brxwetrancm.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2f34 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://brxwetrancm.pages.dev/
Submission: On October 13 via api (October 13th 2023, 12:17:29 pm UTC) from TR — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 2606:4700:310c::ac42:2f34, located in United States and belongs to CLOUDFLARENET, US. The main domain is brxwetrancm.pages.dev.
TLS certificate: Issued by GTS CA 1P5 on October 12th 2023. Valid for: 3 months.

This is the only time brxwetrancm.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:310... 2606:4700:310c::ac42:2f34	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a06:f907:1:1... 2a06:f907:1:100:9000:9000:945d:5bf4	56630 (MELBICOM-...) (MELBICOM-EU-AS Melbikomas UAB)
9	2

1 2606:4700:310c::ac42:2f34 (United States)

ASN13335 (CLOUDFLARENET, US)

brxwetrancm.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a06:f907:1:100:9000:9000:945d:5bf4 (Vilnius, Lithuania)

ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT)

i.im.ge	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	im.ge i.im.ge — Cisco Umbrella Rank: 218009	2 MB
1	pages.dev brxwetrancm.pages.dev	7 KB
9	2

	Domain	Requested by
8	i.im.ge	brxwetrancm.pages.dev
1	brxwetrancm.pages.dev
9	2

This site contains no links.

Subject Issuer	Validity	Valid
brxwetrancm.pages.dev GTS CA 1P5	`2023-10-12` - `2024-01-10`	3 months	crt.sh
image.01.cdn.im.ge Sectigo RSA Domain Validation Secure Server CA	`2023-06-21` - `2024-06-21`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://brxwetrancm.pages.dev/
Frame ID: 07F835399B09A9436F66690F9D5752B3
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

We-transfa

Page Statistics

9
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1975 kB
Transfer

1985 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
brxwetrancm.pages.dev/ 19 KB
7 KB 125ms
52ms Document
text/html 2606:4700:310c::ac42:2f34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://brxwetrancm.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:310c::ac42:2f34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

905c3bab4f75ac6a5fc5db1239a37b01b63798cb797f18a1ab6b5f85341f5b1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 815784e1f9b52bf0-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 13 Oct 2023 12:17:22 GMT
etag: W/"e5e2af1cae24273568edf99bf0cef656"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fqmUmk0QnfwqMZ5Z5wf1XIu%2B%2FdC95N2pEWI94%2FmnHjkzomFh5l3U1zpRfao1iii31GmhB%2FKlVKobpSjdLY5VZW8QdlTAXY3jnQj3023J0zvmAOd0%2B0KckMPrLM290dRwyNcoF6xqsxBdmV200ssQQPIE9oo%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 jiYvz8.background.jpg
i.im.ge/2023/08/07/ 423 KB
423 KB 535ms
206ms Image
image/jpeg 2a06:f907:1:100:9000:9000:945d:5bf4
MELBICOM-EU-AS Me...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.im.ge/2023/08/07/jiYvz8.background.jpg
Requested by: Host: brxwetrancm.pages.dev
URL: https://brxwetrancm.pages.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:f907:1:100:9000:9000:945d:5bf4 Vilnius, Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software: nginx/1.22.0 /
Resource Hash: bbf4872ae034e63c60e870e0f7aa969d565213fd85a59509d5c8b2803a197d0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://brxwetrancm.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 12:17:22 GMT
last-modified: Mon, 07 Aug 2023 09:19:57 GMT
server: nginx/1.22.0
age: 0
content-type: image/jpeg
access-control-expose-headers: Content-Disposition
cache-control: max-age=3600, public
content-disposition: inline; filename="jiYvz8.background.jpg"
accept-ranges: bytes
content-length: 432686
expires: Fri, 13 Oct 2023 13:17:22 GMT

GET
H2 200 jiby18.header.png
i.im.ge/2023/08/07/ 582 KB
582 KB 636ms
308ms Image
image/png 2a06:f907:1:100:9000:9000:945d:5bf4
MELBICOM-EU-AS Me...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.im.ge/2023/08/07/jiby18.header.png
Requested by: Host: brxwetrancm.pages.dev
URL: https://brxwetrancm.pages.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:f907:1:100:9000:9000:945d:5bf4 Vilnius, Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software: nginx/1.22.0 /
Resource Hash: 6cd368cc9f1a88720a6462130e7e91522b4e808e264097dcf64d68d4b94d9d29

