christianetresca.com.br Open in urlscan Pro
192.185.215.85 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://christianetresca.com.br/christiamewetransee/wetransffeeee-sslh0409-red-rectfy/download-files.html?email=m***@n**.dk
Submission: On August 23 via api (August 23rd 2024, 7:43:59 pm UTC) from US — Scanned from CA

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 192.185.215.85, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is christianetresca.com.br.
TLS certificate: Issued by R10 on August 13th 2024. Valid for: 3 months.

This is the only time christianetresca.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	192.185.215.85 192.185.215.85	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
7	151.101.66.132 151.101.66.132	54113 (FASTLY) (FASTLY)
8	3

1 192.185.215.85 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: srv16-ip13.prodns.com.br

christianetresca.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.66.132 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.glitch.global	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	glitch.global cdn.glitch.global — Cisco Umbrella Rank: 432012	2 MB
1	christianetresca.com.br christianetresca.com.br	445 KB
8	2

	Domain	Requested by
7	cdn.glitch.global	christianetresca.com.br
1	christianetresca.com.br
8	2

This site contains no links.

Subject Issuer	Validity	Valid
christianetresca.com.br R10	`2024-08-13` - `2024-11-11`	3 months	crt.sh
cdn.glitch.global R11	`2024-07-29` - `2024-10-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://christianetresca.com.br/christiamewetransee/wetransffeeee-sslh0409-red-rectfy/download-files.html?email=m***@n**.dk
Frame ID: FAA550782339816C0AB5D304A7615970
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WeTransfer

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

1992 kB
Transfer

2590 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request download-files.html Show response
christianetresca.com.br/christiamewetransee/wetransffeeee-sslh0409-red-rectfy/ 624 KB
445 KB 742ms
96ms Document
text/html 192.185.215.85
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://christianetresca.com.br/christiamewetransee/wetransffeeee-sslh0409-red-rectfy/download-files.html?email=m***@n**.dk
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.215.85 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: srv16-ip13.prodns.com.br
Software: Apache /
Resource Hash: 53714c458d597497f918f90fc08730dd0f3c7f6c523667bf7834baa66d3742c4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: none
content-encoding: gzip
content-type: text/html
date: Fri, 23 Aug 2024 19:43:44 GMT
last-modified: Wed, 26 Jun 2024 05:06:19 GMT
server: Apache
vary: Accept-Encoding

GET
H2 200 header.png
cdn.glitch.global/8767037f-84cf-4fc8-a1d2-a04427e38169/ 582 KB
582 KB 128ms
42ms Image
image/png 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.global/8767037f-84cf-4fc8-a1d2-a04427e38169/header.png

Requested by

Host: christianetresca.com.br
URL: https://christianetresca.com.br/christiamewetransee/wetransffeeee-sslh0409-red-rectfy/download-files.html?email=m***@n**.dk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.132 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6cd368cc9f1a88720a6462130e7e91522b4e808e264097dcf64d68d4b94d9d29

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

Referer: https://christianetresca.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: script-src 'none'
via: 1.1 varnish, 1.1 varnish
date: Fri, 23 Aug 2024 19:43:45 GMT
x-amz-request-id: 1GPVJZNG2F1SZ78A
age: 1532726
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 595687
x-amz-id-2: b3L/r/+c4v/7c2tPj31plL3aqvezW6vxYLgJIN82mRox2SFkC1U1TaIfbjgJ4DFz/bsT4qav/M4=
x-served-by: cache-iad-kcgs7200114-IAD, cache-yul1970025-YUL
last-modified: Tue, 14 Mar 2023 15:29:01 GMT
server: AmazonS3
x-timer: S1724442225.384069,VS0,VE1
etag: "d5a915ab17846a8cf140b4b28e42dff2"
access-control-allow-methods: GET, HEAD, POST
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 167, 0

GET
H2 200 logo.png
cdn.glitch.global/9a7f7e0b-c97c-4c83-8eb6-af3c4a10fd57/ 38 KB
38 KB 104ms
19ms Image
image/png 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.global/9a7f7e0b-c97c-4c83-8eb6-af3c4a10fd57/logo.png

Requested by

Host: christianetresca.com.br
URL: https://christianetresca.com.br/christiamewetransee/wetransffeeee-sslh0409-red-rectfy/download-files.html?email=m***@n**.dk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.132 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

