transfeerwise.xyz Open in urlscan Pro
92.119.112.72 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.redirectpass.xyz/ws
Effective URL:
https://transfeerwise.xyz/wiseaccount-document/login/c2192/
Submission: On February 06 via manual (February 6th 2022, 3:12:59 pm UTC) from SA — Scanned from NL

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 18 HTTP transactions. The main IP is 92.119.112.72, located in Dronten, Netherlands and belongs to ON-LINE-DATA Server location - Netherlands, Dronten, NL. The main domain is transfeerwise.xyz.
TLS certificate: Issued by R3 on February 6th 2022. Valid for: 3 months.

This is the only time transfeerwise.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wise (Online)

Domain & IP information

	IP Address		AS Autonomous System
6 24	92.119.112.72 92.119.112.72		204601 (ON-LINE-D...) (ON-LINE-DATA Server location - Netherlands)
18	2

24 92.119.112.72 (Dronten, Netherlands) 6 redirects

ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL)
PTR: vm3115887.bs.had.pm

www.redirectpass.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
transfeerwise.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	transfeerwise.xyz 4 redirects transfeerwise.xyz	236 KB
2	redirectpass.xyz 2 redirects www.redirectpass.xyz	202 B
18	2

	Domain	Requested by
22	transfeerwise.xyz	4 redirects transfeerwise.xyz
2	www.redirectpass.xyz	2 redirects
18	2

This site contains no links.

Subject Issuer	Validity	Valid
transfeerwise.xyz R3	`2022-02-06` - `2022-05-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://transfeerwise.xyz/wiseaccount-document/login/c2192/
Frame ID: 287B97CCE918E94DDCF69544D80F739D
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

TransferWise - Login

Page URL History Show full URLs

https://www.redirectpass.xyz/ws HTTP 301
https://www.redirectpass.xyz/ws/ HTTP 302
https://transfeerwise.xyz/wiseaccount-document/ HTTP 302
https://transfeerwise.xyz/wiseaccount-document/login HTTP 301
https://transfeerwise.xyz/wiseaccount-document/login/ HTTP 302
https://transfeerwise.xyz/wiseaccount-document/login/c2192 HTTP 301
https://transfeerwise.xyz/wiseaccount-document/login/c2192/ Page URL