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://brxwetrancm.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 12:17:22 GMT
last-modified: Mon, 07 Aug 2023 09:35:24 GMT
server: nginx/1.22.0
age: 0
content-type: image/png
access-control-expose-headers: Content-Disposition
cache-control: max-age=3600, public
content-disposition: inline; filename="jiby18.header.png"
accept-ranges: bytes
content-length: 595687
expires: Fri, 13 Oct 2023 13:17:22 GMT

GET
H2 200 jiYpyX.logo.png
i.im.ge/2023/08/07/ 38 KB
38 KB 527ms
199ms Image
image/png 2a06:f907:1:100:9000:9000:945d:5bf4
MELBICOM-EU-AS Me...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.im.ge/2023/08/07/jiYpyX.logo.png
Requested by: Host: brxwetrancm.pages.dev
URL: https://brxwetrancm.pages.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:f907:1:100:9000:9000:945d:5bf4 Vilnius, Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software: nginx/1.22.0 /
Resource Hash: 37c42566bc4db07ac71232a6df4dedfc449271a88b4840f4e6b2a7a08e310f40

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://brxwetrancm.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 12:17:22 GMT
last-modified: Mon, 07 Aug 2023 09:19:56 GMT
server: nginx/1.22.0
age: 0
content-type: image/png
access-control-expose-headers: Content-Disposition
cache-control: max-age=3600, public
content-disposition: inline; filename="jiYpyX.logo.png"
accept-ranges: bytes
content-length: 38702
expires: Fri, 13 Oct 2023 13:17:22 GMT

GET
H2 200 jiYk4K.xls-icon.png
i.im.ge/2023/08/07/ 17 KB
17 KB 433ms
104ms Image
image/png 2a06:f907:1:100:9000:9000:945d:5bf4
MELBICOM-EU-AS Me...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.im.ge/2023/08/07/jiYk4K.xls-icon.png
Requested by: Host: brxwetrancm.pages.dev
URL: https://brxwetrancm.pages.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:f907:1:100:9000:9000:945d:5bf4 Vilnius, Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software: nginx/1.22.0 /
Resource Hash: da8c1c6a316da251fa060d99ff0d86c9b32a237eadab5555b866c19dd78c479a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://brxwetrancm.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 12:17:22 GMT
last-modified: Mon, 07 Aug 2023 09:19:56 GMT
server: nginx/1.22.0
age: 0
content-type: image/png
access-control-expose-headers: Content-Disposition
cache-control: max-age=3600, public
content-disposition: inline; filename="jiYk4K.xls-icon.png"
accept-ranges: bytes
content-length: 16984
expires: Fri, 13 Oct 2023 13:17:22 GMT

GET
H2 200 jiY4mM.pdf-icon.png
i.im.ge/2023/08/07/ 12 KB
12 KB 432ms
104ms Image
image/png 2a06:f907:1:100:9000:9000:945d:5bf4
MELBICOM-EU-AS Me...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.im.ge/2023/08/07/jiY4mM.pdf-icon.png
Requested by: Host: brxwetrancm.pages.dev
URL: https://brxwetrancm.pages.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:f907:1:100:9000:9000:945d:5bf4 Vilnius, Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software: nginx/1.22.0 /
Resource Hash: 0ef1f496381808e2e8e2d21e98561be5f835030b6fbbd1b32c64da06c61503c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://brxwetrancm.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 12:17:22 GMT
last-modified: Mon, 07 Aug 2023 09:19:57 GMT
server: nginx/1.22.0
age: 0
content-type: image/png
access-control-expose-headers: Content-Disposition
cache-control: max-age=3600, public
content-disposition: inline; filename="jiY4mM.pdf-icon.png"
accept-ranges: bytes
content-length: 12179
expires: Fri, 13 Oct 2023 13:17:22 GMT

GET
H2 200 jiYBWY.png-icon.png
i.im.ge/2023/08/07/ 2 KB
2 KB 427ms
99ms Image
image/png 2a06:f907:1:100:9000:9000:945d:5bf4
MELBICOM-EU-AS Me...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.im.ge/2023/08/07/jiYBWY.png-icon.png
Requested by: Host: brxwetrancm.pages.dev
URL: https://brxwetrancm.pages.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:f907:1:100:9000:9000:945d:5bf4 Vilnius, Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software: nginx/1.22.0 /
Resource Hash: 30d84c26f486f53d5af261be097428c5e03f9d1d040544b127320b7fb1858880