37c42566bc4db07ac71232a6df4dedfc449271a88b4840f4e6b2a7a08e310f40

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

Referer: https://christianetresca.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: script-src 'none'
via: 1.1 varnish, 1.1 varnish
date: Fri, 23 Aug 2024 19:43:45 GMT
x-amz-request-id: G8WPXHE36RK14CMC
age: 1333809
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 38702
x-amz-id-2: Z6XyWEjrFNzqz18XQgHx5x6bXcZTezuDP4/5EXrXcskE+/P57UWWwVGh8TNolaa8FUyk1o5nAwZRf5YgHF5m+T0oVGI72YH4
x-served-by: cache-iad-kjyo7100129-IAD, cache-yul1970025-YUL
last-modified: Tue, 14 Mar 2023 09:57:41 GMT
server: AmazonS3
x-timer: S1724442225.384053,VS0,VE0
etag: "7fa9a1d6f08f40ba0a9caeceb1dea5e0"
access-control-allow-methods: GET, HEAD, POST
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 147, 6

GET
H2 200 xls-icon.png
cdn.glitch.global/2320f642-612e-42bb-913c-f646e55193a7/ 17 KB
17 KB 103ms
19ms Image
image/png 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.global/2320f642-612e-42bb-913c-f646e55193a7/xls-icon.png?v=1674487819317

Requested by

Host: christianetresca.com.br
URL: https://christianetresca.com.br/christiamewetransee/wetransffeeee-sslh0409-red-rectfy/download-files.html?email=m***@n**.dk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.132 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

da8c1c6a316da251fa060d99ff0d86c9b32a237eadab5555b866c19dd78c479a

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

Referer: https://christianetresca.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: script-src 'none'
via: 1.1 varnish, 1.1 varnish
date: Fri, 23 Aug 2024 19:43:45 GMT
x-amz-request-id: H94BZDJXCYK98WW0
age: 591212
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 16984
x-amz-id-2: 3rQqYGumxSSF0XDZrf6mH/PC+UjbrMBOm3YKIw+XZdozuq/kACJK2MXtlYPDqih7Tocn7D8uHpg=
x-served-by: cache-iad-kiad7000167-IAD, cache-yul1970025-YUL
last-modified: Mon, 23 Jan 2023 15:30:19 GMT
server: AmazonS3
x-timer: S1724442225.384010,VS0,VE0
etag: "80542496f8630974c69767c6c7138990"
access-control-allow-methods: GET, HEAD, POST
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 91, 5

GET
H2 200 pdf-icon.png
cdn.glitch.global/2320f642-612e-42bb-913c-f646e55193a7/ 12 KB
12 KB 124ms
40ms Image
image/png 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.global/2320f642-612e-42bb-913c-f646e55193a7/pdf-icon.png

Requested by

Host: christianetresca.com.br
URL: https://christianetresca.com.br/christiamewetransee/wetransffeeee-sslh0409-red-rectfy/download-files.html?email=m***@n**.dk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.132 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

0ef1f496381808e2e8e2d21e98561be5f835030b6fbbd1b32c64da06c61503c6

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

Referer: https://christianetresca.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: script-src 'none'
via: 1.1 varnish, 1.1 varnish
date: Fri, 23 Aug 2024 19:43:45 GMT
x-amz-request-id: JWHB74VRJPPZCV1D
age: 252584
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 12179
x-amz-id-2: 6zgMzykHOnYwWx8ElCDcGOJAw+HqeDvQF/aino7DlOEPL+iHRg+jtP13lgdgVw4Muy2kUArfdvlopjnf88T0D41ikHvZs3lp
x-served-by: cache-iad-kcgs7200052-IAD, cache-yul1970025-YUL
last-modified: Mon, 23 Jan 2023 03:01:45 GMT
server: AmazonS3
x-timer: S1724442225.383794,VS0,VE1
etag: "81026b3739b5a00a4af2dd9ab234bcaf"
access-control-allow-methods: GET, HEAD, POST
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 86, 0

GET
H2 200 png-icon.png
cdn.glitch.global/2320f642-612e-42bb-913c-f646e55193a7/ 2 KB
2 KB 101ms
19ms Image
image/png 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.global/2320f642-612e-42bb-913c-f646e55193a7/png-icon.png?v=1674487820011

Requested by

Host: christianetresca.com.br
URL: https://christianetresca.com.br/christiamewetransee/wetransffeeee-sslh0409-red-rectfy/download-files.html?email=m***@n**.dk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.132 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

30d84c26f486f53d5af261be097428c5e03f9d1d040544b127320b7fb1858880

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

Referer: https://christianetresca.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: script-src 'none'
via: 1.1 varnish, 1.1 varnish
date: Fri, 23 Aug 2024 19:43:45 GMT
x-amz-request-id: K4Z4R65E9JSZSAPG
age: 137046
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 2065
x-amz-id-2: FM2IQ/ksU38NFb6nzX6lSkPRmyLYADfJp5WNkdCfrtVWVwsUQuzIl19TkPHcK/qEnoS7vwSdWIyDsa+OSHthwYixwFFPqIKOlScDRAkS1F0=
x-served-by: cache-iad-kiad7000069-IAD, cache-yul1970025-YUL
last-modified: Mon, 23 Jan 2023 15:30:20 GMT
server: AmazonS3
x-timer: S1724442225.384033,VS0,VE0
etag: "229afa898db5e6d1691a7424f1962e03"
access-control-allow-methods: GET, HEAD, POST
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 84, 4

