ca71259.tw1.ru Open in urlscan Pro
2a03:6f00:1::5c35:6079 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ca71259.tw1.ru/wetransferpro/log.html
Submission: On June 23 via automatic, source phishtank (June 23rd 2024, 2:51:45 pm UTC) — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 14 HTTP transactions. The main IP is 2a03:6f00:1::5c35:6079, located in Russian Federation and belongs to TIMEWEB-AS, RU. The main domain is ca71259.tw1.ru.
TLS certificate: Issued by GlobalSign GCC R3 DV TLS CA 2020 on January 11th 2024. Valid for: a year.

This is the only time ca71259.tw1.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address	AS Autonomous System
7	2a03:6f00:1::... 2a03:6f00:1::5c35:6079	9123 (TIMEWEB-AS) (TIMEWEB-AS)
3	13.32.99.125 13.32.99.125	16509 (AMAZON-02) (AMAZON-02)
14	3

7 2a03:6f00:1::5c35:6079 (Russian Federation)

ASN9123 (TIMEWEB-AS, RU)

ca71259.tw1.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.32.99.125 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-125.fra60.r.cloudfront.net

auth-cdn.wetransfer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	tw1.ru ca71259.tw1.ru	896 KB
3	wetransfer.com auth-cdn.wetransfer.com — Cisco Umbrella Rank: 203330	36 KB
14	2

	Domain	Requested by
7	ca71259.tw1.ru	ca71259.tw1.ru
3	auth-cdn.wetransfer.com	ca71259.tw1.ru auth-cdn.wetransfer.com
14	2

This site contains no links.

Subject Issuer	Validity	Valid
*.tw1.ru GlobalSign GCC R3 DV TLS CA 2020	`2024-01-11` - `2025-02-11`	a year	crt.sh
wetransfer.com Amazon RSA 2048 M03	`2024-05-09` - `2025-06-06`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ca71259.tw1.ru/wetransferpro/log.html
Frame ID: 8D20658F138EACA252FCAF2EF1BC7425
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WeTransfer account | WeTransfer

