latexer.tk Open in urlscan Pro
23.94.137.167 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://latexer.tk/WeTransfer/wp/wpt/index.php?email=nobody@mycraftmail.com
Submission Tags: @ipnigh
Submission: On July 09 via api (July 9th 2019, 2:06:31 am UTC) from GB

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 18 HTTP transactions. The main IP is 23.94.137.167, located in Buffalo, United States and belongs to AS-COLOCROSSING - ColoCrossing, US. The main domain is latexer.tk.
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 9th 2019. Valid for: 3 months.

This is the only time latexer.tk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address		AS Autonomous System
18	23.94.137.167 23.94.137.167		36352 (AS-COLOCR...) (AS-COLOCROSSING - ColoCrossing)
18	1

18 23.94.137.167 (Buffalo, United States)

ASN36352 (AS-COLOCROSSING - ColoCrossing, US)
PTR: webmail.zaratrading.tech

latexer.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	latexer.tk latexer.tk	453 KB
18	1

	Domain	Requested by
18	latexer.tk	latexer.tk
18	1

This site contains no links.

Subject Issuer	Validity	Valid
latexer.tk cPanel, Inc. Certification Authority	`2019-06-09` - `2019-09-07`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://latexer.tk/WeTransfer/wp/wpt/index.php?email=nobody@mycraftmail.com
Frame ID: E0518EF555D14C7255BBDD562B1C3270
Requests: 6 HTTP requests in this frame

Frame: https://latexer.tk/WeTransfer/wp/wpt/bg.html
Frame ID: AA5FC8889FCEFBFFB4535A0BD1432D16
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

