urlscan.io logo urlscan.io
SecurityTrails logo

sarah-mcclatchy.com Open in urlscan Pro
107.180.40.36  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/index.php
Effective URL: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLi...
Submission: On July 11 via api from TW
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 16 HTTP transactions. The main IP is 107.180.40.36, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is sarah-mcclatchy.com.
This is the only time sarah-mcclatchy.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

IP Address AS Autonomous System
1 15 107.180.40.36 26496 (AS-26496-...)
1 104.109.70.225 20940 (AKAMAI-ASN1)
1 2 104.111.239.74 16625 (AKAMAI-AS)
16 3
Apex Domain
Subdomains		 Transfer
15 sarah-mcclatchy.com
sarah-mcclatchy.com
285 KB
2 secureserver.net
img.secureserver.net
2 KB
1 wsimg.com
img1.wsimg.com
5 KB
16 3
Domain Requested by
15 sarah-mcclatchy.com 1 redirects sarah-mcclatchy.com
2 img.secureserver.net 1 redirects sarah-mcclatchy.com
1 img1.wsimg.com sarah-mcclatchy.com
16 3

This site contains no links.

Subject Issuer Validity Valid
*.wsimg.com
Starfield Secure Certificate Authority - G2		 2018-09-25 -
2020-09-25		 2 years crt.sh
*.secureserver.net
Starfield Secure Certificate Authority - G2		 2019-10-22 -
2021-10-22		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Frame ID: E39841E34B5E75CFAE76D902661ECAE5
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/index.php HTTP 302
    http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17ds... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

16
Requests

13 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

290 kB
Transfer

877 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/index.php HTTP 302
    http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • http://img.secureserver.net/t/1/tl/event?cts=1594449268161&tce=1594449259880&tcs=1594449259880&tdc=0&tdclee=1594449261162&tdcles=1594449261160&tdi=1594449261160&tdl=1594449260045&tdle=1594449259880&tdls=1594449259880&tfs=1594449259880&tns=1594449258229&trqs=1594449259881&tre=1594449260512&trps=1594449260042&tles=0&tlee=0&ht=perf&dh=sarah-mcclatchy.com&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F83.0.4103.61%20Safari%2F537.36&vci=1593652038&cv=1.0.6&z=307479969&vg=236e9374-8162-449c-ad35-0f1962743b08&vtg=236e9374-8162-449c-ad35-0f1962743b08&ap=cpsh&trfd=%7B%22cts%22%3A1594449261160%2C%22tccl.baseHost%22%3A%22secureserver.net%22%2C%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22a2plcpnl0752%22%7D&dp=%2Fwp-admin%2Fjs%2Fwidgets%2FWe-Transfer%2F2020%2Flogin.php HTTP 301
  • https://img.secureserver.net/t/1/tl/event?cts=1594449268161&tce=1594449259880&tcs=1594449259880&tdc=0&tdclee=1594449261162&tdcles=1594449261160&tdi=1594449261160&tdl=1594449260045&tdle=1594449259880&tdls=1594449259880&tfs=1594449259880&tns=1594449258229&trqs=1594449259881&tre=1594449260512&trps=1594449260042&tles=0&tlee=0&ht=perf&dh=sarah-mcclatchy.com&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F83.0.4103.61%20Safari%2F537.36&vci=1593652038&cv=1.0.6&z=307479969&vg=236e9374-8162-449c-ad35-0f1962743b08&vtg=236e9374-8162-449c-ad35-0f1962743b08&ap=cpsh&trfd=%7B%22cts%22%3A1594449261160%2C%22tccl.baseHost%22%3A%22secureserver.net%22%2C%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22a2plcpnl0752%22%7D&dp=%2Fwp-admin%2Fjs%2Fwidgets%2FWe-Transfer%2F2020%2Flogin.php

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/
Redirect Chain
  • http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/index.php
  • http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Protocol
HTTP/1.1
Server
107.180.40.36 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software
Apache / PHP/7.2.30
Resource Hash
c67757517ee44355bc3bbecca7fe88991fe44c06afb30958a9618ad25235360a