GET
H2 200 logo.png
cdn.glitch.global/8767037f-84cf-4fc8-a1d2-a04427e38169/ 125 KB
126 KB 135ms
54ms Image
image/png 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.global/8767037f-84cf-4fc8-a1d2-a04427e38169/logo.png

Requested by

Host: christianetresca.com.br
URL: https://christianetresca.com.br/christiamewetransee/wetransffeeee-sslh0409-red-rectfy/download-files.html?email=m***@n**.dk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.132 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

baac93855451e14898a6b5aaf78da07ffa9b61bb4d75c3a5353b18bb6660eab5

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

Referer: https://christianetresca.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: script-src 'none'
via: 1.1 varnish, 1.1 varnish
date: Fri, 23 Aug 2024 19:43:45 GMT
x-amz-request-id: 9C09G5FHFFJSWZYK
age: 633323
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 128338
x-amz-id-2: rYSWSjNQu12BKU1ieGuJAK7ftvkg/jrNa+6dA7EDVD2MHwTaNJj0nOvYode6UnUXxyhSKuJAkLwWFUqTCPKhCawMo17dWiMWiwCN04/l00E=
x-served-by: cache-iad-kiad7000075-IAD, cache-yul1970025-YUL
last-modified: Tue, 14 Mar 2023 15:29:11 GMT
server: AmazonS3
x-timer: S1724442225.384231,VS0,VE1
etag: "3b5b6359339cae31e66ea9c165476c1c"
access-control-allow-methods: GET, HEAD, POST
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 103, 0

GET
DATA 200
OK truncated
/ 423 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bbf4872ae034e63c60e870e0f7aa969d565213fd85a59509d5c8b2803a197d0e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 header-2-bg.png
cdn.glitch.global/8767037f-84cf-4fc8-a1d2-a04427e38169/ 768 KB
769 KB 48ms
47ms Image
image/png 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.global/8767037f-84cf-4fc8-a1d2-a04427e38169/header-2-bg.png

Requested by

Host: christianetresca.com.br
URL: https://christianetresca.com.br/christiamewetransee/wetransffeeee-sslh0409-red-rectfy/download-files.html?email=m***@n**.dk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.132 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

beb2ae0280618ba84b2924eba2d76b2c3115fa83c6b8d6f885272ae99b89288b

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

Referer: https://christianetresca.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: script-src 'none'
via: 1.1 varnish, 1.1 varnish
date: Fri, 23 Aug 2024 19:43:45 GMT
x-amz-request-id: 1GPQB6GTKB6CNWK5
age: 1992199
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 786533
x-amz-id-2: FmGZuM5tcPjeYPnFDsKfXsPRCA0nrspQU6xFBeM5OcaxzBZ6mM1ATUZj7Lu459pCyMw1BVnwcDZwOWKdQJ5tAvc0P3XUaQ7i
x-served-by: cache-iad-kiad7000145-IAD, cache-yul1970025-YUL
last-modified: Tue, 14 Mar 2023 15:29:06 GMT
server: AmazonS3
x-timer: S1724442225.407978,VS0,VE1
etag: "c1a29e95752f147302db438fa03517bb"
access-control-allow-methods: GET, HEAD, POST
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 184, 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| olafatob

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://christianetresca.com.br/christiamewetransee/wetransffeeee-sslh0409-red-rectfy/download-files.html?email=m*@n.dk Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.glitch.global
christianetresca.com.br
151.101.66.132
192.185.215.85
0ef1f496381808e2e8e2d21e98561be5f835030b6fbbd1b32c64da06c61503c6
30d84c26f486f53d5af261be097428c5e03f9d1d040544b127320b7fb1858880
37c42566bc4db07ac71232a6df4dedfc449271a88b4840f4e6b2a7a08e310f40
53714c458d597497f918f90fc08730dd0f3c7f6c523667bf7834baa66d3742c4
6cd368cc9f1a88720a6462130e7e91522b4e808e264097dcf64d68d4b94d9d29
baac93855451e14898a6b5aaf78da07ffa9b61bb4d75c3a5353b18bb6660eab5
bbf4872ae034e63c60e870e0f7aa969d565213fd85a59509d5c8b2803a197d0e
beb2ae0280618ba84b2924eba2d76b2c3115fa83c6b8d6f885272ae99b89288b
da8c1c6a316da251fa060d99ff0d86c9b32a237eadab5555b866c19dd78c479a

christianetresca.com.br Open in urlscan Pro 192.185.215.85 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

1992 kBTransfer

2590 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

christianetresca.com.br Open in urlscan Pro
192.185.215.85 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

1992 kB
Transfer

2590 kB
Size

0
Cookies

8 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!