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

236 kB
Transfer

921 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.redirectpass.xyz/ws HTTP 301
https://www.redirectpass.xyz/ws/ HTTP 302
https://transfeerwise.xyz/wiseaccount-document/ HTTP 302
https://transfeerwise.xyz/wiseaccount-document/login HTTP 301
https://transfeerwise.xyz/wiseaccount-document/login/ HTTP 302
https://transfeerwise.xyz/wiseaccount-document/login/c2192 HTTP 301
https://transfeerwise.xyz/wiseaccount-document/login/c2192/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
5 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response transfeerwise.xyz/wiseaccount-document/login/c2192/ Redirect Chain https://www.redirectpass.xyz/ws https://www.redirectpass.xyz/ws/ https://transfeerwise.xyz/wiseaccount-document/ https://transfeerwise.xyz/wiseaccount-document/login https://transfeerwise.xyz/wiseaccount-document/login/ https://transfeerwise.xyz/wiseaccount-document/login/c2192 https://transfeerwise.xyz/wiseaccount-document/login/c2192/	16 KB 4 KB	18ms 17ms	Document text/html	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Full URL https://transfeerwise.xyz/wiseaccount-document/login/c2192/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash `2e00cbfd24122fb52bfbdb536f8dd60307965495241d5feecab30320136d4b1f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language nl-NL,nl;q=0.9 Response headers server nginx date Sun, 06 Feb 2022 15:12:54 GMT content-type text/html; charset=utf-8 content-length 4242 last-modified Sun, 06 Feb 2022 15:12:54 GMT etag W/"3ecc-5d75aeb13fe8b-gzip" accept-ranges bytes vary Accept-Encoding content-encoding gzip Redirect headers server nginx date Sun, 06 Feb 2022 15:12:54 GMT content-type text/html; charset=iso-8859-1 content-length 267 location https://transfeerwise.xyz/wiseaccount-document/login/c2192/
GET H2	200	style.css transfeerwise.xyz/wiseaccount-document/login/c2192/css/	244 KB 44 KB	37ms 36ms	Stylesheet text/css	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Full URL https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Requested by Host: transfeerwise.xyz URL: https://transfeerwise.xyz/wiseaccount-document/login/c2192/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash `546fa150497f7cc25af4bcb65eaa5ffe30120dd034b61078292c13127d83a157` Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://transfeerwise.xyz/wiseaccount-document/login/c2192/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 15:12:54 GMT content-encoding gzip last-modified Sun, 06 Feb 2022 15:12:54 GMT server nginx etag W/"61ffe576-3ce90" vary Accept-Encoding content-type text/css cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	another.css transfeerwise.xyz/wiseaccount-document/login/c2192/css/	77 KB 17 KB	81ms 80ms	Stylesheet text/css	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Full URL https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/another.css Requested by Host: transfeerwise.xyz URL: https://transfeerwise.xyz/wiseaccount-document/login/c2192/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash `dc7d7b639c8a558e06957a008ba8e021da6dd57bff8c895af72a276a21e67bb4` Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://transfeerwise.xyz/wiseaccount-document/login/c2192/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 15:12:54 GMT content-encoding gzip last-modified Sun, 06 Feb 2022 15:12:54 GMT server nginx etag W/"61ffe576-133bb" vary Accept-Encoding content-type text/css cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	93e40ded.1d7bae32.chunk.css transfeerwise.xyz/wiseaccount-document/login/c2192/css/	249 KB 44 KB	81ms 80ms	Stylesheet text/css	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Full URL https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/93e40ded.1d7bae32.chunk.css Requested by Host: transfeerwise.xyz URL: https://transfeerwise.xyz/wiseaccount-document/login/c2192/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash `a20206ed30d2cce387a99dc7a18cd484845c1163eee4d6aa1fbbbec44ff6abb1` Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://transfeerwise.xyz/wiseaccount-document/login/c2192/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 15:12:54 GMT content-encoding gzip last-modified Sun, 06 Feb 2022 15:12:54 GMT server nginx etag W/"61ffe576-3e5f4" vary Accept-Encoding content-type text/css cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	styles.1be146a5.chunk.css transfeerwise.xyz/wiseaccount-document/login/c2192/css/	75 KB 18 KB	81ms 81ms	Stylesheet text/css	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Full URL https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/styles.1be146a5.chunk.css Requested by Host: transfeerwise.xyz URL: https://transfeerwise.xyz/wiseaccount-document/login/c2192/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash `c01b5bbf62158a5f066afb2bcc86996c3383caf0367f1f78448204978ab650d4` Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://transfeerwise.xyz/wiseaccount-document/login/c2192/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 15:12:54 GMT content-encoding gzip last-modified Sun, 06 Feb 2022 15:12:54 GMT server nginx etag W/"61ffe576-12c91" vary Accept-Encoding content-type text/css cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	ff5735789605c4b6b6001d2e9f90758a881417e0_CSS.e22120fc.chunk.css transfeerwise.xyz/wiseaccount-document/login/c2192/css/	105 KB 79 KB	81ms 81ms	Stylesheet text/css	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Full URL https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/ff5735789605c4b6b6001d2e9f90758a881417e0_CSS.e22120fc.chunk.css Requested by Host: transfeerwise.xyz URL: https://transfeerwise.xyz/wiseaccount-document/login/c2192/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash `a0dd3fd72fe862a813c5b8774575c4c3de5c6b3cb47ae3f958710717448d9df2` Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://transfeerwise.xyz/wiseaccount-document/login/c2192/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 15:12:54 GMT