tranquil-wetransfer-po.glitch.me Open in urlscan Pro
18.211.208.99 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://tranquil-wetransfer-po.glitch.me/index2.html
Submission: On July 13 via automatic, source phishtank (July 13th 2024, 2:38:54 am UTC) — Scanned from US

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 4 domains to perform 21 HTTP transactions. The main IP is 18.211.208.99, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is tranquil-wetransfer-po.glitch.me.
TLS certificate: Issued by Amazon RSA 2048 M03 on December 4th 2023. Valid for: a year.

This is the only time tranquil-wetransfer-po.glitch.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address	AS Autonomous System
18	18.211.208.99 18.211.208.99	14618 (AMAZON-AES) (AMAZON-AES)
3 3	2606:4700:10:... 2606:4700:10::ac43:8ee	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.101.194.132 151.101.194.132	54113 (FASTLY) (FASTLY)
21	3

18 18.211.208.99 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-211-208-99.compute-1.amazonaws.com

tranquil-wetransfer-po.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
grizzly-elfin-hotel.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::ac43:8ee (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

cutt.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.132 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.glitch.global	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	glitch.me tranquil-wetransfer-po.glitch.me grizzly-elfin-hotel.glitch.me	697 KB
3	cutt.ly 3 redirects cutt.ly — Cisco Umbrella Rank: 50466	658 B
2	glitch.global cdn.glitch.global — Cisco Umbrella Rank: 435075
0	Failed function sub() { [native code] }. Failed
21	4

	Domain	Requested by
15	tranquil-wetransfer-po.glitch.me	tranquil-wetransfer-po.glitch.me
3	grizzly-elfin-hotel.glitch.me	tranquil-wetransfer-po.glitch.me
3	cutt.ly	3 redirects
2	cdn.glitch.global	tranquil-wetransfer-po.glitch.me
0	invalid Failed	tranquil-wetransfer-po.glitch.me
21	5

This site contains no links.

Subject Issuer	Validity	Valid
glitch.com Amazon RSA 2048 M03	`2023-12-04` - `2025-01-01`	a year	crt.sh
cdn.glitch.global R3	`2024-05-30` - `2024-08-28`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://tranquil-wetransfer-po.glitch.me/index2.html
Frame ID: 254D81B59B933DCD6757BCA358B6D5F8
Requests: 8 HTTP requests in this frame

Frame: https://tranquil-wetransfer-po.glitch.me/1.html
Frame ID: FE9E35D3638D30B63B332940E149B7CE
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

21
Requests

81 %
HTTPS

33 %
IPv6

4
Domains

5
Subdomains

3
IPs

1
Countries

697 kB
Transfer

2640 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://cutt.ly/CearQTuV HTTP 301
https://grizzly-elfin-hotel.glitch.me/uiglhijll.css

Request Chain 6

https://cutt.ly/OearJLSg HTTP 301
https://grizzly-elfin-hotel.glitch.me/2.js

Request Chain 10

https://cutt.ly/OearJLSg HTTP 301
https://grizzly-elfin-hotel.glitch.me/2.js

21 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request index2.html Show response
tranquil-wetransfer-po.glitch.me/ 123 KB
123 KB 1224ms
393ms Document
text/html 18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tranquil-wetransfer-po.glitch.me/index2.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 46ca780db78a93144252c2865d0a184d51610ce5e97d97fd5f7a5add20e83cd9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache
content-length: 125718
content-type: text/html; charset=utf-8
date: Sat, 13 Jul 2024 02:38:41 GMT
etag: "84bfc9c5718dd1d5aad43615ede629dd"
last-modified: Thu, 11 Jul 2024 11:15:32 GMT
server: AmazonS3
x-amz-id-2: vXxiWb6UoWgnIbn+6SW0yQmzVqoZI193Vgr9YC2ChudJjDOPt6Euyzv9AQjFcrshesHZqW8kCchG+so8vOtSYc0iB+KV1Zx+xcfiVNWvETk=
x-amz-request-id: 5986NDYK2EGHAYSV
x-amz-server-side-encryption: AES256
x-amz-version-id: v9gEebzWNo3Su4OhbdYw.EF5XWThT2jX

GET
H2 200 1.js Show response
tranquil-wetransfer-po.glitch.me/ 87 KB
88 KB 814ms
813ms Script
application/javascript 18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tranquil-wetransfer-po.glitch.me/1.js
Requested by: Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/index2.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Request headers

