295c0dc1.getwetransferpro.pages.dev Open in urlscan Pro
172.64.134.13  Malicious Activity! Public Scan

Submitted URL: https://googleweblight.com/i?u=295c0dc1.getwetransferpro.pages.dev%2FctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMN...
Effective URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNK...
Submission Tags: falconsandbox
Submission: On October 25 via api from US — Scanned from DE

Summary

This website contacted 7 IPs in 2 countries across 9 domains to perform 9 HTTP transactions. The main IP is 172.64.134.13, located in United States and belongs to CLOUDFLARENET, US. The main domain is 295c0dc1.getwetransferpro.pages.dev.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 25th 2021. Valid for: a year.
This is the only time 295c0dc1.getwetransferpro.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 142.250.186.161 15169 (GOOGLE)
1 172.64.134.13 13335 (CLOUDFLAR...)
1 47.254.218.78 45102 (CNNIC-ALI...)
2 2 13.32.121.14 16509 (AMAZON-02)
2 18.66.97.45 16509 (AMAZON-02)
1 69.16.175.42 33438 (HIGHWINDS2)
1 104.16.19.94 13335 (CLOUDFLAR...)
2 104.18.11.207 13335 (CLOUDFLAR...)
1 142.250.186.138 15169 (GOOGLE)
9 7
Domain Requested by
2 cdn.glitch.me 295c0dc1.getwetransferpro.pages.dev
2 cdn.glitch.com 2 redirects
1 stackpath.bootstrapcdn.com 295c0dc1.getwetransferpro.pages.dev
1 ajax.googleapis.com 295c0dc1.getwetransferpro.pages.dev
1 maxcdn.bootstrapcdn.com 295c0dc1.getwetransferpro.pages.dev
1 cdnjs.cloudflare.com 295c0dc1.getwetransferpro.pages.dev
1 code.jquery.com 295c0dc1.getwetransferpro.pages.dev
1 excel567.oss-ap-southeast-3.aliyuncs.com 295c0dc1.getwetransferpro.pages.dev
1 295c0dc1.getwetransferpro.pages.dev
1 googleweblight.com 1 redirects
9 10

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-10-25 -
2022-10-24
a year crt.sh
*.oss-ap-southeast-1.aliyuncs.com
GlobalSign Organization Validation CA - SHA256 - G2
2021-02-25 -
2022-02-26
a year crt.sh
glitch.com
Amazon
2021-01-18 -
2022-02-15
a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2021-07-14 -
2022-08-14
a year crt.sh
upload.video.google.com
GTS CA 1C3
2021-10-04 -
2021-12-27
3 months crt.sh

This page contains 1 frames:

Primary Page: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH
Frame ID: F7DF046852A4C019026C0D844296F1A4
Requests: 9 HTTP requests in this frame

Screenshot

Page Title

We Transfer

Page URL History Show full URLs

  1. https://googleweblight.com/i?u=295c0dc1.getwetransferpro.pages.dev%2FctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqT... HTTP 302
    http://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTC... HTTP 307
    https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTC... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • <script [^>]*src="[^"]*/popper\.js/([0-9.]+)
  • /popper\.js/([0-9.]+)

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
  • /([\d.]+)/jquery(?:\.min)?\.js

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

9
Domains

10
Subdomains

7
IPs

2
Countries

338 kB
Transfer

533 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://googleweblight.com/i?u=295c0dc1.getwetransferpro.pages.dev%2FctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH HTTP 302
    http://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH HTTP 307
    https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://cdn.glitch.com/a9bfcce0-422b-46e4-9074-3147cbc03390%2Fbg.jpg?v=1600376573408 HTTP 301
  • https://cdn.glitch.me/a9bfcce0-422b-46e4-9074-3147cbc03390%2Fbg.jpg
Request Chain 2
  • https://cdn.glitch.com/6669d537-2d72-4d4d-93a3-c34f65068699%2Fwetransfer%20logo.png?v=1611480846175 HTTP 301
  • https://cdn.glitch.me/6669d537-2d72-4d4d-93a3-c34f65068699%2Fwetransfer%20logo.png

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH
295c0dc1.getwetransferpro.pages.dev/
Redirect Chain
  • https://googleweblight.com/i?u=295c0dc1.getwetransferpro.pages.dev%2FctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHl...
  • http://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH
  • https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH
25 KB
8 KB
Document
General
Full URL
https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.134.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4941ebb2e7e822df91d28c61d8a2a9eb3641c95619796f6efd8cd93077958e5

Request headers

:method
GET
:authority
295c0dc1.getwetransferpro.pages.dev
:scheme
https
:path
/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Mon, 25 Oct 2021 14:08:49 GMT
content-type
text/html; charset=utf-8
cache-control
public, max-age=0, must-revalidate
etag
W/"c022df1417b8f1f47ea9cc73e4bd492b"
x-robots-tag
noindex
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dqZ6Vd2SkXD8XAlAT%2BWo9V97uWdtXzy0ge34y809RoVBCd2EBiDaYJ%2BkPJnPWN4R8YYLRp0Rax%2B2PncETb3SPL5P5p0VvGWFPoLYOnVdOj9iuJewyNIEa7LmLfXrAVx5pnKUYZnloZfRNDIBAw0NGRlaZm5yqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
6a3c04e36f7b4119-PRG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

