![](/screenshots/0437f10b-eed0-46a2-b340-6debda06aaf9.png)
teamschweizsbb.sviluppo.host
Open in
urlscan Pro
149.62.187.89
Malicious Activity!
Public Scan
Effective URL: https://teamschweizsbb.sviluppo.host/cf/Entry.php
Submission: On June 14 via automatic, source openphish — Scanned from IT
Summary
TLS certificate: Issued by R3 on May 29th 2024. Valid for: 3 months.
This is the only time teamschweizsbb.sviluppo.host was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Schweizerische Bundesbahnen (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 149.62.187.89 149.62.187.89 | 47242 (COLTENGIN...) (COLTENGINE COLTENGINE Network) | |
4 | 2a06:98c1:320... 2a06:98c1:3200::90:83 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 2 |
ASN47242 (COLTENGINE COLTENGINE Network, IT)
PTR: w3008.shared.host.it
teamschweizsbb.sviluppo.host |
ASN13335 (CLOUDFLARENET, US)
login.swisspass.ch | |
resources.swisspass.ch |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
sviluppo.host
teamschweizsbb.sviluppo.host |
161 KB |
4 |
swisspass.ch
login.swisspass.ch — Cisco Umbrella Rank: 285089 resources.swisspass.ch |
219 KB |
14 | 2 |
Domain | Requested by | |
---|---|---|
10 | teamschweizsbb.sviluppo.host |
teamschweizsbb.sviluppo.host
|
3 | login.swisspass.ch |
teamschweizsbb.sviluppo.host
|
1 | resources.swisspass.ch |
teamschweizsbb.sviluppo.host
|
14 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
teamschweizsbb.sviluppo.host R3 |
2024-05-29 - 2024-08-27 |
3 months | crt.sh |
swisspass.ch SwissSign RSA TLS DV ICA 2022 - 1 |
2024-03-14 - 2025-03-14 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://teamschweizsbb.sviluppo.host/cf/Entry.php
Frame ID: 6E553113CCE23FDDB9CE026C69028280
Requests: 13 HTTP requests in this frame
Frame:
https://teamschweizsbb.sviluppo.host/cf/userapp_files/saved_resource.html
Frame ID: 95F9E411A95116A380D72BF1A01BA269
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/0437f10b-eed0-46a2-b340-6debda06aaf9.png)
Page Title
Login | SwissPassPage URL History Show full URLs
-
http://teamschweizsbb.sviluppo.host/cf/Entry.php
HTTP 307
https://teamschweizsbb.sviluppo.host/cf/Entry.php Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
![](/vendor/wappa/icons/OneTrust.png)
Detected patterns
- otSDKStub\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://teamschweizsbb.sviluppo.host/cf/Entry.php
HTTP 307
https://teamschweizsbb.sviluppo.host/cf/Entry.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Entry.php
teamschweizsbb.sviluppo.host/cf/ Redirect Chain
|
131 KB 25 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otSDKStub.js
teamschweizsbb.sviluppo.host/cf/userapp_files/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.8501c3a64c32c7c4.css
teamschweizsbb.sviluppo.host/cf/userapp_files/ |
177 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
otBannerSdk.js
teamschweizsbb.sviluppo.host/cf/userapp_files/ |
442 KB 102 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
saved_resource.html
teamschweizsbb.sviluppo.host/cf/userapp_files/ Frame 95F9 |
198 B 264 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.png
teamschweizsbb.sviluppo.host/cf/userapp_files/ |
548 B 597 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_text_de-20200819.svg
login.swisspass.ch/resources/img/ |
137 KB 18 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-20200819.svg
login.swisspass.ch/resources/img/ |
7 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
OneTrust_SwissPass_logo_mobile.png
teamschweizsbb.sviluppo.host/cf/userapp_files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
powered_by_logo.svg
teamschweizsbb.sviluppo.host/cf/userapp_files/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_bg.jpg
resources.swisspass.ch/content/dam/swisspass/co-branding/swiss_ch/ |
196 KB 197 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
SBBWeb-Light.3f0cdd23274e17f7.woff2
teamschweizsbb.sviluppo.host/cf/userapp_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json
teamschweizsbb.sviluppo.host/cf/userapp_files/otSDKStub.js/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/ |
1 KB 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
login.swisspass.ch/v3/oevlogin/ui/assets/custom/img/ |
1 KB 365 B |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Schweizerische Bundesbahnen (Transportation)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 undefined| event object| fence object| sharedStorage object| OneTrustStub1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.swisspass.ch/ | Name: __cf_bm Value: iosydz5O5w.F2ar1tFgLIBtjwjtFQ3GauvN7Ec4Lwso-1718370878-1.0.1.1-3Dwgs1TNP9sFBtEq5i9ziKgrzRNLhUpJNKJ5eVkd.fXQmgUePKjEVTwOlQkwkqWUTjNjq0NpdDcLBZ6gS_vUvA |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.swisspass.ch
resources.swisspass.ch
teamschweizsbb.sviluppo.host
149.62.187.89
2a06:98c1:3200::90:83
15de250a16ce58a10f84bebab59b9005ce36df4ec8e87c3bb1acc92726cfa971
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896
58a037c0bde953b48561826f3df16031f7ddfce33c4018619d3f39c6af6eec1b
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
729063f305e6efcd4a5eac69b799c96da4403fc5f082219d68f824b66213402d
7a036d721a3bbb21568fa68822dfb58ab04cc78a274c6608590440becb307ec9
7c1925da382279a72f94990d0a1456f78918619f35780ea0905e4ae0db684677
8e12bf257a56e15f5cb4fcc36e706ae4615dc43b497e24933a52886fc15587a1
92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909
e42fe383c86ab1185425bf334a44f9a311dd06d8ccf9e409d05b45dbe0bc48c6
f2f0d94a5141a75ef227f2699b6a43588741ede3edd2fe2d075a65b3d413b2f8