Page Statistics

14
Requests

71 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

932 kB
Transfer

1117 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request log.html Show response ca71259.tw1.ru/wetransferpro/	212 KB 59 KB	436ms 234ms	Document text/html	2a03:6f00:1::5c35:6079 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://ca71259.tw1.ru/wetransferpro/log.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:6f00:1::5c35:6079 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS Software nginx/1.24.0 / Resource Hash `5307e034f143bfe21bc9984067511c283789d0d23e78fb0c51d783585a23b74f` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers content-encoding gzip content-type text/html; charset=utf-8 date Sun, 23 Jun 2024 14:51:37 GMT etag W/"34ea2-617ddc904a500" last-modified Tue, 07 May 2024 14:13:08 GMT server nginx/1.24.0 vary Accept-Encoding
GET H2	200	fonts.css auth-cdn.wetransfer.com/assets/styles/	824 B 1 KB	164ms 51ms	Stylesheet text/css	13.32.99.125 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://auth-cdn.wetransfer.com/assets/styles/fonts.css Requested by Host: ca71259.tw1.ru URL: https://ca71259.tw1.ru/wetransferpro/log.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.125 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-125.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash `cde80e58fff4561911f7397ef39dca6cfd699cf91ae6a205ff0a38b248d9d2d4` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://ca71259.tw1.ru/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 22 Jun 2024 15:36:48 GMT via 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront) last-modified Mon, 01 Feb 2021 13:06:52 GMT server AmazonS3 x-amz-cf-pop FRA60-P3 age 83690 etag "c407710c4d344d6ac8cea97689e02199" x-cache Hit from cloudfront content-type text/css accept-ranges bytes content-length 824 x-amz-cf-id DkWzLoFip7zLrM3wf0l6qGhhAZoVaDBV7U7fnPXON0OaykatEy3Yvw==
GET H2	200	transfer_login_styles.css auth-cdn.wetransfer.com/assets/styles/	31 KB 7 KB	60ms 59ms	Stylesheet text/css	13.32.99.125 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://auth-cdn.wetransfer.com/assets/styles/transfer_login_styles.css?v=9bda5de9badbf5d37695eeb997ace97c Requested by Host: ca71259.tw1.ru URL: https://ca71259.tw1.ru/wetransferpro/log.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.125 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-125.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash `96be93d1f7c250f6eaf427558e8c039fd63d2cf7920857c7ddea2c690d251184` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://ca71259.tw1.ru/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 23 Jun 2024 05:25:52 GMT content-encoding br via 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront) last-modified Tue, 30 Apr 2024 13:07:27 GMT server AmazonS3 x-amz-cf-pop FRA60-P3 age 33946 x-amz-server-side-encryption AES256 etag W/"5280c59cad793473f335291d9fd51524" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css x-amz-cf-id xg6hEebcqedJYN7qaQylMZpMLMYoLYsQAamVNW_bg_jUQW5j2e4hgQ==
GET H2	200	cross-icon.svg ca71259.tw1.ru/wetransferpro/img/	977 B 1 KB	89ms 88ms	Image image/svg+xml	2a03:6f00:1::5c35:6079 TIMEWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ca71259.tw1.ru/wetransferpro/img/cross-icon.svg Requested by Host: ca71259.tw1.ru URL: https://ca71259.tw1.ru/wetransferpro/log.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:6f00:1::5c35:6079 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS Software nginx/1.24.0 / Resource Hash `d58a7b9518c5f32458eccc39b0cd4c187968697f83fea7bfc56ce0dc21cd5f62` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://ca71259.tw1.ru/wetransferpro/log.html Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 23 Jun 2024 14:51:37 GMT last-modified Thu, 14 Mar 2024 16:34:16 GMT server nginx/1.24.0 etag "65f32708-3d1" content-type image/svg+xml cache-control max-age=31536000 accept-ranges bytes content-length 977 expires Mon, 23 Jun 2025 14:51:37 GMT
GET H2	200	wetransfer-text-logo.svg ca71259.tw1.ru/wetransferpro/img/	6 KB 3 KB	90ms 89ms	Image image/svg+xml	2a03:6f00:1::5c35:6079 TIMEWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ca71259.tw1.ru/wetransferpro/img/wetransfer-text-logo.svg Requested by Host: ca71259.tw1.ru URL: https://ca71259.tw1.ru/wetransferpro/log.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:6f00:1::5c35:6079 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS Software nginx/1.24.0 / Resource Hash `fd7108379b77e618b1f8e812a72c90338233b88137fe80666d236db4295ed57c` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://ca71259.tw1.ru/wetransferpro/log.html Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 23 Jun 2024 14:51:37 GMT content-encoding gzip last-modified Thu, 14 Mar 2024 16:34:16 GMT server nginx/1.24.0 etag W/"65f32708-1764" vary Accept-Encoding content-type image/svg+xml cache-control max-age=31536000 expires Mon, 23 Jun 2025 14:51:37 GMT
GET H2	200	transfer-general.png ca71259.tw1.ru/wetransferpro/img/	732 KB 733 KB	273ms 272ms	Image image/png	2a03:6f00:1::5c35:6079 TIMEWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ca71259.tw1.ru/wetransferpro/img/transfer-general.png Requested by Host: ca71259.tw1.ru URL: https://ca71259.tw1.ru/wetransferpro/log.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:6f00:1::5c35:6079 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS Software nginx/1.24.0 / Resource Hash `26350bef02c0812b33389f4d5336ba0aa3422ad165cd536507b8431a22992582` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://ca71259.tw1.ru/wetransferpro/log.html Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 23 Jun 2024 14:51:37 GMT last-modified Thu, 14 Mar 2024 16:34:16 GMT server nginx/1.24.0 etag "65f32708-b7146" content-type image/png cache-control max-age=31536000 accept-ranges bytes content-length 749894 expires Mon, 23 Jun 2025 14:51:37 GMT
GET H2	200	logo-free-mobile.svg ca71259.tw1.ru/wetransferpro/img/	6 KB 3 KB	659ms 658ms	Image image/svg+xml	2a03:6f00:1::5c35:6079 TIMEWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ca71259.tw1.ru/wetransferpro/img/logo-free-mobile.svg Requested by Host: ca71259.tw1.ru URL: https://ca71259.tw1.ru/wetransferpro/log.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:6f00:1::5c35:6079 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS Software nginx/1.24.0 / Resource Hash `9fe25d8abe96455f6df6a86e43a7647cdd2c6fc3a9594fdb09911cece95d6b72` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://ca71259.tw1.ru/wetransferpro/log.html Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 23 Jun 2024 14:51:37 GMT content-encoding gzip last-modified Thu, 14 Mar 2024 16:34:16 GMT server nginx/1.24.0 etag W/"65f32708-16fe" vary Accept-Encoding content-type image/svg+xml cache-control max-age=31536000 expires Mon, 23 Jun 2025 14:51:37 GMT
GET H2	200	tof.png ca71259.tw1.ru/wetransferpro/img/	90 KB 90 KB	736ms 735ms	Image image/png	2a03:6f00:1::5c35:6079 TIMEWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ca71259.tw1.ru/wetransferpro/img/tof.png Requested by Host: ca71259.tw1.ru URL: https://ca71259.tw1.ru/wetransferpro/log.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:6f00:1::5c35:6079 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS Software nginx/1.24.0 / Resource Hash `444f57ffef64fea7336226b56b97b652becc4c9916c3e5f4cc4732225b007488` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://ca71259.tw1.ru/wetransferpro/log.html Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 23 Jun 2024 14:51:37 GMT last-modified Thu, 14 Mar 2024 16:34:16 GMT server nginx/1.24.0 etag "65f32708-16683" content-type image/png cache-control max-age=31536000 accept-ranges bytes content-length 91779 expires Mon, 23 Jun 2025 14:51:37 GMT
GET H2	200	logomail.jpg ca71259.tw1.ru/wetransferpro/img/	7 KB 7 KB	736ms 736ms	Image image/jpeg	2a03:6f00:1::5c35:6079 TIMEWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ca71259.tw1.ru/wetransferpro/img/logomail.jpg Requested by Host: ca71259.tw1.ru URL: https://ca71259.tw1.ru/wetransferpro/log.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:6f00:1::5c35:6079 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS Software nginx/1.24.0 / Resource Hash `ee958db1974df5de324c9930879a18df6f92c0e95a9fa6e5c4c39c303d4bac87` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://ca71259.tw1.ru/wetransferpro/log.html Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 23 Jun 2024 14:51:37 GMT last-modified Thu, 14 Mar 2024 16:34:16 GMT server nginx/1.24.0 etag "65f32708-1cc6" content-type image/jpeg cache-control max-age=31536000 accept-ranges bytes content-length 7366 expires Mon, 23 Jun 2025 14:51:37 GMT
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1f39a1017906d512934d04cef8dbd816ebe0206eab872da92d30fdb554c84a89` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	943 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e7bf2df0a16db084dfa378e073c399b14fa4c48e92764bdb5497051f9786ce77` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET		ActiefGrotesque-W-Regular.woff auth-cdn.wetransfer.com/assets/fonts/	0 0

