transfer13.temp.swtest.ru Open in urlscan Pro
77.222.56.111 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://tatteredellipticalarchitect.soviharejela.repl.co/
Effective URL:
http://transfer13.temp.swtest.ru/wise/login/fbs/
Submission: On December 20 via manual (December 20th 2021, 12:19:19 pm UTC) from DE — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 15 HTTP transactions. The main IP is 77.222.56.111, located in Russian Federation and belongs to SWEB-AS, RU. The main domain is transfer13.temp.swtest.ru.

This is the only time transfer13.temp.swtest.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wise (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	35.186.245.55 35.186.245.55	15169 (GOOGLE) (GOOGLE)
1 14	77.222.56.111 77.222.56.111	44112 (SWEB-AS) (SWEB-AS)
1 1	104.16.41.16 104.16.41.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.30.50 104.18.30.50	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	4

1 35.186.245.55 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 55.245.186.35.bc.googleusercontent.com

tatteredellipticalarchitect.soviharejela.repl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 77.222.56.111 (Russian Federation) 1 redirects

ASN44112 (SWEB-AS, RU)
PTR: vh291.sweb.ru

gejata7030.temp.swtest.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
transfer13.temp.swtest.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.41.16 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

transferwise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.30.50 (None, )

ASN13335 (CLOUDFLARENET, US)

wise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	swtest.ru 1 redirects gejata7030.temp.swtest.ru transfer13.temp.swtest.ru	63 KB
1	wise.com wise.com	160 KB
1	transferwise.com 1 redirects transferwise.com	552 B
1	repl.co tatteredellipticalarchitect.soviharejela.repl.co	416 B
15	4

	Domain	Requested by
13	transfer13.temp.swtest.ru	1 redirects transfer13.temp.swtest.ru
1	wise.com	transfer13.temp.swtest.ru
1	transferwise.com	1 redirects
1	gejata7030.temp.swtest.ru	tatteredellipticalarchitect.soviharejela.repl.co
1	tatteredellipticalarchitect.soviharejela.repl.co
15	5

This site contains no links.

Subject Issuer	Validity	Valid
soviharejela.repl.co R3	`2021-12-20` - `2022-03-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://transfer13.temp.swtest.ru/wise/login/fbs/
Frame ID: 1596BD273D9AEC2686D55E295181BB1B
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

TransferWise - Login

Page URL History Show full URLs

https://tatteredellipticalarchitect.soviharejela.repl.co/ Page URL
http://gejata7030.temp.swtest.ru/wise/wise.html Page URL
http://transfer13.temp.swtest.ru/wise/login/fbs HTTP 301
http://transfer13.temp.swtest.ru/wise/login/fbs/ Page URL

Page Statistics

15
Requests

7 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

4
IPs

3
Countries

223 kB
Transfer

497 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tatteredellipticalarchitect.soviharejela.repl.co/ Page URL
http://gejata7030.temp.swtest.ru/wise/wise.html Page URL
http://transfer13.temp.swtest.ru/wise/login/fbs HTTP 301
http://transfer13.temp.swtest.ru/wise/login/fbs/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://transferwise.com/assets/login/roof.jpg HTTP 301
https://wise.com/assets/login/roof.jpg

15 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 /
tatteredellipticalarchitect.soviharejela.repl.co/ 206 B
416 B 514ms
180ms Document
text/html 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tatteredellipticalarchitect.soviharejela.repl.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7763320; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
content-type: text/html; charset=utf-8
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7763320; includeSubDomains
content-length: 206
date: Mon, 20 Dec 2021 12:19:13 GMT

