Report - pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html

Report Overview

Visited public
2024-09-01 11:47:22
Tags
wetransfer phishing financial suspicious
Submit Tags
URL
pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Finishing URL
pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
IP / ASN
104.18.2.35
#13335 CLOUDFLARENET
Title
WeTransfer
Phishing - WeTransfer
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2024-08-31 23:31:58	1.0 kB	49 kB	151.101.130.137
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2024-08-31 18:30:27	1.1 kB	14 kB	104.17.25.14
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-08-31 18:27:47	650 B	1.4 kB	142.250.74.131
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18 02:37:31	2024-08-31 19:36:04	533 B	45 kB	104.18.10.207
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-08-31 18:12:11	1.3 kB	3.6 kB	23.36.76.226
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-08-31 18:12:11	1.3 kB	3.6 kB	23.33.119.57
pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev	unknown	unknown	No data	No data	4.9 kB	277 kB	104.18.3.35
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2024-08-31 18:16:33	465 B	1.6 kB	151.101.129.229
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2024-09-01 00:59:17	458 B	31 kB	142.250.74.42
prod-cdn.wetransfer.net	25787	2009-02-02	2018-10-23 10:53:42	2024-08-30 16:34:48	2.3 kB	150 kB	54.240.174.87
storageapi.fleek.co	533726	2020-03-06	2020-05-08 11:42:37	2024-04-17 16:16:45	1.5 kB	574 kB	104.18.7.145
stackpath.bootstrapcdn.com	2467	2012-05-25	2018-06-15 22:36:43	2024-08-31 18:14:05	1.4 kB	156 kB	104.18.10.207
mk2-b4c8d3.ingress-earth.ewp.live	unknown	2022-05-26	2022-08-12 13:46:38	2024-03-16 06:42:03	2.2 kB	83 kB	63.250.43.128

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-08-31	medium	pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html	WeTransfer

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-09-01	medium	pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev	Sinkholed
2024-09-01	medium	pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev	Sinkholed
2024-09-01	medium	pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev	Sinkholed
2024-09-01	medium	pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev	Sinkholed
2024-09-01	medium	pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev	Sinkholed
2024-09-01	medium	pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev	Sinkholed
2024-09-01	medium	pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev	Sinkholed
2024-09-01	medium	pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev	Sinkholed
2024-09-01	medium	pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev	Sinkholed
2024-09-01	medium	pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	ScriptElement	49 kB	2023-03-07	2025-07-22
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-22 06:16 Times Seen84263 Hash 14d449eb8876fa55e1ef3c2cc52b0c17 a9545831803b1359cfeed47e3b4d6bae68e40e99 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Loading...

	pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html	ScriptElement	1.4 kB	2024-09-20	2024-09-20
Pretty URL pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html IP 104.18.3.35 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-20 20:04 Last Seen2024-09-20 20:04 Times Seen1 Hash c47e59e21de0a4186372eee60e08baf2 3d55961bc5ca2e4946178ab58a06a59a45f31956 ffc1e3df6cf64153acb7e7c7128e82b4e24cc841e0f36ccd450dce233f89b6c8 Loading...

	pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html	ScriptElement	177 B	2023-03-07	2025-07-10
Pretty URL pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html IP 104.18.3.35 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:52 Last Seen2025-07-10 12:45 Times Seen51 Hash e9c60c0e35d34060648ce34e2c08cbd1 396a4cb2f4b6cdca078b788d5c9df56765bc70ab 697a30b89a2de98bfe0890e0e6ce173658463499ce877a3df9221b797559c928 Loading...

	stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	ScriptElement	51 kB	2023-03-07	2025-07-22
Pretty URL stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-22 06:28 Times Seen106652 Hash 67176c242e1bdc20603c878dee836df3 27a71b00383d61ef3c489326b3564d698fc1227c 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Loading...

	code.jquery.com/jquery-3.2.1.slim.min.js	ScriptElement	70 kB	2023-03-07	2025-07-22
Pretty URL code.jquery.com/jquery-3.2.1.slim.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-22 06:16 Times Seen64990 Hash 5f48fc77cac90c4778fa24ec9c57f37d 9e89d1515bc4c371b86f4cb1002fd8e377c1829f 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398 Loading...

	pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html	ScriptElement	2.3 kB	2024-09-20	2024-09-20
Pretty URL pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html IP 104.18.3.35 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-20 20:04 Last Seen2024-09-20 20:04 Times Seen1 Hash d861e8024b53388d4628f9aec07c59f6 18f566ec9f42325ab55ef717e69c6d99046603aa de98f373c8bc21596a3d546a2c162ca4f3d2c51b803f106593d6733d5c9ae5e9 Loading...

	cdn.jsdelivr.net/npm/jquery.session@1.0.0/jquery.session.min.js	ScriptElement	2.3 kB	2024-05-14	2025-07-21
Pretty URL cdn.jsdelivr.net/npm/jquery.session@1.0.0/jquery.session.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-14 07:40 Last Seen2025-07-21 19:08 Times Seen674 Hash a30f101a180426e08a6b68b5705810f9 4bfa1d6a701f2dc8f34bfbb5237c978a799171c0 35e38c13207686ff7836fb1a81e55beffc957037981ca72e663973ba300616af Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	ScriptElement	19 kB	2023-03-07	2025-07-22
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-22 06:16 Times Seen83303 Hash 70d3fda195602fe8b75e0097eed74dde c3b977aa4b8dfb69d651e07015031d385ded964b a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66 Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js	ScriptElement	86 kB	2023-03-07	2025-07-22
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-22 06:54 Times Seen189913 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