Referer: https://tranquil-wetransfer-po.glitch.me/index2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 02:38:42 GMT
x-amz-version-id: VZJ3aN9vOLBDkmH3hgkP6avymPZS7Ez3
last-modified: Thu, 11 Jul 2024 11:15:32 GMT
server: AmazonS3
x-amz-request-id: R966NE2XE45DDY7R
etag: "b6f7093369a0e8b83703914ce731b13c"
x-amz-server-side-encryption: AES256
content-type: application/javascript; charset=utf-8
cache-control: no-cache
accept-ranges: bytes
content-length: 89496
x-amz-id-2: pmsStaNsqnmPrQcPW+8vLvJl8F0M/b0bVDn6ry65rKJYN2L8ikLKrI1Bfu7Maeqg5AvYXkc3OFY=

GET
H2 404 analytics.js.download
tranquil-wetransfer-po.glitch.me/ 0
0 812ms
812ms Script
text/html 18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tranquil-wetransfer-po.glitch.me/analytics.js.download
Requested by: Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/index2.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tranquil-wetransfer-po.glitch.me/index2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 02:38:42 GMT
cache-control: max-age=0
content-length: 3674

GET
H2 404 bWqOLA69nu2fsMi45LjA.js.download
tranquil-wetransfer-po.glitch.me/ 0
0 790ms
789ms Script
text/html 18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tranquil-wetransfer-po.glitch.me/bWqOLA69nu2fsMi45LjA.js.download
Requested by: Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/index2.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tranquil-wetransfer-po.glitch.me/index2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 02:38:42 GMT
cache-control: max-age=0
content-length: 3674

GET
H2 404 gtm.js.download
tranquil-wetransfer-po.glitch.me/ 0
0 791ms
791ms Script
text/html 18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tranquil-wetransfer-po.glitch.me/gtm.js.download
Requested by: Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/index2.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tranquil-wetransfer-po.glitch.me/index2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 02:38:42 GMT
cache-control: max-age=0
content-length: 3674

GET /
invalid/ 0
0

GET
H2

200

uiglhijll.css
grizzly-elfin-hotel.glitch.me/
Redirect Chain

https://cutt.ly/CearQTuV
https://grizzly-elfin-hotel.glitch.me/uiglhijll.css

391 KB
392 KB

1173ms
1170ms

Stylesheet
text/css

18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://grizzly-elfin-hotel.glitch.me/uiglhijll.css
Requested by: Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/index2.html
Protocol: H2
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 7650cccb518dc3993c51d7a477c1676cf331e22856d2a5456178e5dc96f0ac39

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 02:38:44 GMT
x-amz-version-id: Yhs2ZKDwqNm99zLYwHFcOwHW0dcwq5Qx
last-modified: Wed, 19 Jun 2024 14:27:36 GMT
server: AmazonS3
x-amz-request-id: 3P91C3F033VN53AC
etag: "74acefad72f0016dcfb1e747dff5a9a7"
x-amz-server-side-encryption: AES256
content-type: text/css; charset=utf-8
cache-control: no-cache
accept-ranges: bytes
content-length: 400623
x-amz-id-2: QGIrr1Jd1XftFCimWyldIfv7OnQK/DEVTKaAXhXq4X60N8vEjM49igT2Oogh5pO+bP5So0qOwlzFsVyOgDvdhDlyP8jR+DOX

Redirect headers

pragma: no-cache
date: Sat, 13 Jul 2024 02:38:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
referrer-policy: same-origin
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://grizzly-elfin-hotel.glitch.me/uiglhijll.css
cache-control: no-cache, no-store, must-revalidate
cf-ray: 8a25e604de15524b-LAX
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2

200

2.js Show response
grizzly-elfin-hotel.glitch.me/
Redirect Chain

https://cutt.ly/OearJLSg
https://grizzly-elfin-hotel.glitch.me/2.js

76 KB
76 KB

1558ms
1552ms

Script
application/javascript

18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://grizzly-elfin-hotel.glitch.me/2.js
Requested by: Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/index2.html
Protocol: H2
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 7a32a6e4c5e81f0d51cb97466aa442a2342f5ab5c62ff62c3094296fabdda734

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 02:38:44 GMT
x-amz-version-id: RwI8O6lq.h9MsYl5DwI47xJJ41WPEGL6
last-modified: Wed, 19 Jun 2024 14:27:36 GMT
server: AmazonS3
x-amz-request-id: 3P90EZT0E022MFP8
etag: "46d5d43b6f75fd3fe4c0d0db009ed5dd"
x-amz-server-side-encryption: AES256
content-type: application/javascript; charset=utf-8
cache-control: no-cache
accept-ranges: bytes
content-length: 77445
x-amz-id-2: abUSsVAszl6xZ0B8AA8LVwJi0t45uni5lBJtvLYZfRmINYM85HDQVbJkBx2ETDRLX2cCnK2AlhQ=

