpartnership.com.au/
Origin: http://www.kjmpartnership.com.au
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 01:05:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 450135
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6458
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-500f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LDFLs%2FZtLU0NVElq7%2FUWXmC29SaqHKpuWb2ak%2FDfOkhFj%2BqhSsiQdchafPkcrue77kwN7y2%2BZVuUZjshXdsdUc6zGwOd8UrGJk3q0teXKiJoFP%2F6FlvXAa5QXuTUzRUKyWp0af5v"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 78ed1a7ca94aa88c-SYD
expires: Mon, 15 Jan 2024 01:05:57 GMT

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/ 49 KB
14 KB 266ms
266ms Script
application/javascript 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js

Requested by

Host: www.kjmpartnership.com.au
URL: http://www.kjmpartnership.com.au/wewatra/transferwetra/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.kjmpartnership.com.au/
Origin: http://www.kjmpartnership.com.au
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 01:05:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 993
cdn-cachedat: 09/24/2022 21:14:47
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:05 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"ce6e785579ae4cb555c9de311d1b9271"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 139af1d8d397813aab280116164e5ad2
timing-allow-origin: *
cdn-requestcountrycode: BR
cdn-status: 200
cf-ray: 78ed1a7cae35aaf3-SYD
cdn-requestpullsuccess: True

GET
H2 200 sweetalert2@9 Show response
cdn.jsdelivr.net/npm/ 66 KB
18 KB 301ms
99ms Script
application/javascript 151.101.1.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/sweetalert2@9

Requested by

Host: www.kjmpartnership.com.au
URL: http://www.kjmpartnership.com.au/wewatra/transferwetra/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1cea8f5e200fcfc0e1d1b0797151f138faa548d850f9dde66a43424eb93f9450

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://www.kjmpartnership.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 25 Jan 2023 01:05:57 GMT
x-content-type-options: nosniff
content-encoding: gzip
age: 451
x-jsd-version: 9.17.4
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 17636
x-served-by: cache-fra-eddf8230067-FRA, cache-syd10142-SYD
x-jsd-version-type: version
etag: W/"1080d-uB5K/9b4efMtYCfkBM9HcldmPDk"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://www.kjmpartnership.com.au/wewatra/transferwetra/main.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.glitch.com
cdn.glitch.me
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
stackpath.bootstrapcdn.com
www.kjmpartnership.com.au
104.17.25.14
104.18.10.207
13.33.33.12
13.35.8.121
151.101.1.229
192.185.149.24
69.16.175.42
00c87957cdfc488016d227f3225112c0acb1e1138bddedc5a842db01c768b49c
02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5
0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1cea8f5e200fcfc0e1d1b0797151f138faa548d850f9dde66a43424eb93f9450
38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff
680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c
90f600fc99a54b410e7b1652b271ae94273e22e75b86c9fe6eee7bc986e9e8d2
91736bd15b0bf3374dd29cfd056dfa4a5ef1043f72d058095724812c72507ab6
c18adff76c91977c1e69d20bf04ea626da69846788a474ba094efc5ed222dc95
c9c25e5db965f66edd1ca79a3db5c19191fc06e3fdf5298f9bff2ae4ef926c17
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

www.kjmpartnership.com.au Open in urlscan Pro 192.185.149.24 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

62 %HTTPS

0 %IPv6

7 Domains

7 Subdomains

6 IPs

2 Countries

262 kBTransfer

661 kBSize

0 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

www.kjmpartnership.com.au Open in urlscan Pro
192.185.149.24 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

62 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

6
IPs

2
Countries

262 kB
Transfer

661 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!