user-wetranfer-download.glitch.me Open in urlscan Pro
52.3.67.232 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://user-wetranfer-download.glitch.me/index.html?email=a@a.c
Submission: On July 06 via automatic, source openphish (July 6th 2022, 1:20:48 pm UTC) — Scanned from DE

Summary HTTP 26 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 26 HTTP transactions. The main IP is 52.3.67.232, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is user-wetranfer-download.glitch.me.

This is the only time user-wetranfer-download.glitch.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address	AS Autonomous System
4	52.3.67.232 52.3.67.232	14618 (AMAZON-AES) (AMAZON-AES)
20	52.201.197.170 52.201.197.170	14618 (AMAZON-AES) (AMAZON-AES)
1	143.204.89.18 143.204.89.18	16509 (AMAZON-02) (AMAZON-02)
26	4

4 52.3.67.232 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-3-67-232.compute-1.amazonaws.com

user-wetranfer-download.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fifth-rune-chasmosaurus.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 52.201.197.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-201-197-170.compute-1.amazonaws.com

solar-efficient-subway.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.89.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-89-18.fra50.r.cloudfront.net

backgrounds.wetransfer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	glitch.me user-wetranfer-download.glitch.me solar-efficient-subway.glitch.me fifth-rune-chasmosaurus.glitch.me	541 KB
1	wetransfer.net backgrounds.wetransfer.net — Cisco Umbrella Rank: 17777	225 KB
0	Failed function sub() { [native code] }. Failed
26	3

	Domain	Requested by
20	solar-efficient-subway.glitch.me	user-wetranfer-download.glitch.me solar-efficient-subway.glitch.me
3	fifth-rune-chasmosaurus.glitch.me	user-wetranfer-download.glitch.me
1	backgrounds.wetransfer.net	solar-efficient-subway.glitch.me
1	user-wetranfer-download.glitch.me
0	fdcgdnkidjaadafnichfpabhfomcebme Failed	user-wetranfer-download.glitch.me
26	5

This site contains links to these domains. Also see Links.

Domain
fifth-rune-chasmosaurus.glitch.me

Subject Issuer	Validity	Valid
glitch.com Amazon	`2022-02-01` - `2023-03-02`	a year	crt.sh
wetransfer.net Amazon	`2022-06-13` - `2023-07-12`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://user-wetranfer-download.glitch.me/index.html?email=a@a.c
Frame ID: A692E69E5BEBFC543F21644EF6ED4BE3
Requests: 12 HTTP requests in this frame

Frame: https://solar-efficient-subway.glitch.me/bg.html
Frame ID: F255DA796E922BA494551B92EF52AB96
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WeTransfer

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

26
Requests

92 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

4
IPs

1
Countries

766 kB
Transfer

764 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://fifth-rune-chasmosaurus.glitch.me/
Title: Help