HTTP Transactions (41)

URL IP Response Size

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9af7a8cd532ef5aaf31ca93238520c04
f072b79c778c47733bbd3377e03f716ecdfc14ea
36e32e96e96ff13975dfb765119ad431a8a3bedc9cdd8f16bbe7460664ee177c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "36E32E96E96FF13975DFB765119AD431A8A3BEDC9CDD8F16BBE7460664EE177C"
Last-Modified: Sat, 31 Aug 2024 21:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6346
Expires: Sun, 01 Sep 2024 13:32:40 GMT
Date: Sun, 01 Sep 2024 11:46:54 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
404e3e4520c09fcce1358b1a21f6b171
040aa03460f3d7ec6f75cae0bf5a462a4bb9798d
f6fc34acb6b2d60bb37dd5caf92b0988cdd52927d80d1f5e7bc23b7db9e8209a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F6FC34ACB6B2D60BB37DD5CAF92B0988CDD52927D80D1F5E7BC23B7DB9E8209A"
Last-Modified: Sat, 31 Aug 2024 00:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10620
Expires: Sun, 01 Sep 2024 14:43:54 GMT
Date: Sun, 01 Sep 2024 11:46:54 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
a69a40edecaf5262aa4492b7259eb1dd
8241174bc1b8840baf20b3ce2950114dbb539871
a89a6e1e8de96ae61eb24e9a672d112a1b8f8f28f583a5335bc744a6b43fc7ac

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A89A6E1E8DE96AE61EB24E9A672D112A1B8F8F28F583A5335BC744A6B43FC7AC"
Last-Modified: Sat, 31 Aug 2024 02:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13126
Expires: Sun, 01 Sep 2024 15:25:41 GMT
Date: Sun, 01 Sep 2024 11:46:55 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9d2c063731a46a7e1548540195080de0
dd1924ebf7697509a10f3f07604f28f96b4fc498
0d414ed4850119c53fae9ddd19ee1dd95783fd08f7389c3e8ec95215023e298e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0D414ED4850119C53FAE9DDD19EE1DD95783FD08F7389C3E8EC95215023E298E"
Last-Modified: Sat, 31 Aug 2024 02:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15327
Expires: Sun, 01 Sep 2024 16:02:22 GMT
Date: Sun, 01 Sep 2024 11:46:55 GMT
Connection: keep-alive

GET pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html

104.18.3.35

200 OK

30 kB

URL User Request GET HTTP/1.1
pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
IP
104.18.3.35:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint5C:19:05:54:CB:1D:39:D0:1E:C7:12:0E:9F:91:C4:38:3B:B6:02:A8
ValidityThu, 01 Aug 2024 14:00:11 GMT - Wed, 30 Oct 2024 14:00:10 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (7989), with CRLF line terminators
Size
30 kB (30082 bytes)
Hash
568382cbb8229c9c6455d82657edec14
53661589de90b057617b809ae2fa2122fd81e01b
677394819b762a7368817e442aeec009e9cfb21146a6234b0b4c9cdcf12edc7e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer
urlquery	suspicious	Suspicious - Suspicious Javascript code
OpenPhish	phishing	WeTransfer
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wetransfer.html HTTP/1.1
Host: pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 01 Sep 2024 11:46:55 GMT
Content-Type: text/html
Content-Length: 30082
Connection: keep-alive
Accept-Ranges: bytes
ETag: "568382cbb8229c9c6455d82657edec14"
Last-Modified: Sun, 04 Aug 2024 18:30:32 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8bc505c9bb13b50b-OSL

GET cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

104.17.25.14

200 OK

6.2 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:EC:C6:E9:D9:C1:6D:05:88:6E:33:AF:3B:E7:7B:86:81:20:66:CA
ValidityWed, 31 Jul 2024 04:16:10 GMT - Tue, 29 Oct 2024 04:16:09 GMT

File type
JavaScript source, ASCII text, with very long lines (19015)
Size
6.2 kB (6157 bytes)
Hash
70d3fda195602fe8b75e0097eed74dde
c3b977aa4b8dfb69d651e07015031d385ded964b
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

HTTP Headers

GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 01 Sep 2024 11:46:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 6157
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3945300
expires: Fri, 22 Aug 2025 11:46:56 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fjVBNlHT88VpMo8aQ8400icy6jVbeoAZnzdaF%2F6rImI80NMdfTeL5p1HczqdGT6rDGGdyTke6KiuKEav%2BPpFln%2B39LwP3%2FHUtU1zOqyTN%2B7dzRHCMBtbSqI5MdGXrtJG%2FECOECg9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8bc505ce8fdf0b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-3.2.1.slim.min.js

151.101.130.137

200 OK

24 kB

URL GET HTTP/2
code.jquery.com/jquery-3.2.1.slim.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32012)
Size
24 kB (23856 bytes)
Hash
5f48fc77cac90c4778fa24ec9c57f37d
9e89d1515bc4c371b86f4cb1002fd8e377c1829f
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

HTTP Headers

GET /jquery-3.2.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-10fdd"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 01 Sep 2024 11:46:56 GMT
age: 2952807
x-served-by: cache-lga21963-LGA, cache-hel1410031-HEL
x-cache: HIT, HIT
x-cache-hits: 38, 112474
x-timer: S1725191216.457950,VS0,VE0
vary: Accept-Encoding
content-length: 23856
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
769939c6037566445fc83e83332cdb61
028f3bd0b70917fe7aae3afd003d74fff6e61829
cf8f4d32427796c8c9decb0e7136e8672fcd988e96b2e54de2c5345a7e28ffb5

