dashboard.xn--brx-cma.com Open in urlscan Pro Puny
dashboard.bréx.com IDN
198.187.29.144 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://dashboard.xn--brx-cma.com/login.html
Submission Tags: falconsandbox
Submission: On August 12 via api (August 12th 2021, 4:26:01 am UTC) from US

Summary HTTP 9 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 198.187.29.144, located in United States and belongs to NAMECHEAP-NET, US. The main domain is dashboard.xn--brx-cma.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 5th 2021. Valid for: a year.

This is the only time dashboard.xn--brx-cma.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Brex (Financial)

Domain & IP information

	IP Address	AS Autonomous System
7	198.187.29.144 198.187.29.144	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	109.236.91.3 109.236.91.3	49981 (WORLDSTREAM) (WORLDSTREAM)
9	3

7 198.187.29.144 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: server127-3.web-hosting.com

dashboard.xn--brx-cma.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 109.236.91.3 (Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: customer.worldstream.nl

extreme-ip-lookup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	xn--brx-cma.com dashboard.xn--brx-cma.com	72 KB
1	extreme-ip-lookup.com extreme-ip-lookup.com	520 B
1	jquery.com code.jquery.com	30 KB
9	3

	Domain	Requested by
7	dashboard.xn--brx-cma.com	dashboard.xn--brx-cma.com
1	extreme-ip-lookup.com	dashboard.xn--brx-cma.com
1	code.jquery.com	dashboard.xn--brx-cma.com
9	3

This site contains links to these domains. Also see Links.

Domain
login-brex.club
dashboard.brex.com
brex.com

Subject Issuer	Validity	Valid
dashboard.xn--brx-cma.com Sectigo RSA Domain Validation Secure Server CA	`2021-08-05` - `2022-08-05`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
t1.extreme-dm.com R3	`2021-05-31` - `2021-08-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://dashboard.xn--brx-cma.com/login.html
Frame ID: 88E3CABAD5002F8026BBEBA451196B3B
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Page Statistics

9
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

103 kB
Transfer

439 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://login-brex.club/
Title:

