transfer13.temp.swtest.ru
Open in
urlscan Pro
77.222.56.111
Malicious Activity!
Public Scan
Effective URL: http://transfer13.temp.swtest.ru/wise/login/fbs/
Submission: On December 20 via manual from DE — Scanned from DE
Summary
This is the only time transfer13.temp.swtest.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wise (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 35.186.245.55 35.186.245.55 | 15169 (GOOGLE) (GOOGLE) | |
1 14 | 77.222.56.111 77.222.56.111 | 44112 (SWEB-AS) (SWEB-AS) | |
1 1 | 104.16.41.16 104.16.41.16 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.18.30.50 104.18.30.50 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
15 | 4 |
ASN15169 (GOOGLE, US)
PTR: 55.245.186.35.bc.googleusercontent.com
tatteredellipticalarchitect.soviharejela.repl.co |
ASN44112 (SWEB-AS, RU)
PTR: vh291.sweb.ru
gejata7030.temp.swtest.ru | |
transfer13.temp.swtest.ru |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
swtest.ru
1 redirects
gejata7030.temp.swtest.ru transfer13.temp.swtest.ru |
63 KB |
1 |
wise.com
wise.com |
160 KB |
1 |
transferwise.com
1 redirects
transferwise.com |
552 B |
1 |
repl.co
tatteredellipticalarchitect.soviharejela.repl.co |
416 B |
15 | 4 |
Domain | Requested by | |
---|---|---|
13 | transfer13.temp.swtest.ru |
1 redirects
transfer13.temp.swtest.ru
|
1 | wise.com |
transfer13.temp.swtest.ru
|
1 | transferwise.com | 1 redirects |
1 | gejata7030.temp.swtest.ru |
tatteredellipticalarchitect.soviharejela.repl.co
|
1 | tatteredellipticalarchitect.soviharejela.repl.co | |
15 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
soviharejela.repl.co R3 |
2021-12-20 - 2022-03-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://transfer13.temp.swtest.ru/wise/login/fbs/
Frame ID: 1596BD273D9AEC2686D55E295181BB1B
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
TransferWise - LoginPage URL History Show full URLs
- https://tatteredellipticalarchitect.soviharejela.repl.co/ Page URL
- http://gejata7030.temp.swtest.ru/wise/wise.html Page URL
-
http://transfer13.temp.swtest.ru/wise/login/fbs
HTTP 301
http://transfer13.temp.swtest.ru/wise/login/fbs/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://tatteredellipticalarchitect.soviharejela.repl.co/ Page URL
- http://gejata7030.temp.swtest.ru/wise/wise.html Page URL
-
http://transfer13.temp.swtest.ru/wise/login/fbs
HTTP 301
http://transfer13.temp.swtest.ru/wise/login/fbs/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://transferwise.com/assets/login/roof.jpg HTTP 301
- https://wise.com/assets/login/roof.jpg
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
tatteredellipticalarchitect.soviharejela.repl.co/ |
206 B 416 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wise.html
gejata7030.temp.swtest.ru/wise/ |
92 B 365 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
transfer13.temp.swtest.ru/wise/login/fbs/ Redirect Chain
|
7 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
transfer13.temp.swtest.ru/wise/login/fbs/css/ |
248 KB 44 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
another.css
transfer13.temp.swtest.ru/wise/login/fbs/css/ |
77 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
roof.jpg
wise.com/assets/login/ Redirect Chain
|
159 KB 160 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
433 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
417 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
640 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TW-Averta-Bold-0ba8a14820a94bbecfeb5c043ddfd409.woff2
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TW-Averta-Regular-68f06d694edcfab46fe56aaa33f07cf2.woff2
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TW-Averta-Semibold-e0037ebb1d64dbfb4521af1ae0ec656b.woff2
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TW-Averta-Regular-d19822d886630bdb27029ccc068057c5.woff
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TW-Averta-Bold-fc3e4a7ec72f95c49514fe7112878854.woff
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TW-Averta-Regular-cfc5d4b830a3857c2365834792aeb698.ttf
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TW-Averta-Semibold-1d6d0aa41e2fb4b0073132359b508d13.woff
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TW-Averta-Bold-227bddcf6067a5fcebe19653694a358c.ttf
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TW-Averta-Semibold-acd8b3778d5a69f36f11e6b9f1e44058.ttf
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wise (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.transferwise.com/ | Name: __cf_bm Value: zqGANaKfT88sBKqFd1YYh83W5m76Z.o9N3ItJTkVnO0-1640002754-0-AT4MSKFgzIhW2nUQEKoQwDSROxa/QhYFyDCBnMI7Tt/Nsw8UIO6T5a+Xe/ZifTfhYy9c0fGBaf5+YePbBhK/Nuc= |
|
.wise.com/ | Name: __cf_bm Value: OoYDMbiz8Mkiwk8w5s_P7NIrF0tYf72OZB6VWMx3qas-1640002754-0-AcwT7Rp6LAUziizllr+T6YXQlhsAiHbHJH2ZPkH4LPhLeVhhP8bMHX/O8dArdEgT9nm8GLClq//MSrhQ0jsjkpMWe2+2Gyvm931q6JPOOzEg |
9 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=7763320; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
gejata7030.temp.swtest.ru
tatteredellipticalarchitect.soviharejela.repl.co
transfer13.temp.swtest.ru
transferwise.com
wise.com
104.16.41.16
104.18.30.50
35.186.245.55
77.222.56.111
042e08ce5a48b76e3e639d8b507d1f24cdf850981e303978e518f676e55ccde3
0af4cfe38f3225c17047c84f24f9661faea33214db2e984b2ac0ae6384f5e855
16dda0331d978757e75dfca7d9d091c053139ebffd0e3f3af9322bff8ef10cdd
6d9eec67bbbc1166613d3374bc4a525bc778ad94ea7d547659d5d6d822a0ae4b
90d6281e201564268ac285eb97962fffc8a6d3214791d2e2865c95321057d7ce
a776652f608c53fcbde2ff9f424b5628ed720e285acf4dd152b91d4926368981
c887f82d761cb10403d0f14cfdc40a5d08c32635b14ddd0c98a501183ef8f522
dc7d7b639c8a558e06957a008ba8e021da6dd57bff8c895af72a276a21e67bb4
f294d3eb7b694513f2dc61c9be59b04238f55463989186ef159d0fc586e460b6
f600662751ab0ea0e120784241252398c43d832a3f8aa48a2a84c9d9b2dc90e7