GET
H/1.1 200
OK wise.html Show response
gejata7030.temp.swtest.ru/wise/ 92 B
365 B 214ms
99ms Document
text/html 77.222.56.111
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://gejata7030.temp.swtest.ru/wise/wise.html
Requested by: Host: tatteredellipticalarchitect.soviharejela.repl.co
URL: https://tatteredellipticalarchitect.soviharejela.repl.co/
Protocol: HTTP/1.1
Server: 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh291.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: f294d3eb7b694513f2dc61c9be59b04238f55463989186ef159d0fc586e460b6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx/1.19.1
Date: Mon, 20 Dec 2021 12:19:13 GMT
Content-Type: text/html
Content-Length: 92
Connection: keep-alive
Keep-Alive: timeout=10
Last-Modified: Mon, 20 Dec 2021 09:43:57 GMT
ETag: "2368724-5c-5d390ba3f1140"
Accept-Ranges: bytes

GET
H/1.1

200
OK

Primary Request / Show response
transfer13.temp.swtest.ru/wise/login/fbs/
Redirect Chain

http://transfer13.temp.swtest.ru/wise/login/fbs
http://transfer13.temp.swtest.ru/wise/login/fbs/

7 KB
2 KB

51ms
51ms

Document
text/html

77.222.56.111
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://transfer13.temp.swtest.ru/wise/login/fbs/
Protocol: HTTP/1.1
Server: 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh291.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: f600662751ab0ea0e120784241252398c43d832a3f8aa48a2a84c9d9b2dc90e7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://gejata7030.temp.swtest.ru/wise/wise.html

Response headers

Server: nginx/1.19.1
Date: Mon, 20 Dec 2021 12:19:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Vary: Accept-Encoding
Last-Modified: Fri, 09 Apr 2021 12:46:00 GMT
ETag: W/"4c89805-1a20-5bf898bc63200"
Content-Encoding: gzip

Redirect headers

Server: nginx/1.19.1
Date: Mon, 20 Dec 2021 12:19:13 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 372
Connection: keep-alive
Keep-Alive: timeout=10
Location: http://transfer13.temp.swtest.ru/wise/login/fbs/

GET
H/1.1 200
OK style.css
transfer13.temp.swtest.ru/wise/login/fbs/css/ 248 KB
44 KB 67ms
66ms Stylesheet
text/css 77.222.56.111
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Requested by: Host: transfer13.temp.swtest.ru
URL: http://transfer13.temp.swtest.ru/wise/login/fbs/
Protocol: HTTP/1.1
Server: 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh291.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 0af4cfe38f3225c17047c84f24f9661faea33214db2e984b2ac0ae6384f5e855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://transfer13.temp.swtest.ru/wise/login/fbs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 20 Dec 2021 12:19:13 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Apr 2021 12:46:10 GMT
Server: nginx/1.19.1
ETag: W/"4c8983d-3de81-5bf898c5ec880"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H/1.1 200
OK another.css
transfer13.temp.swtest.ru/wise/login/fbs/css/ 77 KB
17 KB 102ms
97ms Stylesheet
text/css 77.222.56.111
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://transfer13.temp.swtest.ru/wise/login/fbs/css/another.css
Requested by: Host: transfer13.temp.swtest.ru
URL: http://transfer13.temp.swtest.ru/wise/login/fbs/
Protocol: HTTP/1.1
Server: 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh291.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: dc7d7b639c8a558e06957a008ba8e021da6dd57bff8c895af72a276a21e67bb4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://transfer13.temp.swtest.ru/wise/login/fbs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 20 Dec 2021 12:19:13 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Apr 2021 12:46:08 GMT
Server: nginx/1.19.1
ETag: W/"4c89839-133bb-5bf898c404400"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H2

200

roof.jpg
wise.com/assets/login/
Redirect Chain

https://transferwise.com/assets/login/roof.jpg
https://wise.com/assets/login/roof.jpg

159 KB
160 KB

82ms
50ms

Image
image/webp

104.18.30.50
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wise.com/assets/login/roof.jpg

Requested by

Host: transfer13.temp.swtest.ru
URL: http://transfer13.temp.swtest.ru/wise/login/fbs/css/another.css