Location
https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH#it%40maerskbroker.com
Non-Authoritative-Reason
HSTS
pdf.js
excel567.oss-ap-southeast-3.aliyuncs.com/
0
0
Script
General
Full URL
https://excel567.oss-ap-southeast-3.aliyuncs.com/pdf.js
Requested by
Host: 295c0dc1.getwetransferpro.pages.dev
URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.254.218.78 Kuala Lumpur, Malaysia, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://295c0dc1.getwetransferpro.pages.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

a9bfcce0-422b-46e4-9074-3147cbc03390%2Fbg.jpg
cdn.glitch.me/
Redirect Chain
  • https://cdn.glitch.com/a9bfcce0-422b-46e4-9074-3147cbc03390%2Fbg.jpg?v=1600376573408
  • https://cdn.glitch.me/a9bfcce0-422b-46e4-9074-3147cbc03390%2Fbg.jpg
115 KB
115 KB
Image
General
Full URL
https://cdn.glitch.me/a9bfcce0-422b-46e4-9074-3147cbc03390%2Fbg.jpg
Requested by
Host: 295c0dc1.getwetransferpro.pages.dev
URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2a8281ebaeee4dbc6452cbca892800ebae3b1159afe72ae30313b1c9262f0667

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://295c0dc1.getwetransferpro.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 16:44:35 GMT
Via
1.1 83f1b8f73f37458f38e2ee1fc0b9e68d.cloudfront.net (CloudFront)
Age
1805055
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
117459
Last-Modified
Thu, 17 Sep 2020 21:02:53 GMT
Server
AmazonS3
ETag
"6e5b76b6f1740d6d21c8d968a0364df6"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET, HEAD, POST
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
X-Amz-Cf-Pop
FRA56-P2
X-Amz-Cf-Id
JLR8tUM9gXeGdkxTuXLMRdnSLCNMBXJi4rHdymHfjKhHh6VWDvfOyQ==

Redirect headers

Date
Mon, 25 Oct 2021 12:18:53 GMT
Via
1.1 b04a6cb0bde4a78c29099913e07f9056.cloudfront.net (CloudFront)
Server
AmazonS3
Age
6597
X-Cache
Hit from cloudfront
Location
https://cdn.glitch.me/a9bfcce0-422b-46e4-9074-3147cbc03390%2Fbg.jpg
Connection
keep-alive
X-Amz-Cf-Pop
FRA60-P1
Content-Length
0
X-Amz-Cf-Id
XmTAAUps2ctUIa4GA63MAJ-Th5DJCzVdQZngOgCuAew7Gw1ce7vCFw==
6669d537-2d72-4d4d-93a3-c34f65068699%2Fwetransfer%20logo.png
cdn.glitch.me/
Redirect Chain
  • https://cdn.glitch.com/6669d537-2d72-4d4d-93a3-c34f65068699%2Fwetransfer%20logo.png?v=1611480846175
  • https://cdn.glitch.me/6669d537-2d72-4d4d-93a3-c34f65068699%2Fwetransfer%20logo.png
125 KB
126 KB
Image
General
Full URL
https://cdn.glitch.me/6669d537-2d72-4d4d-93a3-c34f65068699%2Fwetransfer%20logo.png
Requested by
Host: 295c0dc1.getwetransferpro.pages.dev
URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
baac93855451e14898a6b5aaf78da07ffa9b61bb4d75c3a5353b18bb6660eab5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://295c0dc1.getwetransferpro.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 24 Oct 2021 11:09:28 GMT
Via
1.1 83f1b8f73f37458f38e2ee1fc0b9e68d.cloudfront.net (CloudFront)
Age
97161
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
128338
Last-Modified
Sun, 24 Jan 2021 09:34:07 GMT
Server
AmazonS3
ETag
"3b5b6359339cae31e66ea9c165476c1c"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET, HEAD, POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
X-Amz-Cf-Pop
FRA56-P2
X-Amz-Cf-Id
2vDVetz4quKT9cTE55MVEg_3r2a7_DH8R3ZGd9V6zm7zcjm1pWokxA==

Redirect headers

Date
Mon, 25 Oct 2021 11:14:05 GMT
Via
1.1 b04a6cb0bde4a78c29099913e07f9056.cloudfront.net (CloudFront)
Server
AmazonS3
Age
10485
X-Cache
Hit from cloudfront
Location
https://cdn.glitch.me/6669d537-2d72-4d4d-93a3-c34f65068699%2Fwetransfer%20logo.png
Connection
keep-alive
X-Amz-Cf-Pop
FRA60-P1
Content-Length
0
X-Amz-Cf-Id
EXzKBC-yEsiwDa_-gCaUyCc-3Op1d57HbMFHWdREVtbaFC2UWvUpuA==
jquery-3.2.1.slim.min.js
code.jquery.com/
68 KB
24 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.2.1.slim.min.js
Requested by
Host: 295c0dc1.getwetransferpro.pages.dev
URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.16.175.42 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Request headers