Request headers

Host
sarah-mcclatchy.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 11 Jul 2020 06:34:19 GMT
Server
Apache
X-Powered-By
PHP/7.2.30
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
Content-Length
1975
Keep-Alive
timeout=5
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Sat, 11 Jul 2020 06:34:19 GMT
Server
Apache
X-Powered-By
PHP/7.2.30
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Location
login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Vary
User-Agent
Content-Length
0
Keep-Alive
timeout=5
Content-Type
text/html; charset=UTF-8
jquery.js
sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/jquery.js
Requested by
Host: sarah-mcclatchy.com
URL: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Protocol
HTTP/1.1
Server
107.180.40.36 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
4b940065e2a67c37e3bd02b23c651f4744a3c219aba2d4fb99a631113494d376

Request headers

Referer
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 11 Jul 2020 06:34:20 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 Nov 2019 07:43:42 GMT
Server
Apache
ETag
"8811fa-1764d-597ea92a54780-gzip"
Vary
Accept-Encoding,User-Agent
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
application/javascript
Keep-Alive
timeout=5
Content-Length
33250
jquery_002.js
sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/jquery_002.js
Requested by
Host: sarah-mcclatchy.com
URL: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Protocol
HTTP/1.1
Server
107.180.40.36 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Referer
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 11 Jul 2020 06:34:20 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 Nov 2019 07:43:42 GMT
Server
Apache
ETag
"881208-1538f-597ea92a54780-gzip"
Vary
Accept-Encoding,User-Agent
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
application/javascript
Keep-Alive
timeout=5
Content-Length
30307
bootstrap.js
sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/ 		37 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/bootstrap.js
Requested by
Host: sarah-mcclatchy.com
URL: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Protocol
HTTP/1.1
Server
107.180.40.36 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
909ae563eb34f7e4285a3a643ab5d7c21c5e6a80f3f455b949ac45f08d0389b4

Request headers

Referer
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 11 Jul 2020 06:34:20 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 Nov 2019 07:43:42 GMT
Server
Apache
ETag
"8811d6-92e8-597ea92a54780-gzip"
Vary
Accept-Encoding,User-Agent
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
application/javascript
Keep-Alive
timeout=5
Content-Length
10036
css.css
sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/ 		24 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/css.css
Requested by
Host: sarah-mcclatchy.com
URL: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Protocol
HTTP/1.1
Server
107.180.40.36 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
9e7a0d44a43b5c0094616b8eba6d46c7f34f38ee7c6aea26881652a78eec08d4

Request headers

Referer
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 11 Jul 2020 06:34:20 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 Nov 2019 07:43:42 GMT
Server
Apache
ETag
"8811d7-61b1-597ea92a54780-gzip"
Vary
Accept-Encoding,User-Agent
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=5
Content-Length
1094
grwwk.css
sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/ 		235 KB
31 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/grwwk.css
Requested by
Host: sarah-mcclatchy.com
URL: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Protocol
HTTP/1.1
Server
107.180.40.36 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
ad421504063b2c355e7ffdf73b917ba24b31df02d96b0f02d0b3ffb0229a76e0

Request headers

Referer
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 11 Jul 2020 06:34:20 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 Nov 2019 07:55:58 GMT
Server
Apache
ETag
"8811f5-3aab4-597eabe83bf80-gzip"
Vary
Accept-Encoding,User-Agent
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=5
Content-Length
31063
logo.png
sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/ 		63 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/logo.png
Requested by
Host: sarah-mcclatchy.com
URL: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Protocol
HTTP/1.1
Server
107.180.40.36 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
ace77fd30206ec8338ee91a103f7f77adca8b2bdef251b1f350ce27d53d7bfcc