Protocol

Server

104.18.30.50 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d9eec67bbbc1166613d3374bc4a525bc778ad94ea7d547659d5d6d822a0ae4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://transfer13.temp.swtest.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 20 Dec 2021 12:19:14 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 378172
cf-polished: origFmt=jpeg, origSize=222249
x-envoy-upstream-service-time: 2
content-disposition: inline; filename="roof.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 162620
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: login/roof-ead47c7a25b6abbf5da2f18ef35790e8.jpg
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
content-type: image/webp
vary: Accept
cache-control: public, max-age=31536000
x-envoy-attempt-count: 1
accept-ranges: bytes
cf-ray: 6c08d15d9d2b6940-FRA

Redirect headers

date: Mon, 20 Dec 2021 12:19:14 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
server: cloudflare
age: 1530
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=iso-8859-1
location: https://wise.com/assets/login/roof.jpg
strict-transport-security: max-age=31536000
cf-ray: 6c08d15d3d091f21-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a776652f608c53fcbde2ff9f424b5628ed720e285acf4dd152b91d4926368981

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://transfer13.temp.swtest.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 433 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90d6281e201564268ac285eb97962fffc8a6d3214791d2e2865c95321057d7ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://transfer13.temp.swtest.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 417 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 042e08ce5a48b76e3e639d8b507d1f24cdf850981e303978e518f676e55ccde3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://transfer13.temp.swtest.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 16dda0331d978757e75dfca7d9d091c053139ebffd0e3f3af9322bff8ef10cdd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://transfer13.temp.swtest.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 640 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c887f82d761cb10403d0f14cfdc40a5d08c32635b14ddd0c98a501183ef8f522

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://transfer13.temp.swtest.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 404
Not Found TW-Averta-Bold-0ba8a14820a94bbecfeb5c043ddfd409.woff2
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ 0
0 69ms
69ms Font
text/html 77.222.56.111
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-0ba8a14820a94bbecfeb5c043ddfd409.woff2
Requested by: Host: transfer13.temp.swtest.ru
URL: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Protocol: HTTP/1.1
Server: 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh291.sweb.ru
Software: nginx/1.19.1 /
Resource Hash

Request headers

Referer: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Origin: http://transfer13.temp.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 20 Dec 2021 12:19:14 GMT
Content-Encoding: gzip
Server: nginx/1.19.1
Vary: Accept-Encoding, accept-language,accept-charset
Content-Language: de
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Keep-Alive: timeout=10

GET
H/1.1 404
Not Found TW-Averta-Regular-68f06d694edcfab46fe56aaa33f07cf2.woff2
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ 0
0 58ms
58ms Font
text/html 77.222.56.111
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-68f06d694edcfab46fe56aaa33f07cf2.woff2
Requested by: Host: transfer13.temp.swtest.ru
URL: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Protocol: HTTP/1.1
Server: 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh291.sweb.ru
Software: nginx/1.19.1 /
Resource Hash

Request headers

Referer: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Origin: http://transfer13.temp.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 20 Dec 2021 12:19:14 GMT
Content-Encoding: gzip
Server: nginx/1.19.1
Vary: Accept-Encoding, accept-language,accept-charset
Content-Language: de
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Keep-Alive: timeout=10

GET
H/1.1 404
Not Found TW-Averta-Semibold-e0037ebb1d64dbfb4521af1ae0ec656b.woff2
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ 0
0 132ms
127ms Font
text/html 77.222.56.111
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-e0037ebb1d64dbfb4521af1ae0ec656b.woff2
Requested by: Host: transfer13.temp.swtest.ru
URL: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Protocol: HTTP/1.1
Server: 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh291.sweb.ru
Software: nginx/1.19.1 /
Resource Hash

Request headers

Referer: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Origin: http://transfer13.temp.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 20 Dec 2021 12:19:14 GMT
Content-Encoding: gzip
Server: nginx/1.19.1
Vary: Accept-Encoding, accept-language,accept-charset
Content-Language: de
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Keep-Alive: timeout=10