453 kB
Transfer

449 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.php Show response latexer.tk/WeTransfer/wp/wpt/	9 KB 9 KB	1379ms 142ms	Document text/html	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Full URL https://latexer.tk/WeTransfer/wp/wpt/index.php?email=nobody@mycraftmail.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `ceba422f99ac497788f73e15850cfc24bfd7c178ae3b6621d0465f27a77b352a` Request headers Host latexer.tk Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 09 Jul 2019 02:06:14 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	analytics.js.html Show response latexer.tk/WeTransfer/wp/wpt/WeTransfer_files/	366 B 607 B	426ms 110ms	Script text/html	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Full URL https://latexer.tk/WeTransfer/wp/wpt/WeTransfer_files/analytics.js.html Requested by Host: latexer.tk URL: https://latexer.tk/WeTransfer/wp/wpt/index.php?email=nobody@mycraftmail.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `e08793686a592036aa47f6b549d07900f808bf8ba1cf7ab06d96c44ce7d163ea` Request headers Referer https://latexer.tk/WeTransfer/wp/wpt/index.php?email=nobody@mycraftmail.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 09 Jul 2019 02:06:14 GMT Last-Modified Wed, 24 Apr 2019 11:26:54 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 366
GET H/1.1	200 OK	bWqOLA69nu2fsMi45LjA.js.html Show response latexer.tk/WeTransfer/wp/wpt/WeTransfer_files/	377 B 618 B	1296ms 108ms	Script text/html	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Full URL https://latexer.tk/WeTransfer/wp/wpt/WeTransfer_files/bWqOLA69nu2fsMi45LjA.js.html Requested by Host: latexer.tk URL: https://latexer.tk/WeTransfer/wp/wpt/index.php?email=nobody@mycraftmail.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `d2c665a717b66dd633c3a8b0af3f085c964c4caf8e742dbbc2df831ca57cf0db` Request headers Referer https://latexer.tk/WeTransfer/wp/wpt/index.php?email=nobody@mycraftmail.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 09 Jul 2019 02:06:15 GMT Last-Modified Wed, 24 Apr 2019 11:26:54 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 377
GET H/1.1	200 OK	gtm.js.html Show response latexer.tk/WeTransfer/wp/wpt/WeTransfer_files/	360 B 601 B	1308ms 111ms	Script text/html	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Full URL https://latexer.tk/WeTransfer/wp/wpt/WeTransfer_files/gtm.js.html Requested by Host: latexer.tk URL: https://latexer.tk/WeTransfer/wp/wpt/index.php?email=nobody@mycraftmail.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `b0b8ef6e2019506e245c295a45dd2846da62fa3d2a265aaa69814ecf4b786fc7` Request headers Referer https://latexer.tk/WeTransfer/wp/wpt/index.php?email=nobody@mycraftmail.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 09 Jul 2019 02:06:15 GMT Last-Modified Wed, 24 Apr 2019 11:26:54 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=91 Content-Length 360
GET H/1.1	200 OK	webrtc-patch.html Show response latexer.tk/WeTransfer/wp/wpt/chrome-extension_/fdcgdnkidjaadafnichfpabhfomcebme/scripts/	406 B 647 B	1395ms 108ms	Script text/html	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Full URL https://latexer.tk/WeTransfer/wp/wpt/chrome-extension_/fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.html Requested by Host: latexer.tk URL: https://latexer.tk/WeTransfer/wp/wpt/index.php?email=nobody@mycraftmail.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `b03167bb284181bddab1e965c6b1941ab12d3b71b4586f2aaad5f1f0fe3317c5` Request headers Referer https://latexer.tk/WeTransfer/wp/wpt/index.php?email=nobody@mycraftmail.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 09 Jul 2019 02:06:15 GMT Last-Modified Wed, 24 Apr 2019 11:26:54 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 406
GET H/1.1	200 OK	application-bd95c1c273b3b6f2c6b24f2eaeeaef30be54981e5727d3ac981a5e003b93d6a6.css latexer.tk/WeTransfer/wp/wpt/WeTransfer_files/	391 KB 391 KB	189ms 108ms	Stylesheet text/css	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Full URL https://latexer.tk/WeTransfer/wp/wpt/WeTransfer_files/application-bd95c1c273b3b6f2c6b24f2eaeeaef30be54981e5727d3ac981a5e003b93d6a6.css Requested by Host: latexer.tk URL: https://latexer.tk/WeTransfer/wp/wpt/index.php?email=nobody@mycraftmail.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `7650cccb518dc3993c51d7a477c1676cf331e22856d2a5456178e5dc96f0ac39` Request headers Referer https://latexer.tk/WeTransfer/wp/wpt/index.php?email=nobody@mycraftmail.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 09 Jul 2019 02:06:14 GMT Last-Modified Thu, 04 Apr 2019 20:36:12 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 400626
GET H/1.1	200 OK	bg.html Show response latexer.tk/WeTransfer/wp/wpt/ Frame AA5F	18 KB 19 KB	189ms 109ms	Document text/html	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Full URL https://latexer.tk/WeTransfer/wp/wpt/bg.html Requested by Host: latexer.tk URL: https://latexer.tk/WeTransfer/wp/wpt/index.php?email=nobody@mycraftmail.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `642ecee610a3ec0595344ad678feda2188b8401585af210de1f0fae381af0ce5` Request headers Host latexer.tk Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Referer https://latexer.tk/WeTransfer/wp/wpt/index.php?email=nobody@mycraftmail.com Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://latexer.tk/WeTransfer/wp/wpt/index.php?email=nobody@mycraftmail.com Response headers Date Tue, 09 Jul 2019 02:06:14 GMT Server Apache Last-Modified Thu, 04 Apr 2019 20:36:02 GMT Accept-Ranges bytes Content-Length 18859 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	screen.css latexer.tk/WeTransfer/wp/wpt/ Frame AA5F	25 KB 26 KB	222ms 114ms	Stylesheet text/css	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Full URL https://latexer.tk/WeTransfer/wp/wpt/screen.css Requested by Host: latexer.tk URL: https://latexer.tk/WeTransfer/wp/wpt/bg.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `e208abf732722d498d15155f0629a1ce5144a72bdc677ccec2ef0bd8bba5c4ef` Request headers Referer https://latexer.tk/WeTransfer/wp/wpt/bg.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 09 Jul 2019 02:06:14 GMT Last-Modified Thu, 04 Apr 2019 20:36:06 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 26061
GET H/1.1	200 OK	wallpaper-api-2.0.js.html Show response latexer.tk/WeTransfer/wp/wpt/ Frame AA5F	357 B 598 B	442ms 109ms	Script text/html	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Full URL https://latexer.tk/WeTransfer/wp/wpt/wallpaper-api-2.0.js.html Requested by Host: latexer.tk URL: https://latexer.tk/WeTransfer/wp/wpt/bg.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `2d53af79cd19107b1397bddeff6e8588128ed5000061dd696441029113373679` Request headers Referer https://latexer.tk/WeTransfer/wp/wpt/bg.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 09 Jul 2019 02:06:15 GMT Last-Modified Wed, 24 Apr 2019 11:27:14 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 357