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 01 Sep 2024 11:46:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET cdn.jsdelivr.net/npm/jquery.session@1.0.0/jquery.session.min.js

151.101.129.229

200 OK

834 B

URL GET HTTP/2
cdn.jsdelivr.net/npm/jquery.session@1.0.0/jquery.session.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
ASCII text, with very long lines (1991)
Size
834 B (834 bytes)
Hash
a30f101a180426e08a6b68b5705810f9
4bfa1d6a701f2dc8f34bfbb5237c978a799171c0
35e38c13207686ff7836fb1a81e55beffc957037981ca72e663973ba300616af

HTTP Headers

GET /npm/jquery.session@1.0.0/jquery.session.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.0.0
x-jsd-version-type: version
etag: W/"918-S/odanAfLcjzS/u1I3yXinmRccA"
content-encoding: br
accept-ranges: bytes
date: Sun, 01 Sep 2024 11:46:56 GMT
age: 2887389
x-served-by: cache-fra-eddf8230025-FRA, cache-hel1410031-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 834
X-Firefox-Spdy: h2

GET prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Medium-293e86f0.woff

54.240.174.87

200 OK

32 kB

URL GET HTTP/2
prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Medium-293e86f0.woff
IP
54.240.174.87:443
ASN
#16509 AMAZON-02

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerAmazon
Subjectwetransfer.net
FingerprintFD:ED:AE:7A:BA:58:67:74:23:94:24:09:F9:37:BB:B5:A6:87:0E:CF
ValiditySun, 30 Jun 2024 00:00:00 GMT - Tue, 29 Jul 2025 23:59:59 GMT

File type
Web Open Font Format, TrueType, length 32124, version 1.6554
Size
32 kB (32124 bytes)
Hash
868aedeefe7669e8a4f7196f7df5d058
45bd20ef2c6b717a2526efd98a01207979b2a623
d8700b022ef56752cd12ff224b3f409e84aeb8a43ac68ba052167096baf46555

HTTP Headers

GET /packs/media/actiefgrotesque/ActiefGrotesque_W_Medium-293e86f0.woff HTTP/1.1
Host: prod-cdn.wetransfer.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
Origin: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: font/woff
content-length: 32124
date: Sat, 31 Aug 2024 20:37:49 GMT
last-modified: Thu, 21 Dec 2023 14:25:54 GMT
etag: "868aedeefe7669e8a4f7196f7df5d058"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -k6dOGwYch672ubBocRFbc-OQmuQpXuO2lU4eRxFXtageeNkR3xSBw==
age: 54548
X-Firefox-Spdy: h2

GET pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/gtm.js

104.18.3.35

404 Not Found

27 kB

URL GET HTTP/1.1
pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/gtm.js
IP
104.18.3.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint5C:19:05:54:CB:1D:39:D0:1E:C7:12:0E:9F:91:C4:38:3B:B6:02:A8
ValidityThu, 01 Aug 2024 14:00:11 GMT - Wed, 30 Oct 2024 14:00:10 GMT

File type
HTML document, ASCII text, with very long lines (611)
Size
27 kB (27150 bytes)
Hash
46dd133ee00dc1bae5e4eeba7b88432f
8af86a4ac91ce48c062216fb94a6e1d57618a19b
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/gtm.js HTTP/1.1
Host: pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 01 Sep 2024 11:46:56 GMT
Content-Type: text/html
Content-Length: 27150
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8bc505cddda6b50b-OSL

GET prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Regular-1f437876.woff

54.240.174.87

200 OK

31 kB

URL GET HTTP/2
prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Regular-1f437876.woff
IP
54.240.174.87:443
ASN
#16509 AMAZON-02

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerAmazon
Subjectwetransfer.net
FingerprintFD:ED:AE:7A:BA:58:67:74:23:94:24:09:F9:37:BB:B5:A6:87:0E:CF
ValiditySun, 30 Jun 2024 00:00:00 GMT - Tue, 29 Jul 2025 23:59:59 GMT

File type
Web Open Font Format, TrueType, length 31120, version 1.6554
Size
31 kB (31120 bytes)
Hash
57cbbfdafc43e0deecc75a309dd042c6
b9cc2ff331b8520706de175f5b3fdba6731a9bfc
a9117f16bdaa64c953b303bef951dfca6316ef59f1b7ca72d5b946b1d815f6a6

HTTP Headers

GET /packs/media/actiefgrotesque/ActiefGrotesque_W_Regular-1f437876.woff HTTP/1.1
Host: prod-cdn.wetransfer.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
Origin: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: font/woff
content-length: 31120
date: Sat, 31 Aug 2024 20:37:49 GMT
last-modified: Thu, 21 Dec 2023 14:25:54 GMT
etag: "57cbbfdafc43e0deecc75a309dd042c6"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Tezs4jA_oS0C3MGj0IJLvCDTlCDJSeEjOwT0YyMLfGCpoPPervtfQQ==
age: 54548
X-Firefox-Spdy: h2

GET ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

142.250.74.42

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint67:2C:47:03:FC:2F:6C:04:CD:B8:61:4D:97:F1:C4:EA:71:E9:9E:11
ValidityMon, 05 Aug 2024 07:18:20 GMT - Mon, 28 Oct 2024 07:18:19 GMT

File type
JavaScript source, ASCII text, with very long lines (32065)
Size
30 kB (30028 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 30 Aug 2024 02:31:12 GMT
expires: Sat, 30 Aug 2025 02:31:12 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 206144
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET prod-cdn.wetransfer.net/packs/media/gt-super-wt/GT-Super-WT-Super-1b214df1.woff