Search URL Search Domain Scan URL

URL: https://dashboard.brex.com/forgot-password
Title: Forgot password

Search URL Search Domain Scan URL

URL: https://brex.com/legal
Title: Brex Platform Agreement

Search URL Search Domain Scan URL

URL: https://brex.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request login.html Show response dashboard.xn--brx-cma.com/	28 KB 6 KB	512ms 173ms	Document text/html	198.187.29.144 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://dashboard.xn--brx-cma.com/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.187.29.144 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server127-3.web-hosting.com Software LiteSpeed / Resource Hash `656921e7efc6dc3cc936114db64dc178dbfe5fa152b5de51570480a197e29ec0` Request headers :method GET :authority dashboard.xn--brx-cma.com :scheme https :path /login.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers content-type text/html last-modified Tue, 10 Aug 2021 16:05:41 GMT accept-ranges bytes content-encoding br vary Accept-Encoding content-length 6157 date Thu, 12 Aug 2021 04:25:41 GMT server LiteSpeed x-turbo-charged-by LiteSpeed
GET H2	200	application.css dashboard.xn--brx-cma.com/LOGIN_PASSWORD_files/	20 KB 5 KB	159ms 157ms	Stylesheet text/css	198.187.29.144 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://dashboard.xn--brx-cma.com/LOGIN_PASSWORD_files/application.css Requested by Host: dashboard.xn--brx-cma.com URL: https://dashboard.xn--brx-cma.com/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.187.29.144 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server127-3.web-hosting.com Software LiteSpeed / Resource Hash `56c6472d63fa2b04ade5bdf3d10dd7f302e77e394b36479f13e92486bca40ec5` Request headers :path /LOGIN_PASSWORD_files/application.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority dashboard.xn--brx-cma.com referer https://dashboard.xn--brx-cma.com/login.html :scheme https sec-fetch-site same-origin :method GET Referer https://dashboard.xn--brx-cma.com/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 12 Aug 2021 04:25:41 GMT content-encoding br last-modified Tue, 10 Aug 2021 16:05:46 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 4658 expires Thu, 19 Aug 2021 04:25:41 GMT
GET H2	200	hco_fonts.css dashboard.xn--brx-cma.com/LOGIN_PASSWORD_files/	3 KB 835 B	159ms 158ms	Stylesheet text/css	198.187.29.144 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://dashboard.xn--brx-cma.com/LOGIN_PASSWORD_files/hco_fonts.css Requested by Host: dashboard.xn--brx-cma.com URL: https://dashboard.xn--brx-cma.com/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.187.29.144 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server127-3.web-hosting.com Software LiteSpeed / Resource Hash `ce0dceb10321b6ea2b7675df79c5f6a3fbbbd0bf1891bab9f4946745f4bcf67b` Request headers :path /LOGIN_PASSWORD_files/hco_fonts.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority dashboard.xn--brx-cma.com referer https://dashboard.xn--brx-cma.com/login.html :scheme https sec-fetch-site same-origin :method GET Referer https://dashboard.xn--brx-cma.com/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 12 Aug 2021 04:25:41 GMT content-encoding br last-modified Tue, 10 Aug 2021 16:05:46 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 606 expires Thu, 19 Aug 2021 04:25:41 GMT
GET H2	200	aeroport.css dashboard.xn--brx-cma.com/LOGIN_PASSWORD_files/	144 B 352 B	159ms 158ms	Stylesheet text/css	198.187.29.144 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://dashboard.xn--brx-cma.com/LOGIN_PASSWORD_files/aeroport.css Requested by Host: dashboard.xn--brx-cma.com URL: https://dashboard.xn--brx-cma.com/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.187.29.144 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server127-3.web-hosting.com Software LiteSpeed / Resource Hash `bc822f424824d59916c7d141a8a3a3ee6a387390987c3cb82abe28beb9029b55` Request headers :path /LOGIN_PASSWORD_files/aeroport.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority dashboard.xn--brx-cma.com referer https://dashboard.xn--brx-cma.com/login.html :scheme https sec-fetch-site same-origin :method GET Referer https://dashboard.xn--brx-cma.com/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 12 Aug 2021 04:25:41 GMT last-modified Tue, 10 Aug 2021 16:05:46 GMT server LiteSpeed content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 144 expires Thu, 19 Aug 2021 04:25:41 GMT
GET H2	200	okta-sign-in.min.css dashboard.xn--brx-cma.com/LOGIN_PASSWORD_files/	199 KB 26 KB	326ms 325ms	Stylesheet text/css	198.187.29.144 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://dashboard.xn--brx-cma.com/LOGIN_PASSWORD_files/okta-sign-in.min.css Requested by Host: dashboard.xn--brx-cma.com URL: https://dashboard.xn--brx-cma.com/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.187.29.144 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server127-3.web-hosting.com Software LiteSpeed / Resource Hash `5d70a5d7d124e0733abf9ff6578057f370639d3207f7b36d7413bdaeab146e1c` Request headers :path /LOGIN_PASSWORD_files/okta-sign-in.min.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority dashboard.xn--brx-cma.com referer https://dashboard.xn--brx-cma.com/login.html :scheme https sec-fetch-site same-origin :method GET Referer https://dashboard.xn--brx-cma.com/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 12 Aug 2021 04:25:41 GMT content-encoding br last-modified Tue, 10 Aug 2021 16:05:46 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 26842 expires Thu, 19 Aug 2021 04:25:41 GMT
GET H2	200	jquery-3.6.0.min.js Show response code.jquery.com/	87 KB 30 KB	22ms 8ms	Script application/javascript	2001:4de0:ac18::1:a:2a HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.0.min.js Requested by Host: dashboard.xn--brx-cma.com URL: https://dashboard.xn--brx-cma.com/login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software nginx / Resource Hash `ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e` Request headers Origin https://dashboard.xn--brx-cma.com Referer https://dashboard.xn--brx-cma.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 12 Aug 2021 04:25:41 GMT content-encoding gzip last-modified Tue, 02 Mar 2021 17:27:20 GMT server nginx etag W/"603e7578-15d9d" vary Accept-Encoding x-hw 1628742341.dop151.fr8.t,1628742341.cds226.fr8.hc,1628742341.cds144.fr8.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 30875
GET H2	200	jquery.min.js Show response dashboard.xn--brx-cma.com/LOGIN_PASSWORD_files/	87 KB 30 KB	476ms 475ms	Script application/javascript	198.187.29.144 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://dashboard.xn--brx-cma.com/LOGIN_PASSWORD_files/jquery.min.js Requested by Host: dashboard.xn--brx-cma.com URL: https://dashboard.xn--brx-cma.com/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.187.29.144 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server127-3.web-hosting.com Software LiteSpeed / Resource Hash `f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d` Request headers :path /LOGIN_PASSWORD_files/jquery.min.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority dashboard.xn--brx-cma.com referer https://dashboard.xn--brx-cma.com/login.html :scheme https sec-fetch-site same-origin :method GET Referer https://dashboard.xn--brx-cma.com/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 12 Aug 2021 04:25:41 GMT content-encoding br last-modified Tue, 10 Aug 2021 16:05:46 GMT server LiteSpeed vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 30280 expires Thu, 19 Aug 2021 04:25:41 GMT
GET H2	200	app.js Show response dashboard.xn--brx-cma.com/LOGIN_PASSWORD_files/	13 KB 3 KB	626ms 625ms	Script application/javascript	198.187.29.144 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://dashboard.xn--brx-cma.com/LOGIN_PASSWORD_files/app.js Requested by Host: dashboard.xn--brx-cma.com URL: https://dashboard.xn--brx-cma.com/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.187.29.144 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server127-3.web-hosting.com Software LiteSpeed / Resource Hash `6d22f0d246bab73f1d94e628cded739d1b07bc5051a5b85a379773fca644a5ce` Request headers :path /LOGIN_PASSWORD_files/app.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority dashboard.xn--brx-cma.com referer https://dashboard.xn--brx-cma.com/login.html :scheme https sec-fetch-site same-origin :method GET Referer https://dashboard.xn--brx-cma.com/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 12 Aug 2021 04:25:41 GMT content-encoding br last-modified Tue, 10 Aug 2021 16:05:46 GMT server LiteSpeed vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 3119 expires Thu, 19 Aug 2021 04:25:41 GMT
GET H2	200	/ Show response extreme-ip-lookup.com/json/	372 B 520 B	48ms 17ms	Fetch application/json	109.236.91.3 WORLDSTREAM
General Check archive.org Show headers Download Go to Full URL https://extreme-ip-lookup.com/json/ Requested by Host: dashboard.xn--brx-cma.com URL: https://dashboard.xn--brx-cma.com/LOGIN_PASSWORD_files/app.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 109.236.91.3 , Netherlands, ASN49981 (WORLDSTREAM, NL), Reverse DNS customer.worldstream.nl Software nginx / Resource Hash `9e99bacc0714f206ff4975e6c1f5cfab7f46827fea459aa0f73cef7c312a2b64` Request headers Referer https://dashboard.xn--brx-cma.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers access-control-allow-origin * date Thu, 12 Aug 2021 04:25:42 GMT cache-control max-age=3600 server nginx access-control-allow-headers * content-length 372 content-type application/json; charset=utf-8;