GET H/1.1	200 OK	wallpaper-toolbox-0.4.0.js.html Show response latexer.tk/WeTransfer/wp/wpt/ Frame AA5F	363 B 604 B	553ms 110ms	Script text/html	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Full URL https://latexer.tk/WeTransfer/wp/wpt/wallpaper-toolbox-0.4.0.js.html Requested by Host: latexer.tk URL: https://latexer.tk/WeTransfer/wp/wpt/bg.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `bdadaf2edce33bf68fffb5c9c1388dc131c9899f830c1112d8fd8ba7bce0fb18` Request headers Referer https://latexer.tk/WeTransfer/wp/wpt/bg.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 09 Jul 2019 02:06:15 GMT Last-Modified Wed, 24 Apr 2019 11:27:14 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 363
GET H/1.1	200 OK	jquery.min.js.html Show response latexer.tk/WeTransfer/wp/wpt/ Frame AA5F	350 B 591 B	647ms 110ms	Script text/html	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Full URL https://latexer.tk/WeTransfer/wp/wpt/jquery.min.js.html Requested by Host: latexer.tk URL: https://latexer.tk/WeTransfer/wp/wpt/bg.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `83368527a1631c87e29e693ea51d7057b3b61681c9a3cc763e400d10ab66635f` Request headers Referer https://latexer.tk/WeTransfer/wp/wpt/bg.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 09 Jul 2019 02:06:15 GMT Last-Modified Wed, 24 Apr 2019 11:27:14 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 350
GET H/1.1	200 OK	bodymovin.min.js.html Show response latexer.tk/WeTransfer/wp/wpt/ Frame AA5F	353 B 594 B	664ms 110ms	Script text/html	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Full URL https://latexer.tk/WeTransfer/wp/wpt/bodymovin.min.js.html Requested by Host: latexer.tk URL: https://latexer.tk/WeTransfer/wp/wpt/bg.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `aea6ff7acac16fd955c0419e85f88783395732c89fb50cec06912d5dc0352a2e` Request headers Referer https://latexer.tk/WeTransfer/wp/wpt/bg.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 09 Jul 2019 02:06:15 GMT Last-Modified Wed, 24 Apr 2019 11:27:14 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 353
GET H/1.1	200 OK	copy.js.html Show response latexer.tk/WeTransfer/wp/wpt/ Frame AA5F	344 B 585 B	865ms 108ms	Script text/html	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Full URL https://latexer.tk/WeTransfer/wp/wpt/copy.js.html Requested by Host: latexer.tk URL: https://latexer.tk/WeTransfer/wp/wpt/bg.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `9848add0613a2bd270c2287825769f0db7cc37ff255fff22e40f9b74ca58a3ad` Request headers Referer https://latexer.tk/WeTransfer/wp/wpt/bg.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 09 Jul 2019 02:06:15 GMT Last-Modified Wed, 24 Apr 2019 11:27:14 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 344
GET H/1.1	200 OK	trackers.js.html Show response latexer.tk/WeTransfer/wp/wpt/ Frame AA5F	348 B 589 B	885ms 110ms	Script text/html	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Full URL https://latexer.tk/WeTransfer/wp/wpt/trackers.js.html Requested by Host: latexer.tk URL: https://latexer.tk/WeTransfer/wp/wpt/bg.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `98bcb3f3d9e6541744d73a746dfd96442840763b24e9f2b8571b83c1f57cf73e` Request headers Referer https://latexer.tk/WeTransfer/wp/wpt/bg.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 09 Jul 2019 02:06:15 GMT Last-Modified Wed, 24 Apr 2019 11:27:14 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=92 Content-Length 348
GET H/1.1	200 OK	1px.html latexer.tk/WeTransfer/wp/wpt/_https_/backgrounds.wetransfer.net/plus/201708/size_orange_v1/images/ Frame AA5F	409 B 409 B	505ms 110ms	Image text/html	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Show image Full URL https://latexer.tk/WeTransfer/wp/wpt/_https_/backgrounds.wetransfer.net/plus/201708/size_orange_v1/images/1px.html Requested by Host: latexer.tk URL: https://latexer.tk/WeTransfer/wp/wpt/bg.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://latexer.tk/WeTransfer/wp/wpt/bg.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 09 Jul 2019 02:06:15 GMT Last-Modified Wed, 24 Apr 2019 11:27:14 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=90 Content-Length 409
GET H/1.1	200 OK	texture.html latexer.tk/WeTransfer/wp/wpt/images/ Frame AA5F	351 B 351 B	589ms 108ms	Image text/html	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Show image Full URL https://latexer.tk/WeTransfer/wp/wpt/images/texture.html Requested by Host: latexer.tk URL: https://latexer.tk/WeTransfer/wp/wpt/bg.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://latexer.tk/WeTransfer/wp/wpt/bg.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 09 Jul 2019 02:06:15 GMT Last-Modified Wed, 24 Apr 2019 11:27:14 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 351
GET H/1.1	200 OK	FreightSans-Pro-Semibold.html latexer.tk/WeTransfer/wp/wpt/fonts/ Frame AA5F	367 B 608 B	151ms 108ms	Font text/html	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Full URL https://latexer.tk/WeTransfer/wp/wpt/fonts/FreightSans-Pro-Semibold.html Requested by Host: latexer.tk URL: https://latexer.tk/WeTransfer/wp/wpt/bg.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `3783b9f2c0fbe337ec02565031b859509a7ddc78be03774fc40d94a7a441f529` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://latexer.tk/WeTransfer/wp/wpt/bg.html Origin https://latexer.tk Response headers Date Tue, 09 Jul 2019 02:06:15 GMT Last-Modified Wed, 24 Apr 2019 11:27:14 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 367
GET H/1.1	200 OK	FreightSans-Pro-Medium.html latexer.tk/WeTransfer/wp/wpt/fonts/ Frame AA5F	365 B 606 B	169ms 109ms	Font text/html	23.94.137.167 ColoCrossing
General Check archive.org Show headers Download Go to Full URL https://latexer.tk/WeTransfer/wp/wpt/fonts/FreightSans-Pro-Medium.html Requested by Host: latexer.tk URL: https://latexer.tk/WeTransfer/wp/wpt/bg.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.137.167 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US), Reverse DNS webmail.zaratrading.tech Software Apache / Resource Hash `4f688f44c64791f3ccdf9137cbde66437bbfa48341314f9bb1057ac0dc400240` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://latexer.tk/WeTransfer/wp/wpt/bg.html Origin https://latexer.tk Response headers Date Tue, 09 Jul 2019 02:06:15 GMT Last-Modified Wed, 24 Apr 2019 11:27:14 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 365