54.240.174.87

200 OK

43 kB

URL GET HTTP/2
prod-cdn.wetransfer.net/packs/media/gt-super-wt/GT-Super-WT-Super-1b214df1.woff
IP
54.240.174.87:443
ASN
#16509 AMAZON-02

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerAmazon
Subjectwetransfer.net
FingerprintFD:ED:AE:7A:BA:58:67:74:23:94:24:09:F9:37:BB:B5:A6:87:0E:CF
ValiditySun, 30 Jun 2024 00:00:00 GMT - Tue, 29 Jul 2025 23:59:59 GMT

File type
Web Open Font Format, TrueType, length 43188, version 0.0
Size
43 kB (43188 bytes)
Hash
55576599a2d772f9297c5036d355b1fb
c52e4f9a59137105deb12a3de25ee7d5a15fd286
1e3d5d86432b9bfcdf25ce0e35fd23667cea86f6fa71fa920cd84abb70258f73

HTTP Headers

GET /packs/media/gt-super-wt/GT-Super-WT-Super-1b214df1.woff HTTP/1.1
Host: prod-cdn.wetransfer.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
Origin: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: font/woff
content-length: 43188
date: Sat, 31 Aug 2024 20:37:49 GMT
last-modified: Thu, 21 Dec 2023 14:25:55 GMT
etag: "55576599a2d772f9297c5036d355b1fb"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: DvykyUB_YMUQZgXw9VJMWjJKuCHvgHrIKkyFH0FgYl_A-jH7E8Qo3A==
age: 54548
X-Firefox-Spdy: h2

GET pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/sp.js

104.18.2.35

404 Not Found

27 kB

URL GET HTTP/1.1
pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/sp.js
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint5C:19:05:54:CB:1D:39:D0:1E:C7:12:0E:9F:91:C4:38:3B:B6:02:A8
ValidityThu, 01 Aug 2024 14:00:11 GMT - Wed, 30 Oct 2024 14:00:10 GMT

File type
HTML document, ASCII text, with very long lines (611)
Size
27 kB (27150 bytes)
Hash
46dd133ee00dc1bae5e4eeba7b88432f
8af86a4ac91ce48c062216fb94a6e1d57618a19b
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/sp.js HTTP/1.1
Host: pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 01 Sep 2024 11:46:56 GMT
Content-Type: text/html
Content-Length: 27150
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8bc505ceaec4712e-OSL

GET pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/en-de295c39cb769807d9fa.js

104.18.2.35

404 Not Found

27 kB

URL GET HTTP/1.1
pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/en-de295c39cb769807d9fa.js
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint5C:19:05:54:CB:1D:39:D0:1E:C7:12:0E:9F:91:C4:38:3B:B6:02:A8
ValidityThu, 01 Aug 2024 14:00:11 GMT - Wed, 30 Oct 2024 14:00:10 GMT

File type
HTML document, ASCII text, with very long lines (611)
Size
27 kB (27150 bytes)
Hash
46dd133ee00dc1bae5e4eeba7b88432f
8af86a4ac91ce48c062216fb94a6e1d57618a19b
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/en-de295c39cb769807d9fa.js HTTP/1.1
Host: pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 01 Sep 2024 11:46:56 GMT
Content-Type: text/html
Content-Length: 27150
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8bc505cedcfc5693-OSL

GET pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/en-0d65947306b8b68f172b.js

104.18.2.35

404 Not Found

27 kB

URL GET HTTP/1.1
pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/en-0d65947306b8b68f172b.js
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint5C:19:05:54:CB:1D:39:D0:1E:C7:12:0E:9F:91:C4:38:3B:B6:02:A8
ValidityThu, 01 Aug 2024 14:00:11 GMT - Wed, 30 Oct 2024 14:00:10 GMT

File type
HTML document, ASCII text, with very long lines (611)
Size
27 kB (27150 bytes)
Hash
46dd133ee00dc1bae5e4eeba7b88432f
8af86a4ac91ce48c062216fb94a6e1d57618a19b
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/en-0d65947306b8b68f172b.js HTTP/1.1
Host: pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 01 Sep 2024 11:46:56 GMT
Content-Type: text/html
Content-Length: 27150
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8bc505cedbd51c0a-OSL

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
769939c6037566445fc83e83332cdb61
028f3bd0b70917fe7aae3afd003d74fff6e61829
cf8f4d32427796c8c9decb0e7136e8672fcd988e96b2e54de2c5345a7e28ffb5

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 01 Sep 2024 11:46:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/gtm.js

104.18.3.35

404 Not Found

27 kB

URL GET HTTP/1.1
pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/gtm.js
IP
104.18.3.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint5C:19:05:54:CB:1D:39:D0:1E:C7:12:0E:9F:91:C4:38:3B:B6:02:A8
ValidityThu, 01 Aug 2024 14:00:11 GMT - Wed, 30 Oct 2024 14:00:10 GMT

File type
HTML document, ASCII text, with very long lines (611)
Size
27 kB (27150 bytes)
Hash
46dd133ee00dc1bae5e4eeba7b88432f
8af86a4ac91ce48c062216fb94a6e1d57618a19b
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/gtm.js HTTP/1.1
Host: pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
DNT: 1
Connection: keep-alive
Cookie: __session:0.8517108894109687:=https:
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 01 Sep 2024 11:46:57 GMT
Content-Type: text/html
Content-Length: 27150
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8bc505d11c86b50b-OSL

GET pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/en-0d65947306b8b68f172b.js

