295c0dc1.getwetransferpro.pages.dev
Open in
urlscan Pro
172.64.134.13
Malicious Activity!
Public Scan
Effective URL: https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNK...
Submission Tags: falconsandbox
Submission: On October 25 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 25th 2021. Valid for: a year.
This is the only time 295c0dc1.getwetransferpro.pages.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WeTransfer (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 142.250.186.161 142.250.186.161 | 15169 (GOOGLE) (GOOGLE) | |
1 | 172.64.134.13 172.64.134.13 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 47.254.218.78 47.254.218.78 | 45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba US Technology Co.) | |
2 2 | 13.32.121.14 13.32.121.14 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 18.66.97.45 18.66.97.45 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 69.16.175.42 69.16.175.42 | 33438 (HIGHWINDS2) (HIGHWINDS2) | |
1 | 104.16.19.94 104.16.19.94 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.186.138 142.250.186.138 | 15169 (GOOGLE) (GOOGLE) | |
9 | 7 |
ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f1.1e100.net
googleweblight.com |
ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba US Technology Co., Ltd., CN)
excel567.oss-ap-southeast-3.aliyuncs.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-14.fra60.r.cloudfront.net
cdn.glitch.com |
ASN33438 (HIGHWINDS2, US)
PTR: tlb.hwcdn.net
code.jquery.com |
ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com | |
stackpath.bootstrapcdn.com |
ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f10.1e100.net
ajax.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com |
29 KB |
2 |
glitch.me
cdn.glitch.me |
241 KB |
2 |
glitch.com
2 redirects
cdn.glitch.com |
852 B |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
7 KB |
1 |
jquery.com
code.jquery.com |
24 KB |
1 |
aliyuncs.com
excel567.oss-ap-southeast-3.aliyuncs.com |
|
1 |
pages.dev
295c0dc1.getwetransferpro.pages.dev |
8 KB |
1 |
googleweblight.com
1 redirects
googleweblight.com |
1 KB |
9 | 9 |
Domain | Requested by | |
---|---|---|
2 | cdn.glitch.me |
295c0dc1.getwetransferpro.pages.dev
|
2 | cdn.glitch.com | 2 redirects |
1 | stackpath.bootstrapcdn.com |
295c0dc1.getwetransferpro.pages.dev
|
1 | ajax.googleapis.com |
295c0dc1.getwetransferpro.pages.dev
|
1 | maxcdn.bootstrapcdn.com |
295c0dc1.getwetransferpro.pages.dev
|
1 | cdnjs.cloudflare.com |
295c0dc1.getwetransferpro.pages.dev
|
1 | code.jquery.com |
295c0dc1.getwetransferpro.pages.dev
|
1 | excel567.oss-ap-southeast-3.aliyuncs.com |
295c0dc1.getwetransferpro.pages.dev
|
1 | 295c0dc1.getwetransferpro.pages.dev | |
1 | googleweblight.com | 1 redirects |
9 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-10-25 - 2022-10-24 |
a year | crt.sh |
*.oss-ap-southeast-1.aliyuncs.com GlobalSign Organization Validation CA - SHA256 - G2 |
2021-02-25 - 2022-02-26 |
a year | crt.sh |
glitch.com Amazon |
2021-01-18 - 2022-02-15 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-10-04 - 2021-12-27 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH
Frame ID: F7DF046852A4C019026C0D844296F1A4
Requests: 9 HTTP requests in this frame
Screenshot
Page Title
We TransferPage URL History Show full URLs
-
https://googleweblight.com/i?u=295c0dc1.getwetransferpro.pages.dev%2FctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqT...
HTTP 302
http://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTC... HTTP 307
https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTC... Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Popper (Miscellaneous) Expand
Detected patterns
- <script [^>]*src="[^"]*/popper\.js/([0-9.]+)
- /popper\.js/([0-9.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
- /([\d.]+)/jquery(?:\.min)?\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://googleweblight.com/i?u=295c0dc1.getwetransferpro.pages.dev%2FctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH
HTTP 302
http://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH HTTP 307
https://295c0dc1.getwetransferpro.pages.dev/ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://cdn.glitch.com/a9bfcce0-422b-46e4-9074-3147cbc03390%2Fbg.jpg?v=1600376573408 HTTP 301
- https://cdn.glitch.me/a9bfcce0-422b-46e4-9074-3147cbc03390%2Fbg.jpg
- https://cdn.glitch.com/6669d537-2d72-4d4d-93a3-c34f65068699%2Fwetransfer%20logo.png?v=1611480846175 HTTP 301
- https://cdn.glitch.me/6669d537-2d72-4d4d-93a3-c34f65068699%2Fwetransfer%20logo.png
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
ctKKWxZJTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrTnkMNKkPdtQSqFxkwsnXNfLmqTCzJPsjrLPpHlhZrCSkcqpH
295c0dc1.getwetransferpro.pages.dev/ Redirect Chain
|
25 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pdf.js
excel567.oss-ap-southeast-3.aliyuncs.com/ |
0 0 |
Script
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
a9bfcce0-422b-46e4-9074-3147cbc03390%2Fbg.jpg
cdn.glitch.me/ Redirect Chain
|
115 KB 115 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
6669d537-2d72-4d4d-93a3-c34f65068699%2Fwetransfer%20logo.png
cdn.glitch.me/ Redirect Chain
|
125 KB 126 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WeTransfer (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster string| cxts function| $ function| jQuery object| bootstrap1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.googleweblight.com/ | Name: NID Value: 511=LlpEiT2nTkiYj-SNSRySsmMN6Hz7EF8wvankywvHpz-Pa6T-K0Vzf4ywoGRX__TwCvimOKOP1gplWlryJIWHd6F3BW5gbgHh1oi4kOJxVqx06f6GTNuy103SI5tiJLnHQzVcsI8Ma_1Kl4Q39CmGauYqcZ0JCs-3LZmgLLO8TXg |
17 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
295c0dc1.getwetransferpro.pages.dev
ajax.googleapis.com
cdn.glitch.com
cdn.glitch.me
cdnjs.cloudflare.com
code.jquery.com
excel567.oss-ap-southeast-3.aliyuncs.com
googleweblight.com
maxcdn.bootstrapcdn.com
stackpath.bootstrapcdn.com
104.16.19.94
104.18.11.207
13.32.121.14
142.250.186.138
142.250.186.161
172.64.134.13
18.66.97.45
47.254.218.78
69.16.175.42
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
2a8281ebaeee4dbc6452cbca892800ebae3b1159afe72ae30313b1c9262f0667
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a4941ebb2e7e822df91d28c61d8a2a9eb3641c95619796f6efd8cd93077958e5
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
baac93855451e14898a6b5aaf78da07ffa9b61bb4d75c3a5353b18bb6660eab5
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b