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://brxwetrancm.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 12:17:22 GMT
last-modified: Mon, 07 Aug 2023 09:19:58 GMT
server: nginx/1.22.0
age: 0
content-type: image/png
access-control-expose-headers: Content-Disposition
cache-control: max-age=3600, public
content-disposition: inline; filename="jiYBWY.png-icon.png"
accept-ranges: bytes
content-length: 2065
expires: Fri, 13 Oct 2023 13:17:22 GMT

GET
H2 200 jiZ7az.logo.png
i.im.ge/2023/08/07/ 125 KB
126 KB 202ms
202ms Image
image/png 2a06:f907:1:100:9000:9000:945d:5bf4
MELBICOM-EU-AS Me...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.im.ge/2023/08/07/jiZ7az.logo.png
Requested by: Host: brxwetrancm.pages.dev
URL: https://brxwetrancm.pages.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:f907:1:100:9000:9000:945d:5bf4 Vilnius, Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software: nginx/1.22.0 /
Resource Hash: baac93855451e14898a6b5aaf78da07ffa9b61bb4d75c3a5353b18bb6660eab5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://brxwetrancm.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 12:17:22 GMT
last-modified: Mon, 07 Aug 2023 11:16:52 GMT
server: nginx/1.22.0
age: 0
content-type: image/png
access-control-expose-headers: Content-Disposition
cache-control: max-age=3600, public
content-disposition: inline; filename="jiZ7az.logo.png"
accept-ranges: bytes
content-length: 128338
expires: Fri, 13 Oct 2023 13:17:22 GMT

GET
H2 200 jiYnOh.header-2-bg.png
i.im.ge/2023/08/07/ 768 KB
769 KB 626ms
308ms Image
image/png 2a06:f907:1:100:9000:9000:945d:5bf4
MELBICOM-EU-AS Me...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.im.ge/2023/08/07/jiYnOh.header-2-bg.png
Requested by: Host: brxwetrancm.pages.dev
URL: https://brxwetrancm.pages.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:f907:1:100:9000:9000:945d:5bf4 Vilnius, Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software: nginx/1.22.0 /
Resource Hash: beb2ae0280618ba84b2924eba2d76b2c3115fa83c6b8d6f885272ae99b89288b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://brxwetrancm.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 12:17:22 GMT
last-modified: Mon, 07 Aug 2023 09:19:57 GMT
server: nginx/1.22.0
age: 0
content-type: image/png
access-control-expose-headers: Content-Disposition
cache-control: max-age=3600, public
content-disposition: inline; filename="jiYnOh.header-2-bg.png"
accept-ranges: bytes
content-length: 786533
expires: Fri, 13 Oct 2023 13:17:22 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| olafatob object| app

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

brxwetrancm.pages.dev
i.im.ge
2606:4700:310c::ac42:2f34
2a06:f907:1:100:9000:9000:945d:5bf4
0ef1f496381808e2e8e2d21e98561be5f835030b6fbbd1b32c64da06c61503c6
30d84c26f486f53d5af261be097428c5e03f9d1d040544b127320b7fb1858880
37c42566bc4db07ac71232a6df4dedfc449271a88b4840f4e6b2a7a08e310f40
6cd368cc9f1a88720a6462130e7e91522b4e808e264097dcf64d68d4b94d9d29
905c3bab4f75ac6a5fc5db1239a37b01b63798cb797f18a1ab6b5f85341f5b1b
baac93855451e14898a6b5aaf78da07ffa9b61bb4d75c3a5353b18bb6660eab5
bbf4872ae034e63c60e870e0f7aa969d565213fd85a59509d5c8b2803a197d0e
beb2ae0280618ba84b2924eba2d76b2c3115fa83c6b8d6f885272ae99b89288b
da8c1c6a316da251fa060d99ff0d86c9b32a237eadab5555b866c19dd78c479a

brxwetrancm.pages.dev Open in urlscan Pro 2606:4700:310c::ac42:2f34 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

9 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

1975 kBTransfer

1985 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

brxwetrancm.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2f34 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1975 kB
Transfer

1985 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!