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.html Show response user-wetranfer-download.glitch.me/	124 KB 125 KB	377ms 261ms	Document text/html	52.3.67.232 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://user-wetranfer-download.glitch.me/index.html?email=a@a.c Protocol HTTP/1.1 Server 52.3.67.232 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-3-67-232.compute-1.amazonaws.com Software AmazonS3 / Resource Hash `bcd591d00e882f52adc2c5a160e4b38e3ac7002a66fc743b2218b1566ec0da25` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Length 127098 Content-Type text/html; charset=utf-8 Date Wed, 06 Jul 2022 13:20:41 GMT accept-ranges bytes cache-control no-cache etag "160bda5ed6482e13c8c8c1c5cabdbf5e" last-modified Tue, 05 Jul 2022 23:50:50 GMT server AmazonS3 x-amz-id-2 psrlfJw7G+Rnat6CAv6vbrBdY1EIcQCPq2cIXytl71g4RTXyt+G4B+/JGGtsEremxDmrDf56gYY= x-amz-request-id 6RFF0FV5AK82BJKN x-amz-version-id mLPQ5kwAwAVFee0ODjVQaJcD.CPtRKjP
GET H2	404	1.js.download solar-efficient-subway.glitch.me/	0 0	322ms 122ms	Script text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/1.js.download Requested by Host: user-wetranfer-download.glitch.me URL: http://user-wetranfer-download.glitch.me/index.html?email=a@a.c Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://user-wetranfer-download.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:41 GMT cache-control max-age=0 content-length 3672
GET H2	403	/ fifth-rune-chasmosaurus.glitch.me/	0 0	343ms 112ms	Script text/html	52.3.67.232 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://fifth-rune-chasmosaurus.glitch.me/ Requested by Host: user-wetranfer-download.glitch.me URL: http://user-wetranfer-download.glitch.me/index.html?email=a@a.c Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.3.67.232 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-3-67-232.compute-1.amazonaws.com Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://user-wetranfer-download.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers
GET H2	404	analytics.js.download solar-efficient-subway.glitch.me/	0 0	393ms 215ms	Script text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/analytics.js.download Requested by Host: user-wetranfer-download.glitch.me URL: http://user-wetranfer-download.glitch.me/index.html?email=a@a.c Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://user-wetranfer-download.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:41 GMT cache-control max-age=0 content-length 3672
GET H2	404	bWqOLA69nu2fsMi45LjA.js.download solar-efficient-subway.glitch.me/	0 0	367ms 189ms	Script text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/bWqOLA69nu2fsMi45LjA.js.download Requested by Host: user-wetranfer-download.glitch.me URL: http://user-wetranfer-download.glitch.me/index.html?email=a@a.c Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://user-wetranfer-download.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:41 GMT cache-control max-age=0 content-length 3672
GET H2	404	gtm.js.download solar-efficient-subway.glitch.me/	0 0	309ms 131ms	Script text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/gtm.js.download Requested by Host: user-wetranfer-download.glitch.me URL: http://user-wetranfer-download.glitch.me/index.html?email=a@a.c Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://user-wetranfer-download.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:41 GMT cache-control max-age=0 content-length 3672
GET		webrtc-patch.js fdcgdnkidjaadafnichfpabhfomcebme/scripts/	0 0