104.18.2.35

404 Not Found

27 kB

URL GET HTTP/1.1
pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/en-0d65947306b8b68f172b.js
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint5C:19:05:54:CB:1D:39:D0:1E:C7:12:0E:9F:91:C4:38:3B:B6:02:A8
ValidityThu, 01 Aug 2024 14:00:11 GMT - Wed, 30 Oct 2024 14:00:10 GMT

File type
HTML document, ASCII text, with very long lines (611)
Size
27 kB (27150 bytes)
Hash
46dd133ee00dc1bae5e4eeba7b88432f
8af86a4ac91ce48c062216fb94a6e1d57618a19b
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/en-0d65947306b8b68f172b.js HTTP/1.1
Host: pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
DNT: 1
Connection: keep-alive
Cookie: __session:0.8517108894109687:=https:
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 01 Sep 2024 11:46:57 GMT
Content-Type: text/html
Content-Length: 27150
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8bc505d11a695693-OSL

GET pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/sp.js

104.18.2.35

404 Not Found

27 kB

URL GET HTTP/1.1
pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/sp.js
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint5C:19:05:54:CB:1D:39:D0:1E:C7:12:0E:9F:91:C4:38:3B:B6:02:A8
ValidityThu, 01 Aug 2024 14:00:11 GMT - Wed, 30 Oct 2024 14:00:10 GMT

File type
HTML document, ASCII text, with very long lines (611)
Size
27 kB (27150 bytes)
Hash
46dd133ee00dc1bae5e4eeba7b88432f
8af86a4ac91ce48c062216fb94a6e1d57618a19b
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/sp.js HTTP/1.1
Host: pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
DNT: 1
Connection: keep-alive
Cookie: __session:0.8517108894109687:=https:
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 01 Sep 2024 11:46:57 GMT
Content-Type: text/html
Content-Length: 27150
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8bc505d11be4712e-OSL

GET storageapi.fleek.co/f32f51ce-f1e7-4668-9cba-12beeb431209-bucket/hun.png

104.18.7.145

200 OK

8.6 kB

URL GET HTTP/2
storageapi.fleek.co/f32f51ce-f1e7-4668-9cba-12beeb431209-bucket/hun.png
IP
104.18.7.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerCloudflare, Inc.
Subjectfleek.co
FingerprintBD:C3:14:20:96:F3:3B:08:04:17:AB:CB:46:08:C4:4F:D4:40:61:1F
ValidityMon, 29 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Size
8.6 kB (8618 bytes)
Hash
ca6d67e60f758d352745329b283e8f32
2487459838dbd7705ddd0f4c1913e506058e8c78
8593ddf29f1159a2aeda0a0e4de911aa1715b3b181c0f21e3ecd9d71904153d1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer

HTTP Headers

GET /f32f51ce-f1e7-4668-9cba-12beeb431209-bucket/hun.png HTTP/1.1
Host: storageapi.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 01 Sep 2024 11:46:57 GMT
content-type: image/png
content-length: 8618
content-security-policy: block-all-mixed-content
etag: "bafybeicrnvebplp755oy4x4ularviuevbdu7qop6t67ihpufxjt27ssla4"
last-modified: Sun, 04 Dec 2022 17:02:58 GMT
vary: Origin, Accept-Encoding
x-amz-request-id: 17F0A59276282E49
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
expires: Sun, 01 Sep 2024 15:46:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
server: cloudflare
cf-ray: 8bc505cee965b4fd-OSL
X-Firefox-Spdy: h2

GET storageapi.fleek.co/f32f51ce-f1e7-4668-9cba-12beeb431209-bucket/download.png

104.18.7.145

200 OK

13 kB

URL GET HTTP/2
storageapi.fleek.co/f32f51ce-f1e7-4668-9cba-12beeb431209-bucket/download.png
IP
104.18.7.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerCloudflare, Inc.
Subjectfleek.co
FingerprintBD:C3:14:20:96:F3:3B:08:04:17:AB:CB:46:08:C4:4F:D4:40:61:1F
ValidityMon, 29 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Size
13 kB (13096 bytes)
Hash
49d4041b8e7e375f3e2950a9738bc59b
cd3dc4e38ce48e26df8f216503d6027bfbd22378
1d6f06c578fbe919beec761b4b1f7d75445753b0db44ead4039bd71e4c3c098e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer

HTTP Headers

GET /f32f51ce-f1e7-4668-9cba-12beeb431209-bucket/download.png HTTP/1.1
Host: storageapi.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 01 Sep 2024 11:46:57 GMT
content-type: image/png
content-length: 13096
content-security-policy: block-all-mixed-content
etag: "bafybeifyv3ndg2kvpanmyerd5o6vix4abldyqbshsv6fz5nmpv4pu4ydre"
last-modified: Sun, 04 Dec 2022 17:01:21 GMT
vary: Origin, Accept-Encoding
x-amz-request-id: 17F0A592B9755EED
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
expires: Sun, 01 Sep 2024 15:46:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
server: cloudflare
cf-ray: 8bc505cee96bb4fd-OSL
X-Firefox-Spdy: h2

GET pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/en-de295c39cb769807d9fa.js

104.18.3.35

404 Not Found

27 kB

URL GET HTTP/1.1
pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/en-de295c39cb769807d9fa.js
IP
104.18.3.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint5C:19:05:54:CB:1D:39:D0:1E:C7:12:0E:9F:91:C4:38:3B:B6:02:A8
ValidityThu, 01 Aug 2024 14:00:11 GMT - Wed, 30 Oct 2024 14:00:10 GMT