GET DATA	200 OK	truncated /	565 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `42c52bdbaa9c00ee5d298c01ccd6399083ff9283156da45904f679542243fe24` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6dbba1863bcfe251266f22a6c3b047f788a4851623c58c7b6b750809f0885dad` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET		GT-Super-WT-Regular.woff auth-cdn.wetransfer.com/assets/fonts/	0 0

GET		ActiefGrotesque-W-Medium.woff auth-cdn.wetransfer.com/assets/fonts/	0 0

GET		ActiefGrotesque-W-Bd.woff auth-cdn.wetransfer.com/assets/fonts/	0 0

GET H2	200	favicon.ico auth-cdn.wetransfer.com/assets/images/	28 KB 28 KB	43ms 42ms	Other image/x-icon	13.32.99.125 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://auth-cdn.wetransfer.com/assets/images/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.125 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-125.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash `5981f65aeddede91c5d9900f524c1403334c0ec539dfd643f4ec14bf8bed403d` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://ca71259.tw1.ru/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 22 Jun 2024 15:36:53 GMT via 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront) last-modified Wed, 17 Feb 2021 16:26:01 GMT server AmazonS3 x-amz-cf-pop FRA60-P3 age 83689 etag "0645e49b155ab444261fc713aa430a85" x-cache Hit from cloudfront content-type image/x-icon accept-ranges bytes content-length 28259 x-amz-cf-id e64EuuMBdU64k-4eGJc8y4JjCJu8B6uqC6cqM_UrTViZu5Vz18UI_Q==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: auth-cdn.wetransfer.com
URL: https://auth-cdn.wetransfer.com/assets/fonts/ActiefGrotesque-W-Regular.woff