GET DATA	200 OK	truncated /	483 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b0a8bd74d2a1ff5ccd5a18c2d054a74b9b260258861a358b5faddc4f8a62f703` Request headers accept-language de-DE,de;q=0.9 Referer http://user-wetranfer-download.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Content-Type image/png
GET H2	200	application-bd95c1c273b3b6f2c6b24f2eaeeaef30be54981e5727d3ac981a5e003b93d6a6.css solar-efficient-subway.glitch.me/	391 KB 392 KB	189ms 189ms	Stylesheet text/css	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/application-bd95c1c273b3b6f2c6b24f2eaeeaef30be54981e5727d3ac981a5e003b93d6a6.css Requested by Host: user-wetranfer-download.glitch.me URL: http://user-wetranfer-download.glitch.me/index.html?email=a@a.c Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software AmazonS3 / Resource Hash `7650cccb518dc3993c51d7a477c1676cf331e22856d2a5456178e5dc96f0ac39` Request headers accept-language de-DE,de;q=0.9 Referer http://user-wetranfer-download.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:41 GMT last-modified Tue, 05 Jul 2022 23:41:40 GMT server AmazonS3 x-amz-request-id 6RF359YYB6Q9CNXD etag "74acefad72f0016dcfb1e747dff5a9a7" content-type text/css; charset=utf-8 cache-control no-cache content-length 400623 accept-ranges bytes x-amz-version-id oWorlqeMQeryA7F0LPEVE_jbCzrjHjL1 x-amz-id-2 3Tvm26r+qi9PQoIZscWxbRWoSsdEf9edNPP8cUK4ZRAg4FVvGoYxDikgAchLFN5oo9Hw3fUQ9Jk=
GET H2	404	2.js.download solar-efficient-subway.glitch.me/	0 0	119ms 118ms	Script text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/2.js.download Requested by Host: user-wetranfer-download.glitch.me URL: http://user-wetranfer-download.glitch.me/index.html?email=a@a.c Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://user-wetranfer-download.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:41 GMT cache-control max-age=0 content-length 3672
GET H2	403	/ fifth-rune-chasmosaurus.glitch.me/	0 0	102ms 102ms	Image text/html	52.3.67.232 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://fifth-rune-chasmosaurus.glitch.me/ Requested by Host: user-wetranfer-download.glitch.me URL: http://user-wetranfer-download.glitch.me/index.html?email=a@a.c Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.3.67.232 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-3-67-232.compute-1.amazonaws.com Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer http://user-wetranfer-download.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers
GET H2	200	bg.html Show response solar-efficient-subway.glitch.me/ Frame F255	19 KB 19 KB	162ms 161ms	Document text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/bg.html Requested by Host: user-wetranfer-download.glitch.me URL: http://user-wetranfer-download.glitch.me/index.html?email=a@a.c Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software AmazonS3 / Resource Hash `5d41e432d793277cb3fe672386c3665ac839de9a5b1858c9c593c24bad6a5765` Request headers Referer http://user-wetranfer-download.glitch.me/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes cache-control no-cache content-length 19440 content-type text/html; charset=utf-8 date Wed, 06 Jul 2022 13:20:42 GMT etag "6af91eadda8d921a755684b66b718137" last-modified Tue, 05 Jul 2022 23:41:40 GMT server AmazonS3 x-amz-id-2 r7k1udgh9t2qL7zMOOAaOu7+M4QrERLHz9SlPEkExXh+ScAoeIBuRaNLZ9gs3pDBuoF2b4bRwgg= x-amz-request-id HMM9QC9BG78M088T x-amz-version-id m4ZR4aohogqVp5BEWcSWakaFxh.Bs.zz
GET H2	403	/ fifth-rune-chasmosaurus.glitch.me/	0 0	103ms 102ms	Image text/html	52.3.67.232 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://fifth-rune-chasmosaurus.glitch.me/ Requested by Host: user-wetranfer-download.glitch.me URL: http://user-wetranfer-download.glitch.me/index.html?email=a@a.c Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.3.67.232 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-3-67-232.compute-1.amazonaws.com Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer http://user-wetranfer-download.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers
GET H2	404	1.js.download solar-efficient-subway.glitch.me/ Frame F255	0 0	120ms 118ms	Script text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/1.js.download Requested by Host: solar-efficient-subway.glitch.me URL: https://solar-efficient-subway.glitch.me/bg.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://solar-efficient-subway.glitch.me/bg.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:42 GMT cache-control max-age=0 content-length 3672
GET H2	200	wallpaper-toolbox-2.1.0.css solar-efficient-subway.glitch.me/ Frame F255	5 KB 5 KB	146ms 144ms	Stylesheet text/css	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/wallpaper-toolbox-2.1.0.css Requested by Host: solar-efficient-subway.glitch.me URL: https://solar-efficient-subway.glitch.me/bg.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software AmazonS3 / Resource Hash `05a86484ed4d67184b3ddb0cf1f4919fec585e3fcc7e55fc3bb0e07aa8d3405e` Request headers accept-language de-DE,de;q=0.9 Referer https://solar-efficient-subway.glitch.me/bg.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:42 GMT last-modified Tue, 05 Jul 2022 23:41:40 GMT server AmazonS3 x-amz-request-id HMMANM1HNVJZE953 etag "80bb446907915ef63892d28fdc4c27c5" content-type text/css; charset=utf-8 cache-control no-cache content-length 5170 accept-ranges bytes x-amz-version-id NecihVOt4HwklvCFLzhHrRzAglQTUP2. x-amz-id-2 mVNVuxiJnUfXb7nVfFjOVkobZUefqm+ApweNbnqNj4twJRYdHjh8CyStNfJdneLxIwb5f5q0Oj4=
GET H2	404	css solar-efficient-subway.glitch.me/ Frame F255	0 0	129ms 127ms	Stylesheet text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/css Requested by Host: solar-efficient-subway.glitch.me URL: https://solar-efficient-subway.glitch.me/bg.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://solar-efficient-subway.glitch.me/bg.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:42 GMT cache-control max-age=0 content-length 3672
GET H2	404	2.js.download solar-efficient-subway.glitch.me/ Frame F255	0 0	132ms 132ms	Script text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/2.js.download Requested by Host: solar-efficient-subway.glitch.me URL: https://solar-efficient-subway.glitch.me/bg.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://solar-efficient-subway.glitch.me/bg.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:42 GMT cache-control max-age=0 content-length 3672