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| init

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://latexer.tk/WeTransfer/wp/wpt/index.php?email=nobody@mycraftmail.com(Line 71) Message: [object CSSStyleDeclaration]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

latexer.tk
23.94.137.167
2d53af79cd19107b1397bddeff6e8588128ed5000061dd696441029113373679
3783b9f2c0fbe337ec02565031b859509a7ddc78be03774fc40d94a7a441f529
4f688f44c64791f3ccdf9137cbde66437bbfa48341314f9bb1057ac0dc400240
642ecee610a3ec0595344ad678feda2188b8401585af210de1f0fae381af0ce5
7650cccb518dc3993c51d7a477c1676cf331e22856d2a5456178e5dc96f0ac39
83368527a1631c87e29e693ea51d7057b3b61681c9a3cc763e400d10ab66635f
9848add0613a2bd270c2287825769f0db7cc37ff255fff22e40f9b74ca58a3ad
98bcb3f3d9e6541744d73a746dfd96442840763b24e9f2b8571b83c1f57cf73e
aea6ff7acac16fd955c0419e85f88783395732c89fb50cec06912d5dc0352a2e
b03167bb284181bddab1e965c6b1941ab12d3b71b4586f2aaad5f1f0fe3317c5
b0b8ef6e2019506e245c295a45dd2846da62fa3d2a265aaa69814ecf4b786fc7
bdadaf2edce33bf68fffb5c9c1388dc131c9899f830c1112d8fd8ba7bce0fb18
ceba422f99ac497788f73e15850cfc24bfd7c178ae3b6621d0465f27a77b352a
d2c665a717b66dd633c3a8b0af3f085c964c4caf8e742dbbc2df831ca57cf0db
e08793686a592036aa47f6b549d07900f808bf8ba1cf7ab06d96c44ce7d163ea
e208abf732722d498d15155f0629a1ce5144a72bdc677ccec2ef0bd8bba5c4ef
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

latexer.tk Open in urlscan Pro 23.94.137.167 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

453 kBTransfer

449 kBSize

0 Cookies

0 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

latexer.tk Open in urlscan Pro
23.94.137.167 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

453 kB
Transfer

449 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!