Domain: auth-cdn.wetransfer.com
URL: https://auth-cdn.wetransfer.com/assets/fonts/GT-Super-WT-Regular.woff

Domain: auth-cdn.wetransfer.com
URL: https://auth-cdn.wetransfer.com/assets/fonts/ActiefGrotesque-W-Medium.woff

Domain: auth-cdn.wetransfer.com
URL: https://auth-cdn.wetransfer.com/assets/fonts/ActiefGrotesque-W-Bd.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://ca71259.tw1.ru/wetransferpro/log.html Message: Access to font at 'https://auth-cdn.wetransfer.com/assets/fonts/ActiefGrotesque-W-Regular.woff' from origin 'https://ca71259.tw1.ru' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://auth-cdn.wetransfer.com/assets/fonts/ActiefGrotesque-W-Regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://ca71259.tw1.ru/wetransferpro/log.html Message: Access to font at 'https://auth-cdn.wetransfer.com/assets/fonts/ActiefGrotesque-W-Medium.woff' from origin 'https://ca71259.tw1.ru' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://auth-cdn.wetransfer.com/assets/fonts/ActiefGrotesque-W-Medium.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://ca71259.tw1.ru/wetransferpro/log.html Message: Access to font at 'https://auth-cdn.wetransfer.com/assets/fonts/ActiefGrotesque-W-Bd.woff' from origin 'https://ca71259.tw1.ru' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://auth-cdn.wetransfer.com/assets/fonts/ActiefGrotesque-W-Bd.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://ca71259.tw1.ru/wetransferpro/log.html Message: Access to font at 'https://auth-cdn.wetransfer.com/assets/fonts/GT-Super-WT-Regular.woff' from origin 'https://ca71259.tw1.ru' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://auth-cdn.wetransfer.com/assets/fonts/GT-Super-WT-Regular.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth-cdn.wetransfer.com
ca71259.tw1.ru
auth-cdn.wetransfer.com
13.32.99.125
2a03:6f00:1::5c35:6079
1f39a1017906d512934d04cef8dbd816ebe0206eab872da92d30fdb554c84a89
26350bef02c0812b33389f4d5336ba0aa3422ad165cd536507b8431a22992582
42c52bdbaa9c00ee5d298c01ccd6399083ff9283156da45904f679542243fe24
444f57ffef64fea7336226b56b97b652becc4c9916c3e5f4cc4732225b007488
5307e034f143bfe21bc9984067511c283789d0d23e78fb0c51d783585a23b74f
5981f65aeddede91c5d9900f524c1403334c0ec539dfd643f4ec14bf8bed403d
6dbba1863bcfe251266f22a6c3b047f788a4851623c58c7b6b750809f0885dad
96be93d1f7c250f6eaf427558e8c039fd63d2cf7920857c7ddea2c690d251184
9fe25d8abe96455f6df6a86e43a7647cdd2c6fc3a9594fdb09911cece95d6b72
cde80e58fff4561911f7397ef39dca6cfd699cf91ae6a205ff0a38b248d9d2d4
d58a7b9518c5f32458eccc39b0cd4c187968697f83fea7bfc56ce0dc21cd5f62
e7bf2df0a16db084dfa378e073c399b14fa4c48e92764bdb5497051f9786ce77
ee958db1974df5de324c9930879a18df6f92c0e95a9fa6e5c4c39c303d4bac87
fd7108379b77e618b1f8e812a72c90338233b88137fe80666d236db4295ed57c

ca71259.tw1.ru Open in urlscan Pro 2a03:6f00:1::5c35:6079 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

14 Requests

71 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

932 kBTransfer

1117 kBSize

0 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

8 Console Messages

Indicators

ca71259.tw1.ru Open in urlscan Pro
2a03:6f00:1::5c35:6079 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

71 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

932 kB
Transfer

1117 kB
Size

0
Cookies

14 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!