GET H2	404	wallpaper-api-2.2.2.js.download solar-efficient-subway.glitch.me/ Frame F255	0 0	354ms 353ms	Script text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/wallpaper-api-2.2.2.js.download Requested by Host: solar-efficient-subway.glitch.me URL: https://solar-efficient-subway.glitch.me/bg.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://solar-efficient-subway.glitch.me/bg.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:42 GMT cache-control max-age=0 content-length 3672
GET H2	404	wallpaper-toolbox-2.1.0.js.download solar-efficient-subway.glitch.me/ Frame F255	0 0	150ms 149ms	Script text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/wallpaper-toolbox-2.1.0.js.download Requested by Host: solar-efficient-subway.glitch.me URL: https://solar-efficient-subway.glitch.me/bg.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://solar-efficient-subway.glitch.me/bg.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:42 GMT cache-control max-age=0 content-length 3672
GET H2	404	jquery-3.3.1.slim.min.js.download solar-efficient-subway.glitch.me/ Frame F255	0 0	140ms 139ms	Script text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/jquery-3.3.1.slim.min.js.download Requested by Host: solar-efficient-subway.glitch.me URL: https://solar-efficient-subway.glitch.me/bg.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software / Resource Hash Request headers Referer https://solar-efficient-subway.glitch.me/bg.html Origin https://solar-efficient-subway.glitch.me accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:42 GMT cache-control max-age=0 content-length 3672
GET H2	404	1.js solar-efficient-subway.glitch.me/ Frame F255	0 0	133ms 133ms	Script text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/1.js Requested by Host: solar-efficient-subway.glitch.me URL: https://solar-efficient-subway.glitch.me/bg.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://solar-efficient-subway.glitch.me/bg.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:42 GMT cache-control max-age=0 content-length 3672
GET H2	404	2.js solar-efficient-subway.glitch.me/ Frame F255	0 0	130ms 130ms	Script text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/2.js Requested by Host: solar-efficient-subway.glitch.me URL: https://solar-efficient-subway.glitch.me/bg.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://solar-efficient-subway.glitch.me/bg.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:42 GMT cache-control max-age=0 content-length 3672
GET H2	200	3312782b93d0f4d87d46d98cd14962f9..jpg backgrounds.wetransfer.net/wallpaper-wizard/production/wallpapers/1000193/assets/wallpaper310120131149/background/ Frame F255	224 KB 225 KB	46ms 16ms	Image image/jpeg	143.204.89.18 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://backgrounds.wetransfer.net/wallpaper-wizard/production/wallpapers/1000193/assets/wallpaper310120131149/background/3312782b93d0f4d87d46d98cd14962f9..jpg Requested by Host: solar-efficient-subway.glitch.me URL: https://solar-efficient-subway.glitch.me/bg.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.89.18 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-89-18.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash `88c4471adf77367e53b6f4098c40011171601f844a49f23a0043a8c8c635882e` Request headers accept-language de-DE,de;q=0.9 Referer https://solar-efficient-subway.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:37 GMT via 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront) last-modified Fri, 31 Jan 2020 13:46:13 GMT server AmazonS3 age 6 etag "32c6decbdb2b355cf96a5d6aebb0a1cb" vary Accept-Encoding x-cache Hit from cloudfront x-amz-cf-pop FRA50-C1 accept-ranges bytes content-length 229607 x-amz-cf-id tJAZ8tEfWXifyS5flPVvaDm6nF7fj48dKnqDC6f_ZFouVLIrOxRkFw==
GET H2	404	css solar-efficient-subway.glitch.me/ Frame F255	0 0	128ms 128ms	Stylesheet text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/css Requested by Host: solar-efficient-subway.glitch.me URL: https://solar-efficient-subway.glitch.me/bg.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://solar-efficient-subway.glitch.me/bg.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:42 GMT cache-control max-age=0 content-length 3672
GET H2	404	wallpaper-api-2.2.2.js.download solar-efficient-subway.glitch.me/ Frame F255	0 0	116ms 114ms	Script text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/wallpaper-api-2.2.2.js.download Requested by Host: solar-efficient-subway.glitch.me URL: https://solar-efficient-subway.glitch.me/bg.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://solar-efficient-subway.glitch.me/bg.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:42 GMT cache-control max-age=0 content-length 3672
GET H2	404	wallpaper-toolbox-2.1.0.js.download solar-efficient-subway.glitch.me/ Frame F255	0 0	166ms 166ms	Script text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/wallpaper-toolbox-2.1.0.js.download Requested by Host: solar-efficient-subway.glitch.me URL: https://solar-efficient-subway.glitch.me/bg.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://solar-efficient-subway.glitch.me/bg.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:42 GMT cache-control max-age=0 content-length 3672
GET H2	404	jquery-3.3.1.slim.min.js.download solar-efficient-subway.glitch.me/ Frame F255	0 0	134ms 133ms	Script text/html	52.201.197.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://solar-efficient-subway.glitch.me/jquery-3.3.1.slim.min.js.download Requested by Host: solar-efficient-subway.glitch.me URL: https://solar-efficient-subway.glitch.me/bg.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.201.197.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-201-197-170.compute-1.amazonaws.com Software / Resource Hash Request headers Referer https://solar-efficient-subway.glitch.me/bg.html Origin https://solar-efficient-subway.glitch.me accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 13:20:43 GMT cache-control max-age=0 content-length 3672