Redirect headers

pragma: no-cache
date: Sat, 13 Jul 2024 02:38:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
referrer-policy: same-origin
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://grizzly-elfin-hotel.glitch.me/2.js
cache-control: no-cache, no-store, must-revalidate
cf-ray: 8a25e604de18524b-LAX
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 1.html Show response
tranquil-wetransfer-po.glitch.me/ Frame FE9E 13 KB
13 KB 181ms
180ms Document
text/html 18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tranquil-wetransfer-po.glitch.me/1.html
Requested by: Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/index2.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4243ca5d8d034507e2cebd97c6575644739250a99e1f067a42ea2629000638c5

Request headers

Referer: https://tranquil-wetransfer-po.glitch.me/index2.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache
content-length: 13079
content-type: text/html; charset=utf-8
date: Sat, 13 Jul 2024 02:38:49 GMT
etag: "5abe25cbe8a89ae687c481b36fe9c100"
last-modified: Thu, 11 Jul 2024 11:15:32 GMT
server: AmazonS3
x-amz-id-2: xQC0SOaMzrINLtokH2z8LstjvBrN++2cw6VIbJSvk6AanCCgPlzXXBbeV66Q9/OYd40sbQkZUBU=
x-amz-request-id: 8JFRS11XAHKSBMZX
x-amz-server-side-encryption: AES256
x-amz-version-id: TwZq2M_FZ78vdsL8og8gQ9fJmSFinqds

GET
H2 200 1.js Show response
tranquil-wetransfer-po.glitch.me/ Frame FE9E 87 KB
277 B 163ms
159ms Script
application/javascript 18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tranquil-wetransfer-po.glitch.me/1.js
Requested by: Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/1.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Request headers

Referer: https://tranquil-wetransfer-po.glitch.me/1.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 02:38:49 GMT
x-amz-version-id: VZJ3aN9vOLBDkmH3hgkP6avymPZS7Ez3
last-modified: Thu, 11 Jul 2024 11:15:32 GMT
server: AmazonS3
x-amz-request-id: 8JFKPKH4FCHJT4T0
etag: "b6f7093369a0e8b83703914ce731b13c"
x-amz-server-side-encryption: AES256
content-type: application/javascript; charset=utf-8
cache-control: no-cache
accept-ranges: bytes
content-length: 89496
x-amz-id-2: p1QAWLUKSOMoGAOU9pbKqs7LTEZSEEPEWVY4HNx7zdQUjJZXaSdFyzjFF7E/hr/OuO9w4Td4AF0=

GET
H2 404 wallpaper-toolbox-2.css
tranquil-wetransfer-po.glitch.me/ Frame FE9E 0
0 160ms
157ms Stylesheet
text/html 18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tranquil-wetransfer-po.glitch.me/wallpaper-toolbox-2.css
Requested by: Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/1.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tranquil-wetransfer-po.glitch.me/1.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 02:38:49 GMT
cache-control: max-age=0
content-length: 3674

GET
H2

200

2.js Show response
grizzly-elfin-hotel.glitch.me/ Frame FE9E
Redirect Chain

https://cutt.ly/OearJLSg
https://grizzly-elfin-hotel.glitch.me/2.js

76 KB
301 B

164ms
163ms

Script
application/javascript

18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://grizzly-elfin-hotel.glitch.me/2.js
Requested by: Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/1.html
Protocol: H2
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 7a32a6e4c5e81f0d51cb97466aa442a2342f5ab5c62ff62c3094296fabdda734

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 02:38:49 GMT
x-amz-version-id: RwI8O6lq.h9MsYl5DwI47xJJ41WPEGL6
last-modified: Wed, 19 Jun 2024 14:27:36 GMT
server: AmazonS3
x-amz-request-id: 8JFQ1ZATHSJHYAVG
etag: "46d5d43b6f75fd3fe4c0d0db009ed5dd"
x-amz-server-side-encryption: AES256
content-type: application/javascript; charset=utf-8
cache-control: no-cache
accept-ranges: bytes
content-length: 77445
x-amz-id-2: e990t4odWRZaxw2kOSLLpZeGTmfyWRcTO3GZQKG3WJQhISIn51q1ClVYWVfzJOAH8FLX974mmJAjJvcW6gySSPIlAmGlb5sgOZU8qMtJGsc=