Request headers

Referer
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 11 Jul 2020 06:34:20 GMT
Last-Modified
Fri, 22 Nov 2019 07:43:40 GMT
Server
Apache
ETag
"88120c-fd3b-597ea9286c300"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
64827
jquery.html
sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/ 		728 B
830 B 		Script
General
Check archive.org
Download Go to
Full URL
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/jquery.html
Requested by
Host: sarah-mcclatchy.com
URL: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Protocol
HTTP/1.1
Server
107.180.40.36 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
e1612abb2912ed27e03ceacc95f7cfa59670dcd1f4dd6d07fb455fcb481c3e02

Request headers

Referer
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 11 Jul 2020 06:34:20 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 Nov 2019 07:43:42 GMT
Server
Apache
ETag
"8811f9-13e-597ea92a54780-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
text/html
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
500
bootstrap.html
sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/ 		744 B
838 B 		Script
General
Check archive.org
Download Go to
Full URL
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/bootstrap.html
Requested by
Host: sarah-mcclatchy.com
URL: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Protocol
HTTP/1.1
Server
107.180.40.36 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
c1ed1c69bf93c65cea7cb72ddc079544a76bb6c2fc69873535c899fd03649908

Request headers

Referer
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 11 Jul 2020 06:34:20 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 Nov 2019 07:43:42 GMT
Server
Apache
ETag
"8811d5-14e-597ea92a54780-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
text/html
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
508
jquery_002.html
sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/ 		742 B
837 B 		Script
General
Check archive.org
Download Go to
Full URL
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/jquery_002.html
Requested by
Host: sarah-mcclatchy.com
URL: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Protocol
HTTP/1.1
Server
107.180.40.36 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
6d4a08e228c1806370a5323d825d8467b43e04eee4dda784d1f3b23268f914b1

Request headers

Referer
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 11 Jul 2020 06:34:20 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 Nov 2019 07:43:42 GMT
Server
Apache
ETag
"881207-14c-597ea92a54780-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
text/html
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
507
sb-admin-2.js
sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/ 		1 KB
925 B 		Script
General
Check archive.org
Download Go to
Full URL
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/sb-admin-2.js
Requested by
Host: sarah-mcclatchy.com
URL: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Protocol
HTTP/1.1
Server
107.180.40.36 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
924aa1d39f73a93d94492e0c71afe269bafc639a03f94d06928736455e14bfb6

Request headers

Referer
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 11 Jul 2020 06:34:21 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 Nov 2019 07:43:40 GMT
Server
Apache
ETag
"88120d-452-597ea9286c300-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
582
tcc_l.combined.1.0.6.min.js
img1.wsimg.com/tcc/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js
Requested by
Host: sarah-mcclatchy.com
URL: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.70.225 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
aa5c1ec4d2ea00eb517eadeb3b65e55b577b7a5ed42d7c2611d15d9050c18350

Request headers

Referer
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 11 Jul 2020 06:34:20 GMT
content-encoding
gzip
last-modified
Fri, 31 Mar 2017 16:26:41 GMT
status
200
etag
"52ef5c943baad21:0"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
content-length
4564
expires
Sun, 11 Jul 2021 06:34:20 GMT
bg.jpg
sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/ 		210 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/bg.jpg
Requested by
Host: sarah-mcclatchy.com
URL: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Protocol
HTTP/1.1
Server
107.180.40.36 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Referer
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/grwwk.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 11 Jul 2020 06:34:20 GMT
Last-Modified
Fri, 22 Nov 2019 07:48:18 GMT
Server
Apache
ETag
"8811d4-7c05a-597eaa318b480"
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
507994
arrow.png
sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/ 		58 KB
59 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/arrow.png
Requested by
Host: sarah-mcclatchy.com
URL: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Protocol
HTTP/1.1
Server
107.180.40.36 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
468a524ffbc16d26f9237ef8b7bab0e8d92370f22f12630e2795c54b1297944b

Request headers

Referer
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/grwwk.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 11 Jul 2020 06:34:20 GMT
Last-Modified
Fri, 22 Nov 2019 07:54:36 GMT
Server
Apache
ETag
"8811d3-e9e5-597eab9a08700"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
59877
tent.png
sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/ 		51 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/tent.png
Requested by
Host: sarah-mcclatchy.com
URL: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Protocol
HTTP/1.1
Server
107.180.40.36 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
f83a0f50000325deac64a58ebdb77aca091de863ac26b4c563bc28b8e8195f7f