File type
HTML document, ASCII text, with very long lines (611)
Size
27 kB (27150 bytes)
Hash
46dd133ee00dc1bae5e4eeba7b88432f
8af86a4ac91ce48c062216fb94a6e1d57618a19b
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/en-de295c39cb769807d9fa.js HTTP/1.1
Host: pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
DNT: 1
Connection: keep-alive
Cookie: __session:0.8517108894109687:=https:
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 01 Sep 2024 11:46:57 GMT
Content-Type: text/html
Content-Length: 27150
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8bc505d2af9db50b-OSL

GET code.jquery.com/jquery-3.2.1.slim.min.js

151.101.130.137

200 OK

24 kB

URL GET HTTP/2
code.jquery.com/jquery-3.2.1.slim.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32012)
Size
24 kB (23856 bytes)
Hash
5f48fc77cac90c4778fa24ec9c57f37d
9e89d1515bc4c371b86f4cb1002fd8e377c1829f
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

HTTP Headers

GET /jquery-3.2.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
Origin: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-10fdd"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 01 Sep 2024 11:46:57 GMT
age: 2952808
x-served-by: cache-lga21963-LGA, cache-hel1410031-HEL
x-cache: HIT, HIT
x-cache-hits: 38, 112475
x-timer: S1725191217.355517,VS0,VE0
vary: Accept-Encoding
content-length: 23856
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

104.17.25.14

200 OK

6.2 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:EC:C6:E9:D9:C1:6D:05:88:6E:33:AF:3B:E7:7B:86:81:20:66:CA
ValidityWed, 31 Jul 2024 04:16:10 GMT - Tue, 29 Oct 2024 04:16:09 GMT

File type
JavaScript source, ASCII text, with very long lines (19015)
Size
6.2 kB (6157 bytes)
Hash
70d3fda195602fe8b75e0097eed74dde
c3b977aa4b8dfb69d651e07015031d385ded964b
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

HTTP Headers

GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
Origin: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 01 Sep 2024 11:46:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 6157
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3945301
expires: Fri, 22 Aug 2025 11:46:57 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tRbD3kWPLYNRnW7CB7K%2F9PxYKrbuRnceKsXCNJX9U99yM78n4ivgQrAwxPQYFVl00a8EfmF9B8LQ2s2ooL%2F%2B%2F80ZPis2tj6kqjsiwk97bHTs9BaAlHgU5SODmWF%2F9ozmaDEwhOyP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8bc505d4ea930b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/0.txt

104.18.2.35

404 Not Found

27 kB

URL GET HTTP/1.1
pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/css/0.txt
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint5C:19:05:54:CB:1D:39:D0:1E:C7:12:0E:9F:91:C4:38:3B:B6:02:A8
ValidityThu, 01 Aug 2024 14:00:11 GMT - Wed, 30 Oct 2024 14:00:10 GMT

File type
HTML document, ASCII text, with very long lines (611)
Size
27 kB (27150 bytes)
Hash
46dd133ee00dc1bae5e4eeba7b88432f
8af86a4ac91ce48c062216fb94a6e1d57618a19b
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/0.txt HTTP/1.1
Host: pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 01 Sep 2024 11:46:57 GMT
Content-Type: text/html
Content-Length: 27150
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8bc505d37ba21c0a-OSL

GET maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

104.18.10.207

200 OK

44 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
FingerprintBE:14:2A:D4:32:CD:FF:FE:ED:79:48:4F:5C:7B:C4:52:09:C8:58:96
ValidityTue, 23 Jul 2024 01:50:30 GMT - Mon, 21 Oct 2024 01:50:29 GMT

File type
JavaScript source, ASCII text, with very long lines (48664)
Size
44 kB (44454 bytes)
Hash
14d449eb8876fa55e1ef3c2cc52b0c17
a9545831803b1359cfeed47e3b4d6bae68e40e99
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

HTTP Headers

GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
Origin: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 01 Sep 2024 11:46:57 GMT
content-type: application/javascript; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 03/18/2024 12:46:36
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1048
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 019ed0f897945b676273fa45278416e2
cdn-cache: HIT
cf-cache-status: HIT
age: 1
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8bc505d5196656c0-OSL
alt-svc: h3=":443"; ma=86400

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
20c9eec1ed6a0f3c730b021493b9e3ec
9f241af1cf1513631da05ffbaede6bcd16e93571
0b2e4962ad211e7e6f6382c7fd9e05fcfc046cad9d26eccd1ef9c7d94ce3cfcf

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0B2E4962AD211E7E6F6382C7FD9E05FCFC046CAD9D26ECCD1EF9C7D94CE3CFCF"
Last-Modified: Sat, 31 Aug 2024 02:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13458
Expires: Sun, 01 Sep 2024 15:31:15 GMT
Date: Sun, 01 Sep 2024 11:46:57 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
20c9eec1ed6a0f3c730b021493b9e3ec
9f241af1cf1513631da05ffbaede6bcd16e93571
0b2e4962ad211e7e6f6382c7fd9e05fcfc046cad9d26eccd1ef9c7d94ce3cfcf

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0B2E4962AD211E7E6F6382C7FD9E05FCFC046CAD9D26ECCD1EF9C7D94CE3CFCF"
Last-Modified: Sat, 31 Aug 2024 02:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13458
Expires: Sun, 01 Sep 2024 15:31:15 GMT
Date: Sun, 01 Sep 2024 11:46:57 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
20c9eec1ed6a0f3c730b021493b9e3ec
9f241af1cf1513631da05ffbaede6bcd16e93571
0b2e4962ad211e7e6f6382c7fd9e05fcfc046cad9d26eccd1ef9c7d94ce3cfcf