content-encoding gzip last-modified Sun, 06 Feb 2022 15:12:54 GMT server nginx etag W/"61ffe576-1a507" vary Accept-Encoding content-type text/css cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	efd0886afd67bccda49e149e8fcfa1183a503573_CSS.a70d5076.chunk.css transfeerwise.xyz/wiseaccount-document/login/c2192/css/	56 KB 11 KB	81ms 81ms	Stylesheet text/css	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Full URL https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/efd0886afd67bccda49e149e8fcfa1183a503573_CSS.a70d5076.chunk.css Requested by Host: transfeerwise.xyz URL: https://transfeerwise.xyz/wiseaccount-document/login/c2192/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash `aa0b9e22a33ee0dbad1d4b3287276ded422dd6ea1ddc5f5afd05398af41ff148` Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://transfeerwise.xyz/wiseaccount-document/login/c2192/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 15:12:54 GMT content-encoding gzip last-modified Sun, 06 Feb 2022 15:12:54 GMT server nginx etag W/"61ffe576-df66" vary Accept-Encoding content-type text/css cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	inverse.svg transfeerwise.xyz/wiseaccount-document/login/c2192/img/	983 B 1 KB	81ms 81ms	Image image/svg+xml	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Show image Full URL https://transfeerwise.xyz/wiseaccount-document/login/c2192/img/inverse.svg Requested by Host: transfeerwise.xyz URL: https://transfeerwise.xyz/wiseaccount-document/login/c2192/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash `e501649277a35a591914c1eedce7467f67778d1c2f39255a6ee57d6d9da5aa78` Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://transfeerwise.xyz/wiseaccount-document/login/c2192/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 15:12:54 GMT last-modified Sun, 06 Feb 2022 15:12:54 GMT server nginx etag "61ffe576-3d7" content-type image/svg+xml cache-control max-age=315360000 accept-ranges bytes content-length 983 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	dingo.png transfeerwise.xyz/wiseaccount-document/login/c2192/img/	17 KB 18 KB	81ms 81ms	Image image/png	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Show image Full URL https://transfeerwise.xyz/wiseaccount-document/login/c2192/img/dingo.png Requested by Host: transfeerwise.xyz URL: https://transfeerwise.xyz/wiseaccount-document/login/c2192/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash `3030bd19161016ad067611f0be335d23c74bfc2daf3a02f3a9b89596e2b6c7bb` Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://transfeerwise.xyz/wiseaccount-document/login/c2192/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 15:12:54 GMT last-modified Sun, 06 Feb 2022 15:12:54 GMT server nginx etag "61ffe576-45d8" content-type image/png cache-control max-age=315360000 accept-ranges bytes content-length 17880 expires Thu, 31 Dec 2037 23:55:55 GMT
GET DATA	200 OK	truncated /	77 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8174473f58d77d728047c3935a0fbd3f8333734bcb37eb91811c58757d29d0d9` Request headers Accept-Language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	433 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `90d6281e201564268ac285eb97962fffc8a6d3214791d2e2865c95321057d7ce` Request headers Accept-Language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	417 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `042e08ce5a48b76e3e639d8b507d1f24cdf850981e303978e518f676e55ccde3` Request headers Accept-Language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `16dda0331d978757e75dfca7d9d091c053139ebffd0e3f3af9322bff8ef10cdd` Request headers Accept-Language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	947 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3654c9cf52fe535d9318210918ad766fae532fe390c9524c27166952109622c5` Request headers Accept-Language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	404	TW-Averta-Bold-0ba8a14820a94bbecfeb5c043ddfd409.woff2 transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/	0 0	19ms 18ms	Font text/html	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Full URL https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-0ba8a14820a94bbecfeb5c043ddfd409.woff2 Requested by Host: transfeerwise.xyz URL: https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash Request headers Referer https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Origin https://transfeerwise.xyz Accept-Language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 15:12:54 GMT content-encoding gzip last-modified Sun, 06 Feb 2022 12:40:17 GMT server nginx etag W/"ce6-5d758c94d96f6" vary Accept-Encoding content-type text/html; charset=utf-8
GET H2	404	TW-Averta-Regular-68f06d694edcfab46fe56aaa33f07cf2.woff2 transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/	0 0	19ms 19ms	Font text/html	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Full URL https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-68f06d694edcfab46fe56aaa33f07cf2.woff2 Requested by Host: transfeerwise.xyz URL: https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash Request headers Referer https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Origin https://transfeerwise.xyz Accept-Language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 15:12:54 GMT content-encoding gzip last-modified Sun, 06 Feb 2022 12:40:17 GMT server nginx etag W/"ce6-5d758c94d96f6" vary Accept-Encoding content-type text/html; charset=utf-8
GET H2	404	TW-Averta-Semibold-e0037ebb1d64dbfb4521af1ae0ec656b.woff2 transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/	0 0	20ms 20ms	Font text/html	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Full URL https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-e0037ebb1d64dbfb4521af1ae0ec656b.woff2 Requested by Host: transfeerwise.xyz URL: https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash Request headers Referer https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Origin https://transfeerwise.xyz Accept-Language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 15:12:54 GMT content-encoding gzip last-modified Sun, 06 Feb 2022 12:40:17 GMT server nginx etag W/"ce6-5d758c94d96f6" vary Accept-Encoding content-type text/html; charset=utf-8