GET
H/1.1 404
Not Found TW-Averta-Regular-d19822d886630bdb27029ccc068057c5.woff
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ 0
0 73ms
72ms Font
text/html 77.222.56.111
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-d19822d886630bdb27029ccc068057c5.woff
Requested by: Host: transfer13.temp.swtest.ru
URL: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Protocol: HTTP/1.1
Server: 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh291.sweb.ru
Software: nginx/1.19.1 /
Resource Hash

Request headers

Referer: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Origin: http://transfer13.temp.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 20 Dec 2021 12:19:14 GMT
Content-Encoding: gzip
Server: nginx/1.19.1
Vary: Accept-Encoding, accept-language,accept-charset
Content-Language: de
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Keep-Alive: timeout=10

GET
H/1.1 404
Not Found TW-Averta-Bold-fc3e4a7ec72f95c49514fe7112878854.woff
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ 0
0 92ms
92ms Font
text/html 77.222.56.111
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-fc3e4a7ec72f95c49514fe7112878854.woff
Requested by: Host: transfer13.temp.swtest.ru
URL: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Protocol: HTTP/1.1
Server: 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh291.sweb.ru
Software: nginx/1.19.1 /
Resource Hash

Request headers

Referer: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Origin: http://transfer13.temp.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 20 Dec 2021 12:19:14 GMT
Content-Encoding: gzip
Server: nginx/1.19.1
Vary: Accept-Encoding, accept-language,accept-charset
Content-Language: de
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Keep-Alive: timeout=10

GET
H/1.1 404
Not Found TW-Averta-Regular-cfc5d4b830a3857c2365834792aeb698.ttf
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ 0
0 93ms
92ms Font
text/html 77.222.56.111
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-cfc5d4b830a3857c2365834792aeb698.ttf
Requested by: Host: transfer13.temp.swtest.ru
URL: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Protocol: HTTP/1.1
Server: 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh291.sweb.ru
Software: nginx/1.19.1 /
Resource Hash

Request headers

Referer: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Origin: http://transfer13.temp.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 20 Dec 2021 12:19:14 GMT
Content-Encoding: gzip
Server: nginx/1.19.1
Vary: Accept-Encoding, accept-language,accept-charset
Content-Language: de
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Keep-Alive: timeout=10

GET
H/1.1 404
Not Found TW-Averta-Semibold-1d6d0aa41e2fb4b0073132359b508d13.woff
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ 0
0 81ms
81ms Font
text/html 77.222.56.111
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-1d6d0aa41e2fb4b0073132359b508d13.woff
Requested by: Host: transfer13.temp.swtest.ru
URL: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Protocol: HTTP/1.1
Server: 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh291.sweb.ru
Software: nginx/1.19.1 /
Resource Hash

Request headers

Referer: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Origin: http://transfer13.temp.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 20 Dec 2021 12:19:14 GMT
Content-Encoding: gzip
Server: nginx/1.19.1
Vary: Accept-Encoding, accept-language,accept-charset
Content-Language: de
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Keep-Alive: timeout=10

GET
H/1.1 404
Not Found TW-Averta-Bold-227bddcf6067a5fcebe19653694a358c.ttf
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ 0
0 86ms
86ms Font
text/html 77.222.56.111
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-227bddcf6067a5fcebe19653694a358c.ttf
Requested by: Host: transfer13.temp.swtest.ru
URL: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Protocol: HTTP/1.1
Server: 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh291.sweb.ru
Software: nginx/1.19.1 /
Resource Hash

Request headers

Referer: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Origin: http://transfer13.temp.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 20 Dec 2021 12:19:14 GMT
Content-Encoding: gzip
Server: nginx/1.19.1
Vary: Accept-Encoding, accept-language,accept-charset
Content-Language: de
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Keep-Alive: timeout=10

GET
H/1.1 404
Not Found TW-Averta-Semibold-acd8b3778d5a69f36f11e6b9f1e44058.ttf
transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/ 0
0 69ms
69ms Font
text/html 77.222.56.111
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-acd8b3778d5a69f36f11e6b9f1e44058.ttf
Requested by: Host: transfer13.temp.swtest.ru
URL: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Protocol: HTTP/1.1
Server: 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh291.sweb.ru
Software: nginx/1.19.1 /
Resource Hash