Request headers

Referer
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/We_files/grwwk.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 11 Jul 2020 06:34:20 GMT
Last-Modified
Fri, 22 Nov 2019 07:54:30 GMT
Server
Apache
ETag
"881210-cc55-597eab944f980"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
52309
event
img.secureserver.net/t/1/tl/
Redirect Chain
  • http://img.secureserver.net/t/1/tl/event?cts=1594449268161&tce=1594449259880&tcs=1594449259880&tdc=0&tdclee=1594449261162&tdcles=1594449261160&tdi=1594449261160&tdl=1594449260045&tdle=1594449259880...
  • https://img.secureserver.net/t/1/tl/event?cts=1594449268161&tce=1594449259880&tcs=1594449259880&tdc=0&tdclee=1594449261162&tdcles=1594449261160&tdi=1594449261160&tdl=1594449260045&tdle=159444925988...
43 B
639 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.secureserver.net/t/1/tl/event?cts=1594449268161&tce=1594449259880&tcs=1594449259880&tdc=0&tdclee=1594449261162&tdcles=1594449261160&tdi=1594449261160&tdl=1594449260045&tdle=1594449259880&tdls=1594449259880&tfs=1594449259880&tns=1594449258229&trqs=1594449259881&tre=1594449260512&trps=1594449260042&tles=0&tlee=0&ht=perf&dh=sarah-mcclatchy.com&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F83.0.4103.61%20Safari%2F537.36&vci=1593652038&cv=1.0.6&z=307479969&vg=236e9374-8162-449c-ad35-0f1962743b08&vtg=236e9374-8162-449c-ad35-0f1962743b08&ap=cpsh&trfd=%7B%22cts%22%3A1594449261160%2C%22tccl.baseHost%22%3A%22secureserver.net%22%2C%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22a2plcpnl0752%22%7D&dp=%2Fwp-admin%2Fjs%2Fwidgets%2FWe-Transfer%2F2020%2Flogin.php
Requested by
Host: sarah-mcclatchy.com
URL: http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.239.74 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
http://sarah-mcclatchy.com/wp-admin/js/widgets/We-Transfer/2020/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Date
Sat, 11 Jul 2020 06:34:28 GMT
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, PUT, POST, DELETE, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
http://sarah-mcclatchy.com, *
Access-Control-Max-Age
1000
Cache-Control
private
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
43
X-XSS-Protection
1; mode=block

Redirect headers

Location
https://img.secureserver.net/t/1/tl/event?cts=1594449268161&tce=1594449259880&tcs=1594449259880&tdc=0&tdclee=1594449261162&tdcles=1594449261160&tdi=1594449261160&tdl=1594449260045&tdle=1594449259880&tdls=1594449259880&tfs=1594449259880&tns=1594449258229&trqs=1594449259881&tre=1594449260512&trps=1594449260042&tles=0&tlee=0&ht=perf&dh=sarah-mcclatchy.com&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F83.0.4103.61%20Safari%2F537.36&vci=1593652038&cv=1.0.6&z=307479969&vg=236e9374-8162-449c-ad35-0f1962743b08&vtg=236e9374-8162-449c-ad35-0f1962743b08&ap=cpsh&trfd=%7B%22cts%22%3A1594449261160%2C%22tccl.baseHost%22%3A%22secureserver.net%22%2C%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22a2plcpnl0752%22%7D&dp=%2Fwp-admin%2Fjs%2Fwidgets%2FWe-Transfer%2F2020%2Flogin.php
Date
Sat, 11 Jul 2020 06:34:28 GMT
Server
AkamaiGHost
Connection
keep-alive
Content-Length
0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| _trfd function| tcg function| tcp object| perfhandler object| TCCTracker object| _trfq object| true

0 Cookies