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0B2E4962AD211E7E6F6382C7FD9E05FCFC046CAD9D26ECCD1EF9C7D94CE3CFCF"
Last-Modified: Sat, 31 Aug 2024 02:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13458
Expires: Sun, 01 Sep 2024 15:31:15 GMT
Date: Sun, 01 Sep 2024 11:46:57 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
20c9eec1ed6a0f3c730b021493b9e3ec
9f241af1cf1513631da05ffbaede6bcd16e93571
0b2e4962ad211e7e6f6382c7fd9e05fcfc046cad9d26eccd1ef9c7d94ce3cfcf

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0B2E4962AD211E7E6F6382C7FD9E05FCFC046CAD9D26ECCD1EF9C7D94CE3CFCF"
Last-Modified: Sat, 31 Aug 2024 02:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13458
Expires: Sun, 01 Sep 2024 15:31:15 GMT
Date: Sun, 01 Sep 2024 11:46:57 GMT
Connection: keep-alive

GET prod-cdn.wetransfer.net/packs/media/images/favicon-a34a7465.ico

54.240.174.87

200 OK

42 kB

URL GET HTTP/2
prod-cdn.wetransfer.net/packs/media/images/favicon-a34a7465.ico
IP
54.240.174.87:443
ASN
#16509 AMAZON-02

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerAmazon
Subjectwetransfer.net
FingerprintFD:ED:AE:7A:BA:58:67:74:23:94:24:09:F9:37:BB:B5:A6:87:0E:CF
ValiditySun, 30 Jun 2024 00:00:00 GMT - Tue, 29 Jul 2025 23:59:59 GMT

File type
MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
Size
42 kB (41566 bytes)
Hash
692e1c7339c359b6412f059c9c9a0474
e7c1a53dca16b7664880e5b8a92524cf9a47fb62
d12161435ace47c6883360e08466508593325f134c1852b1d0e6e75d5f76adda

HTTP Headers

GET /packs/media/images/favicon-a34a7465.ico HTTP/1.1
Host: prod-cdn.wetransfer.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
content-length: 41566
date: Wed, 27 Mar 2024 01:09:01 GMT
last-modified: Thu, 21 Dec 2023 14:25:56 GMT
etag: "692e1c7339c359b6412f059c9c9a0474"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TPmTyv-SuJlbXzhKtHwggnMj-BQgB2ATDNyV7zdoHKpBw-B5tF2wvA==
age: 13689478
X-Firefox-Spdy: h2

GET stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

104.18.10.207

200 OK

51 kB

URL GET HTTP/3
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
FingerprintBE:14:2A:D4:32:CD:FF:FE:ED:79:48:4F:5C:7B:C4:52:09:C8:58:96
ValidityTue, 23 Jul 2024 01:50:30 GMT - Mon, 21 Oct 2024 01:50:29 GMT

File type
JavaScript source, ASCII text, with very long lines (50758)
Size
51 kB (51039 bytes)
Hash
67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

HTTP Headers

GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 01 Sep 2024 11:46:56 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: gzip
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 11/15/2021 23:30:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: a35b0179a28ed953258d0fb41376a09c
cdn-cache: HIT
cf-cache-status: HIT
age: 6927163
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8bc505d0986b56c0-OSL
alt-svc: h3=":443"; ma=86400

GET stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

104.18.10.207

200 OK

51 kB

URL GET HTTP/3
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
FingerprintBE:14:2A:D4:32:CD:FF:FE:ED:79:48:4F:5C:7B:C4:52:09:C8:58:96
ValidityTue, 23 Jul 2024 01:50:30 GMT - Mon, 21 Oct 2024 01:50:29 GMT

File type
JavaScript source, ASCII text, with very long lines (50758)
Size
51 kB (51039 bytes)
Hash
67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

HTTP Headers

GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 01 Sep 2024 11:46:57 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: gzip
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 11/15/2021 23:30:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: a35b0179a28ed953258d0fb41376a09c
cdn-cache: HIT
cf-cache-status: HIT
age: 6927164
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8bc505d5caae56c0-OSL
alt-svc: h3=":443"; ma=86400

GET mk2-b4c8d3.ingress-earth.ewp.live/packs/media/actiefgrotesque/ActiefGrotesque_W_Regular-1f437876.woff

63.250.43.128

404 Not Found

29 kB

URL GET HTTP/2
mk2-b4c8d3.ingress-earth.ewp.live/packs/media/actiefgrotesque/ActiefGrotesque_W_Regular-1f437876.woff
IP
63.250.43.128:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerSectigo Limited
Subject*.ingress-earth.ewp.live
Fingerprint19:EA:22:E2:5B:93:2F:19:37:C8:EF:8A:37:0C:C3:BC:94:95:1A:3A
ValidityTue, 30 Apr 2024 00:00:00 GMT - Sat, 31 May 2025 23:59:59 GMT

File type

Size
29 kB (29358 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /packs/media/actiefgrotesque/ActiefGrotesque_W_Regular-1f437876.woff HTTP/1.1
Host: mk2-b4c8d3.ingress-earth.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://storageapi.fleek.co/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
content-type: text/html
date: Sun, 01 Sep 2024 11:46:57 GMT
X-Firefox-Spdy: h2

GET mk2-b4c8d3.ingress-earth.ewp.live/packs/media/actiefgrotesque/ActiefGrotesque_W_Bd-1bdd99f9.woff