GET H2	404	TW-Averta-Bold-fc3e4a7ec72f95c49514fe7112878854.woff transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/	0 0	20ms 19ms	Font text/html	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Full URL https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-fc3e4a7ec72f95c49514fe7112878854.woff Requested by Host: transfeerwise.xyz URL: https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash Request headers Referer https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Origin https://transfeerwise.xyz Accept-Language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 15:12:54 GMT content-encoding gzip last-modified Sun, 06 Feb 2022 12:40:17 GMT server nginx etag W/"ce6-5d758c94d96f6" vary Accept-Encoding content-type text/html; charset=utf-8
GET H2	404	TW-Averta-Regular-d19822d886630bdb27029ccc068057c5.woff transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/	0 0	19ms 18ms	Font text/html	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Full URL https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-d19822d886630bdb27029ccc068057c5.woff Requested by Host: transfeerwise.xyz URL: https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash Request headers Referer https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Origin https://transfeerwise.xyz Accept-Language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 15:12:54 GMT content-encoding gzip last-modified Sun, 06 Feb 2022 12:40:17 GMT server nginx etag W/"ce6-5d758c94d96f6" vary Accept-Encoding content-type text/html; charset=utf-8
GET H2	404	TW-Averta-Semibold-1d6d0aa41e2fb4b0073132359b508d13.woff transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/	0 0	20ms 19ms	Font text/html	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Full URL https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-1d6d0aa41e2fb4b0073132359b508d13.woff Requested by Host: transfeerwise.xyz URL: https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash Request headers Referer https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Origin https://transfeerwise.xyz Accept-Language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 15:12:54 GMT content-encoding gzip last-modified Sun, 06 Feb 2022 12:40:17 GMT server nginx etag W/"ce6-5d758c94d96f6" vary Accept-Encoding content-type text/html; charset=utf-8
GET H2	404	TW-Averta-Regular-cfc5d4b830a3857c2365834792aeb698.ttf transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/	0 0	20ms 20ms	Font text/html	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Full URL https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-cfc5d4b830a3857c2365834792aeb698.ttf Requested by Host: transfeerwise.xyz URL: https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash Request headers Referer https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Origin https://transfeerwise.xyz Accept-Language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 15:12:54 GMT content-encoding gzip last-modified Sun, 06 Feb 2022 12:40:17 GMT server nginx etag W/"ce6-5d758c94d96f6" vary Accept-Encoding content-type text/html; charset=utf-8
GET H2	404	TW-Averta-Bold-227bddcf6067a5fcebe19653694a358c.ttf transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/	0 0	21ms 21ms	Font text/html	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Full URL https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-227bddcf6067a5fcebe19653694a358c.ttf Requested by Host: transfeerwise.xyz URL: https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash Request headers Referer https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Origin https://transfeerwise.xyz Accept-Language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 15:12:54 GMT content-encoding gzip last-modified Sun, 06 Feb 2022 12:40:17 GMT server nginx etag W/"ce6-5d758c94d96f6" vary Accept-Encoding content-type text/html; charset=utf-8
GET H2	404	TW-Averta-Semibold-acd8b3778d5a69f36f11e6b9f1e44058.ttf transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/	0 0	20ms 20ms	Font text/html	92.119.112.72 Netherlands
General Check archive.org Show headers Download Go to Full URL https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-acd8b3778d5a69f36f11e6b9f1e44058.ttf Requested by Host: transfeerwise.xyz URL: https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.119.112.72 Dronten, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS vm3115887.bs.had.pm Software nginx / Resource Hash Request headers Referer https://transfeerwise.xyz/wiseaccount-document/login/c2192/css/style.css Origin https://transfeerwise.xyz Accept-Language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 15:12:54 GMT content-encoding gzip last-modified Sun, 06 Feb 2022 12:40:17 GMT server nginx etag W/"ce6-5d758c94d96f6" vary Accept-Encoding content-type text/html; charset=utf-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wise (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-0ba8a14820a94bbecfeb5c043ddfd409.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-68f06d694edcfab46fe56aaa33f07cf2.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-e0037ebb1d64dbfb4521af1ae0ec656b.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-d19822d886630bdb27029ccc068057c5.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-fc3e4a7ec72f95c49514fe7112878854.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-1d6d0aa41e2fb4b0073132359b508d13.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-cfc5d4b830a3857c2365834792aeb698.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-acd8b3778d5a69f36f11e6b9f1e44058.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://transfeerwise.xyz/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-227bddcf6067a5fcebe19653694a358c.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