Redirect headers

pragma: no-cache
date: Sat, 13 Jul 2024 02:38:49 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
referrer-policy: same-origin
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://grizzly-elfin-hotel.glitch.me/2.js
cache-control: no-cache, no-store, must-revalidate
cf-ray: 8a25e625ee6a524b-LAX
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 404 dom4.js
tranquil-wetransfer-po.glitch.me/ Frame FE9E 0
0 280ms
277ms Script
text/html 18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tranquil-wetransfer-po.glitch.me/dom4.js
Requested by: Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/1.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tranquil-wetransfer-po.glitch.me/1.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 02:38:49 GMT
cache-control: max-age=0
content-length: 3674

GET
H2 404 anime.js
tranquil-wetransfer-po.glitch.me/ Frame FE9E 0
0 161ms
159ms Script
text/html 18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tranquil-wetransfer-po.glitch.me/anime.js
Requested by: Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/1.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tranquil-wetransfer-po.glitch.me/1.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 02:38:49 GMT
cache-control: max-age=0
content-length: 3674

GET
H2 404 wallpaper-api-2.js
tranquil-wetransfer-po.glitch.me/ Frame FE9E 0
0 153ms
151ms Script
text/html 18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tranquil-wetransfer-po.glitch.me/wallpaper-api-2.js
Requested by: Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/1.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tranquil-wetransfer-po.glitch.me/1.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 02:38:49 GMT
cache-control: max-age=0
content-length: 3674

GET
H2 404 wallpaper-toolbox-2.js
tranquil-wetransfer-po.glitch.me/ Frame FE9E 0
0 281ms
279ms Script
text/html 18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tranquil-wetransfer-po.glitch.me/wallpaper-toolbox-2.js
Requested by: Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/1.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tranquil-wetransfer-po.glitch.me/1.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 02:38:49 GMT
cache-control: max-age=0
content-length: 3674

GET
DATA 200
OK truncated
/ Frame FE9E 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cb03f92c07b692ce08005daa5f69a374b6bc2f65e0f5bde64aa1e18499b6e8f9

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 404 next-button.png
tranquil-wetransfer-po.glitch.me/assets/images/ Frame FE9E 4 KB
4 KB 167ms
167ms Image
text/html 18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tranquil-wetransfer-po.glitch.me/assets/images/next-button.png
Requested by: Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/1.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: /
Resource Hash: 2784f6ffefbd5fcae302d112e1629907deed1e36f9c2050ea6d7038eec3f649c

Request headers

Referer: https://tranquil-wetransfer-po.glitch.me/1.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 02:38:49 GMT
cache-control: max-age=0
content-length: 3674

GET
H2 404 DINNextW1G-Bold.woff
tranquil-wetransfer-po.glitch.me/assets/fonts/ Frame FE9E 0
0 165ms
165ms Font
text/html 18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tranquil-wetransfer-po.glitch.me/assets/fonts/DINNextW1G-Bold.woff
Requested by: Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/1.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tranquil-wetransfer-po.glitch.me/1.html
Origin: https://tranquil-wetransfer-po.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 02:38:49 GMT
cache-control: max-age=0
content-length: 3674

GET
H2 404 DINNextW1G-Regular.woff
tranquil-wetransfer-po.glitch.me/assets/fonts/ Frame FE9E 0
0 233ms
233ms Font
text/html 18.211.208.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tranquil-wetransfer-po.glitch.me/assets/fonts/DINNextW1G-Regular.woff
Requested by: Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/1.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.208.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-208-99.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tranquil-wetransfer-po.glitch.me/1.html
Origin: https://tranquil-wetransfer-po.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 02:38:49 GMT
cache-control: max-age=0
content-length: 3674

GET
H2 206 video-04.mp4
cdn.glitch.global/9ed4c623-bd1b-4310-adb3-cf24b8807ba1/ Frame FE9E 1 MB
0 253ms
77ms Media
video/mp4 151.101.194.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.glitch.global/9ed4c623-bd1b-4310-adb3-cf24b8807ba1/video-04.mp4?v=1673277070960

Requested by

Host: tranquil-wetransfer-po.glitch.me
URL: https://tranquil-wetransfer-po.glitch.me/1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.132 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

Referer: https://tranquil-wetransfer-po.glitch.me/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

content-security-policy: script-src 'none'
via: 1.1 varnish, 1.1 varnish
date: Sat, 13 Jul 2024 02:38:49 GMT
x-amz-request-id: V8RHVVG474KBSRPF
age: 383243
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
Content-Range: bytes 0-1862641/1862642
Content-Length: 1862642
x-amz-id-2: lc01e4y+vZ6YGk8XVEmUU5NOoUI8oYHTkcDfpjPxs/oblIYj2r/Q/tqDzYmyD51IFjJ4C/ISAkQ=
x-served-by: cache-iad-kjyo7100122-IAD, cache-lax-kwhp1940053-LAX
last-modified: Mon, 09 Jan 2023 15:11:00 GMT
server: AmazonS3
x-timer: S1720838330.622699,VS0,VE8
etag: "6fd59cf63aa3165809a31a4e64187c8a"
access-control-allow-methods: GET, HEAD, POST
content-type: video/mp4
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 215, 0