63.250.43.128

404 Not Found

49 kB

URL GET HTTP/2
mk2-b4c8d3.ingress-earth.ewp.live/packs/media/actiefgrotesque/ActiefGrotesque_W_Bd-1bdd99f9.woff
IP
63.250.43.128:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerSectigo Limited
Subject*.ingress-earth.ewp.live
Fingerprint19:EA:22:E2:5B:93:2F:19:37:C8:EF:8A:37:0C:C3:BC:94:95:1A:3A
ValidityTue, 30 Apr 2024 00:00:00 GMT - Sat, 31 May 2025 23:59:59 GMT

File type

Size
49 kB (48954 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /packs/media/actiefgrotesque/ActiefGrotesque_W_Bd-1bdd99f9.woff HTTP/1.1
Host: mk2-b4c8d3.ingress-earth.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://storageapi.fleek.co/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
content-type: text/html
date: Sun, 01 Sep 2024 11:46:57 GMT
X-Firefox-Spdy: h2

GET storageapi.fleek.co/f32f51ce-f1e7-4668-9cba-12beeb431209-bucket/style.css

104.18.7.145

200 OK

550 kB

URL GET HTTP/2
storageapi.fleek.co/f32f51ce-f1e7-4668-9cba-12beeb431209-bucket/style.css
IP
104.18.7.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerCloudflare, Inc.
Subjectfleek.co
FingerprintBD:C3:14:20:96:F3:3B:08:04:17:AB:CB:46:08:C4:4F:D4:40:61:1F
ValidityMon, 29 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (62633), with CRLF line terminators
Size
550 kB (550422 bytes)
Hash
b768aa242361c5e86611270e8b506e40
36144a2f2da64d4089552ec8632824d5a39dff96
0167aeb8b557995a880328158eb451adbfd06c68c01971d2cb17b437de6bdd31

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer

HTTP Headers

GET /f32f51ce-f1e7-4668-9cba-12beeb431209-bucket/style.css HTTP/1.1
Host: storageapi.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 01 Sep 2024 11:46:57 GMT
content-type: text/css
content-security-policy: block-all-mixed-content
etag: W/"bafybeid5rmdoscnnmwcen52z7u6l4x2bin3hnh75flm4qlkno6wse32yge"
last-modified: Sun, 04 Dec 2022 16:38:08 GMT
vary: Origin, Accept-Encoding
x-amz-request-id: 17F0DF4045E57160
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
expires: Sun, 01 Sep 2024 15:46:57 GMT
cache-control: public, max-age=14400
server: cloudflare
cf-ray: 8bc505cee95bb4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

GET mk2-b4c8d3.ingress-earth.ewp.live/packs/media/images/globe-dd3d31e7.svg

63.250.43.128

404 Not Found

0 B

URL GET HTTP/2
mk2-b4c8d3.ingress-earth.ewp.live/packs/media/images/globe-dd3d31e7.svg
IP
63.250.43.128:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerSectigo Limited
Subject*.ingress-earth.ewp.live
Fingerprint19:EA:22:E2:5B:93:2F:19:37:C8:EF:8A:37:0C:C3:BC:94:95:1A:3A
ValidityTue, 30 Apr 2024 00:00:00 GMT - Sat, 31 May 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /packs/media/images/globe-dd3d31e7.svg HTTP/1.1
Host: mk2-b4c8d3.ingress-earth.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://storageapi.fleek.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
content-type: text/html
date: Sun, 01 Sep 2024 11:46:57 GMT
X-Firefox-Spdy: h2

GET mk2-b4c8d3.ingress-earth.ewp.live/packs/media/actiefgrotesque/ActiefGrotesque_W_Medium-293e86f0.woff

63.250.43.128

404 Not Found

4.1 kB

URL GET HTTP/2
mk2-b4c8d3.ingress-earth.ewp.live/packs/media/actiefgrotesque/ActiefGrotesque_W_Medium-293e86f0.woff
IP
63.250.43.128:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerSectigo Limited
Subject*.ingress-earth.ewp.live
Fingerprint19:EA:22:E2:5B:93:2F:19:37:C8:EF:8A:37:0C:C3:BC:94:95:1A:3A
ValidityTue, 30 Apr 2024 00:00:00 GMT - Sat, 31 May 2025 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (4127), with no line terminators
Size
4.1 kB (4090 bytes)
Hash
3bc7042f51be978212505b743241dd51
c66db2c22710ef9bb7638b834d6fbb8ecf8d1012
9bef3c6bd00f2b0d06752684d62c4c4136597f307fa811597a3b26b282f8c935

HTTP Headers

GET /packs/media/actiefgrotesque/ActiefGrotesque_W_Medium-293e86f0.woff HTTP/1.1
Host: mk2-b4c8d3.ingress-earth.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://storageapi.fleek.co/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
content-type: text/html
date: Sun, 01 Sep 2024 11:46:57 GMT
X-Firefox-Spdy: h2

GET stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

104.18.11.207

200 OK

51 kB

URL GET HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/wetransfer.html
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
FingerprintBE:14:2A:D4:32:CD:FF:FE:ED:79:48:4F:5C:7B:C4:52:09:C8:58:96
ValidityTue, 23 Jul 2024 01:50:30 GMT - Mon, 21 Oct 2024 01:50:29 GMT

File type
JavaScript source, ASCII text, with very long lines (50758)
Size
51 kB (51039 bytes)
Hash
67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

HTTP Headers

GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-7d4c6aec82aa44968bf9a96ce56d8deb.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 01 Sep 2024 11:46:56 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: gzip
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 11/15/2021 23:30:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: a35b0179a28ed953258d0fb41376a09c
cdn-cache: HIT
cf-cache-status: HIT
age: 6927163
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8bc505cf0e57569b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (41)

URL

IP

ASN