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fdcgdnkidjaadafnichfpabhfomcebme
URL: chrome-extension://fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

21 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: chrome-extension://fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: https://solar-efficient-subway.glitch.me/1.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://solar-efficient-subway.glitch.me/gtm.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://fifth-rune-chasmosaurus.glitch.me/ Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://solar-efficient-subway.glitch.me/bWqOLA69nu2fsMi45LjA.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://fifth-rune-chasmosaurus.glitch.me/ Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://solar-efficient-subway.glitch.me/analytics.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://solar-efficient-subway.glitch.me/2.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://fifth-rune-chasmosaurus.glitch.me/ Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://solar-efficient-subway.glitch.me/1.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://solar-efficient-subway.glitch.me/css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://solar-efficient-subway.glitch.me/2.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://solar-efficient-subway.glitch.me/2.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://solar-efficient-subway.glitch.me/1.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://solar-efficient-subway.glitch.me/jquery-3.3.1.slim.min.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://solar-efficient-subway.glitch.me/wallpaper-toolbox-2.1.0.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://solar-efficient-subway.glitch.me/wallpaper-api-2.2.2.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://solar-efficient-subway.glitch.me/css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://solar-efficient-subway.glitch.me/wallpaper-api-2.2.2.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://solar-efficient-subway.glitch.me/wallpaper-toolbox-2.1.0.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://solar-efficient-subway.glitch.me/jquery-3.3.1.slim.min.js.download Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

backgrounds.wetransfer.net
fdcgdnkidjaadafnichfpabhfomcebme
fifth-rune-chasmosaurus.glitch.me
solar-efficient-subway.glitch.me
user-wetranfer-download.glitch.me
fdcgdnkidjaadafnichfpabhfomcebme
143.204.89.18
52.201.197.170
52.3.67.232
05a86484ed4d67184b3ddb0cf1f4919fec585e3fcc7e55fc3bb0e07aa8d3405e
5d41e432d793277cb3fe672386c3665ac839de9a5b1858c9c593c24bad6a5765
7650cccb518dc3993c51d7a477c1676cf331e22856d2a5456178e5dc96f0ac39
88c4471adf77367e53b6f4098c40011171601f844a49f23a0043a8c8c635882e
b0a8bd74d2a1ff5ccd5a18c2d054a74b9b260258861a358b5faddc4f8a62f703
bcd591d00e882f52adc2c5a160e4b38e3ac7002a66fc743b2218b1566ec0da25
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

user-wetranfer-download.glitch.me Open in urlscan Pro 52.3.67.232 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

26 Requests

92 %HTTPS

0 %IPv6

3 Domains

5 Subdomains

4 IPs

1 Countries

766 kBTransfer

764 kBSize

0 Cookies

1 Outgoing links

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

0 Cookies

21 Console Messages

user-wetranfer-download.glitch.me Open in urlscan Pro
52.3.67.232 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

92 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

4
IPs

1
Countries

766 kB
Transfer

764 kB
Size

0
Cookies

26 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!