Referer
https://295c0dc1.getwetransferpro.pages.dev/
Origin
https://295c0dc1.getwetransferpro.pages.dev
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Mon, 25 Oct 2021 14:08:49 GMT
content-encoding
gzip
last-modified
Mon, 20 Mar 2017 19:01:15 GMT
server
nginx
etag
W/"58d026fb-10fdd"
vary
Accept-Encoding
x-hw
1635170929.dop242.fr8.t,1635170929.cds264.fr8.hn,1635170929.cds257.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
23856
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/
19 KB
7 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Requested by
Host: 295c0dc1.getwetransferpro.pages.dev
URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.19.94 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://295c0dc1.getwetransferpro.pages.dev/
Origin
https://295c0dc1.getwetransferpro.pages.dev
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Mon, 25 Oct 2021 14:08:49 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
3770811
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6157
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:15:37 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fa9-4af4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NETQ6DGjNhbqIKERGDcf8%2F5Js%2BXkVQaO%2FTZOCRs6%2BeUcZGnh5txnyO5F1Y2uVJPvQHFv3Wrxw%2BJ1WCMtfca6rWYFoOyZ2L8vzkHo6qzxyAwzxKoXCRY6OSTG7umBwQC6QGdCEc6c"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6a3c04e4fe0b277c-PRG
expires
Sat, 15 Oct 2022 14:08:49 GMT
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/
48 KB
14 KB
Script
General
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Requested by
Host: 295c0dc1.getwetransferpro.pages.dev
URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.11.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://295c0dc1.getwetransferpro.pages.dev/
Origin
https://295c0dc1.getwetransferpro.pages.dev
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Mon, 25 Oct 2021 14:08:49 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601
age
5640
cdn-cachedat
08/04/2021 00:04:37
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cdn-proxyver
1.0
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
157f13f0cdc54b4327d5b9dda899b46b
cf-ray
6a3c04e55a3b27b8-PRG
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/
84 KB
30 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: 295c0dc1.getwetransferpro.pages.dev
URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f10.1e100.net
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://295c0dc1.getwetransferpro.pages.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Mon, 25 Oct 2021 12:26:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6145
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="hosted-libraries-pushers"
expires
Tue, 25 Oct 2022 12:26:24 GMT
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/
50 KB
15 KB
Script
General
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Requested by
Host: 295c0dc1.getwetransferpro.pages.dev
URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.11.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://295c0dc1.getwetransferpro.pages.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Mon, 25 Oct 2021 14:08:49 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
723, 718, 718
age
16014971
cdn-cachedat
2021-04-23 07:31:43
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:06 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
d5ed8711e187b713b8033abce9385c15
cf-ray
6a3c04e61e2a4125-PRG
cdn-requestcountrycode
CZ
cdn-requestpullsuccess
True

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster string| cxts function| $ function| jQuery object| bootstrap

1 Cookies

Domain/Path Name / Value
.googleweblight.com/ Name: NID
Value: 511=LlpEiT2nTkiYj-SNSRySsmMN6Hz7EF8wvankywvHpz-Pa6T-K0Vzf4ywoGRX__TwCvimOKOP1gplWlryJIWHd6F3BW5gbgHh1oi4kOJxVqx06f6GTNuy103SI5tiJLnHQzVcsI8Ma_1Kl4Q39CmGauYqcZ0JCs-3LZmgLLO8TXg

17 Console Messages

Source Level URL
Text
javascript warning URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://excel567.oss-ap-southeast-3.aliyuncs.com/pdf.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.2.1.slim.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://excel567.oss-ap-southeast-3.aliyuncs.com/pdf.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.2.1.slim.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://excel567.oss-ap-southeast-3.aliyuncs.com/pdf.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
security error URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH#it%40maerskbroker.com
Message:
Error parsing 'integrity' attribute ('sha384-ApNbgh9B +Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q'). The hash algorithm must be one of 'sha256', 'sha384', or 'sha512', followed by a '-' character.
security error URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH#it%40maerskbroker.com
Message:
Failed to find a valid digest in the 'integrity' attribute for resource 'https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js' with computed SHA-256 integrity 'pS96pU17yq+gVu4KBQJi38VpSuKN7otMrDQprzf/DWY='. The resource has been blocked.
security error URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH#it%40maerskbroker.com
Message:
Error parsing 'integrity' attribute ('sha384- JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl'). The digest must be a valid, base64-encoded value.
security error URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH#it%40maerskbroker.com
Message:
Error parsing 'integrity' attribute ('sha384- JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl'). The hash algorithm must be one of 'sha256', 'sha384', or 'sha512', followed by a '-' character.