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Brex (Financial)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
dashboard.xn--brx-cma.com
extreme-ip-lookup.com
109.236.91.3
198.187.29.144
2001:4de0:ac18::1:a:2a
56c6472d63fa2b04ade5bdf3d10dd7f302e77e394b36479f13e92486bca40ec5
5d70a5d7d124e0733abf9ff6578057f370639d3207f7b36d7413bdaeab146e1c
656921e7efc6dc3cc936114db64dc178dbfe5fa152b5de51570480a197e29ec0
6d22f0d246bab73f1d94e628cded739d1b07bc5051a5b85a379773fca644a5ce
9e99bacc0714f206ff4975e6c1f5cfab7f46827fea459aa0f73cef7c312a2b64
bc822f424824d59916c7d141a8a3a3ee6a387390987c3cb82abe28beb9029b55
ce0dceb10321b6ea2b7675df79c5f6a3fbbbd0bf1891bab9f4946745f4bcf67b
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

dashboard.xn--brx-cma.com Open in urlscan Pro Puny dashboard.bréx.com IDN 198.187.29.144 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

103 kBTransfer

439 kBSize

0 Cookies

4 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

18 JavaScript Global Variables

0 Cookies

Indicators

dashboard.xn--brx-cma.com Open in urlscan Pro Puny
dashboard.bréx.com IDN
198.187.29.144 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

103 kB
Transfer

439 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!