transfeerwise.xyz
www.redirectpass.xyz
92.119.112.72
042e08ce5a48b76e3e639d8b507d1f24cdf850981e303978e518f676e55ccde3
16dda0331d978757e75dfca7d9d091c053139ebffd0e3f3af9322bff8ef10cdd
2e00cbfd24122fb52bfbdb536f8dd60307965495241d5feecab30320136d4b1f
3030bd19161016ad067611f0be335d23c74bfc2daf3a02f3a9b89596e2b6c7bb
3654c9cf52fe535d9318210918ad766fae532fe390c9524c27166952109622c5
546fa150497f7cc25af4bcb65eaa5ffe30120dd034b61078292c13127d83a157
8174473f58d77d728047c3935a0fbd3f8333734bcb37eb91811c58757d29d0d9
90d6281e201564268ac285eb97962fffc8a6d3214791d2e2865c95321057d7ce
a0dd3fd72fe862a813c5b8774575c4c3de5c6b3cb47ae3f958710717448d9df2
a20206ed30d2cce387a99dc7a18cd484845c1163eee4d6aa1fbbbec44ff6abb1
aa0b9e22a33ee0dbad1d4b3287276ded422dd6ea1ddc5f5afd05398af41ff148
c01b5bbf62158a5f066afb2bcc86996c3383caf0367f1f78448204978ab650d4
dc7d7b639c8a558e06957a008ba8e021da6dd57bff8c895af72a276a21e67bb4
e501649277a35a591914c1eedce7467f67778d1c2f39255a6ee57d6d9da5aa78

transfeerwise.xyz Open in urlscan Pro 92.119.112.72 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

18 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

236 kBTransfer

921 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

9 Console Messages

Indicators

transfeerwise.xyz Open in urlscan Pro
92.119.112.72 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

236 kB
Transfer

921 kB
Size

0
Cookies

18 HTTP transactions
5 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!