Request headers

Referer: http://transfer13.temp.swtest.ru/wise/login/fbs/css/style.css
Origin: http://transfer13.temp.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 20 Dec 2021 12:19:14 GMT
Content-Encoding: gzip
Server: nginx/1.19.1
Vary: Accept-Encoding, accept-language,accept-charset
Content-Language: de
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Keep-Alive: timeout=10

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wise (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.transferwise.com/	1970-01-19 23:33:24	Name: __cf_bm Value: zqGANaKfT88sBKqFd1YYh83W5m76Z.o9N3ItJTkVnO0-1640002754-0-AT4MSKFgzIhW2nUQEKoQwDSROxa/QhYFyDCBnMI7Tt/Nsw8UIO6T5a+Xe/ZifTfhYy9c0fGBaf5+YePbBhK/Nuc=
			.wise.com/	1970-01-19 23:33:24	Name: __cf_bm Value: OoYDMbiz8Mkiwk8w5s_P7NIrF0tYf72OZB6VWMx3qas-1640002754-0-AcwT7Rp6LAUziizllr+T6YXQlhsAiHbHJH2ZPkH4LPhLeVhhP8bMHX/O8dArdEgT9nm8GLClq//MSrhQ0jsjkpMWe2+2Gyvm931q6JPOOzEg

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-68f06d694edcfab46fe56aaa33f07cf2.woff2 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-0ba8a14820a94bbecfeb5c043ddfd409.woff2 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-d19822d886630bdb27029ccc068057c5.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-e0037ebb1d64dbfb4521af1ae0ec656b.woff2 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-fc3e4a7ec72f95c49514fe7112878854.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-1d6d0aa41e2fb4b0073132359b508d13.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-cfc5d4b830a3857c2365834792aeb698.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-227bddcf6067a5fcebe19653694a358c.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://transfer13.temp.swtest.ru/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-acd8b3778d5a69f36f11e6b9f1e44058.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=7763320; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

gejata7030.temp.swtest.ru
tatteredellipticalarchitect.soviharejela.repl.co
transfer13.temp.swtest.ru
transferwise.com
wise.com
104.16.41.16
104.18.30.50
35.186.245.55
77.222.56.111
042e08ce5a48b76e3e639d8b507d1f24cdf850981e303978e518f676e55ccde3
0af4cfe38f3225c17047c84f24f9661faea33214db2e984b2ac0ae6384f5e855
16dda0331d978757e75dfca7d9d091c053139ebffd0e3f3af9322bff8ef10cdd
6d9eec67bbbc1166613d3374bc4a525bc778ad94ea7d547659d5d6d822a0ae4b
90d6281e201564268ac285eb97962fffc8a6d3214791d2e2865c95321057d7ce
a776652f608c53fcbde2ff9f424b5628ed720e285acf4dd152b91d4926368981
c887f82d761cb10403d0f14cfdc40a5d08c32635b14ddd0c98a501183ef8f522
dc7d7b639c8a558e06957a008ba8e021da6dd57bff8c895af72a276a21e67bb4
f294d3eb7b694513f2dc61c9be59b04238f55463989186ef159d0fc586e460b6
f600662751ab0ea0e120784241252398c43d832a3f8aa48a2a84c9d9b2dc90e7

transfer13.temp.swtest.ru Open in urlscan Pro 77.222.56.111 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

15 Requests

7 %HTTPS

0 %IPv6

4 Domains

5 Subdomains

4 IPs

3 Countries

223 kBTransfer

497 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

2 Cookies

9 Console Messages

Security Headers

Indicators

transfer13.temp.swtest.ru Open in urlscan Pro
77.222.56.111 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

7 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

4
IPs

3
Countries

223 kB
Transfer

497 kB
Size

2
Cookies

15 HTTP transactions
5 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!