GET
H2 206 video-04.mp4
cdn.glitch.global/9ed4c623-bd1b-4310-adb3-cf24b8807ba1/ Frame FE9E 506 KB
0 77ms
77ms Media
video/mp4 151.101.194.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.glitch.global/9ed4c623-bd1b-4310-adb3-cf24b8807ba1/video-04.mp4?v=1673277070960

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.132 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

Referer: https://tranquil-wetransfer-po.glitch.me/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Range: bytes=1304249-

Response headers

content-security-policy: script-src 'none'
via: 1.1 varnish, 1.1 varnish
date: Sat, 13 Jul 2024 02:38:53 GMT
x-amz-request-id: V8RHVVG474KBSRPF
age: 383246
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
Content-Range: bytes 1304249-1862641/1862642
Content-Length: 558393
x-amz-id-2: lc01e4y+vZ6YGk8XVEmUU5NOoUI8oYHTkcDfpjPxs/oblIYj2r/Q/tqDzYmyD51IFjJ4C/ISAkQ=
x-served-by: cache-iad-kjyo7100122-IAD, cache-lax-kwhp1940053-LAX
last-modified: Mon, 09 Jan 2023 15:11:00 GMT
server: AmazonS3
x-timer: S1720838333.026376,VS0,VE3
etag: "6fd59cf63aa3165809a31a4e64187c8a"
access-control-allow-methods: GET, HEAD, POST
content-type: video/mp4
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 215, 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: invalid
URL: chrome-extension://invalid/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: chrome-extension://invalid/ Message: Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
network	error	URL: https://tranquil-wetransfer-po.glitch.me/gtm.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tranquil-wetransfer-po.glitch.me/analytics.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tranquil-wetransfer-po.glitch.me/bWqOLA69nu2fsMi45LjA.js.download Message: Failed to load resource: the server responded with a status of 404 ()
recommendation	verbose	URL: https://tranquil-wetransfer-po.glitch.me/index2.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://tranquil-wetransfer-po.glitch.me/wallpaper-api-2.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tranquil-wetransfer-po.glitch.me/wallpaper-toolbox-2.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tranquil-wetransfer-po.glitch.me/anime.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tranquil-wetransfer-po.glitch.me/dom4.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tranquil-wetransfer-po.glitch.me/wallpaper-toolbox-2.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tranquil-wetransfer-po.glitch.me/assets/images/next-button.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tranquil-wetransfer-po.glitch.me/assets/fonts/DINNextW1G-Bold.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tranquil-wetransfer-po.glitch.me/assets/fonts/DINNextW1G-Regular.woff Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.glitch.global
cutt.ly
grizzly-elfin-hotel.glitch.me
invalid
tranquil-wetransfer-po.glitch.me
invalid
151.101.194.132
18.211.208.99
2606:4700:10::ac43:8ee
2784f6ffefbd5fcae302d112e1629907deed1e36f9c2050ea6d7038eec3f649c
4243ca5d8d034507e2cebd97c6575644739250a99e1f067a42ea2629000638c5
46ca780db78a93144252c2865d0a184d51610ce5e97d97fd5f7a5add20e83cd9
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
7650cccb518dc3993c51d7a477c1676cf331e22856d2a5456178e5dc96f0ac39
7a32a6e4c5e81f0d51cb97466aa442a2342f5ab5c62ff62c3094296fabdda734
cb03f92c07b692ce08005daa5f69a374b6bc2f65e0f5bde64aa1e18499b6e8f9

tranquil-wetransfer-po.glitch.me Open in urlscan Pro 18.211.208.99 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

21 Requests

81 %HTTPS

33 %IPv6

4 Domains

5 Subdomains

3 IPs

1 Countries

697 kBTransfer

2640 kBSize

0 Cookies

0 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

25 JavaScript Global Variables

0 Cookies

13 Console Messages

Indicators

tranquil-wetransfer-po.glitch.me Open in urlscan Pro
18.211.208.99 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

81 %
HTTPS

33 %
IPv6

4
Domains

5
Subdomains

3
IPs

1
Countries

697 kB
Transfer

2640 kB
Size

0
Cookies

21 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!