urlscan.io logo urlscan.io
SecurityTrails logo

identity.spcweb.ch Open in urlscan Pro
217.193.132.55  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://identity.spcweb.ch/
Effective URL: https://identity.spcweb.ch/
Submission: On July 12 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 5 HTTP transactions. The main IP is 217.193.132.55, located in Bolligen, Switzerland and belongs to SWISSCOM Swisscom Switzerland Ltd, CH. The main domain is identity.spcweb.ch.
TLS certificate: Issued by SwissSign RSA TLS OV ICA 2021 - 1 on March 2nd 2022. Valid for: a year.
This is the only time identity.spcweb.ch was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Swiss Post (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 4 217.193.132.55 3303 (SWISSCOM ...)
2 217.193.132.53 3303 (SWISSCOM ...)
5 2
Apex Domain
Subdomains		 Transfer
4 spcweb.ch
identity.spcweb.ch
2 MB
2 eoscop.com
repo.eoscop.com
524 KB
5 2
Domain Requested by
4 identity.spcweb.ch 1 redirects identity.spcweb.ch
2 repo.eoscop.com identity.spcweb.ch
5 2

This site contains no links.

Subject Issuer Validity Valid
*.spcweb.ch
SwissSign RSA TLS OV ICA 2021 - 1		 2022-03-02 -
2023-03-02		 a year crt.sh
*.eoscop.com
SwissSign RSA TLS DV ICA 2021 - 1		 2022-01-18 -
2023-01-18		 a year crt.sh

This page contains 1 frames:

Primary Page: https://identity.spcweb.ch/
Frame ID: 7A91F066B517C3E1BF4BEFB90E1E1F0A
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log in - Post Identity

Page URL History Show full URLs

  1. http://identity.spcweb.ch/ HTTP 302
    https://identity.spcweb.ch/ Page URL

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

2742 kB
Transfer

6760 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://identity.spcweb.ch/ HTTP 302
    https://identity.spcweb.ch/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
identity.spcweb.ch/
Redirect Chain
  • http://identity.spcweb.ch/
  • https://identity.spcweb.ch/
9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://identity.spcweb.ch/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
217.193.132.55 Bolligen, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
ce542eed2f234965f42457929ffc61a36a95e4f97a393cbc0dd3bccd43839e96
Security Headers
Name Value
Content-Security-Policy default-src 'none'; upgrade-insecure-requests; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; script-src 'self' 'nonce-ocHW1CaPqA6wQUaBwjWZz+SKpN9KBDQIp/TIw0uQgH4='; style-src 'self' 'nonce-ocHW1CaPqA6wQUaBwjWZz+SKpN9KBDQIp/TIw0uQgH4='; font-src 'self'; img-src 'self' https://repo.eoscop.com;
Strict-Transport-Security max-age=157680000
X-Content-Security-Policy default-src 'none'; upgrade-insecure-requests; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; script-src 'self' 'nonce-ocHW1CaPqA6wQUaBwjWZz+SKpN9KBDQIp/TIw0uQgH4='; style-src 'self' 'nonce-ocHW1CaPqA6wQUaBwjWZz+SKpN9KBDQIp/TIw0uQgH4='; font-src 'self'; img-src 'self' https://repo.eoscop.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-cache, no-store
content-encoding
gzip
content-security-policy
default-src 'none'; upgrade-insecure-requests; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; script-src 'self' 'nonce-ocHW1CaPqA6wQUaBwjWZz+SKpN9KBDQIp/TIw0uQgH4='; style-src 'self' 'nonce-ocHW1CaPqA6wQUaBwjWZz+SKpN9KBDQIp/TIw0uQgH4='; font-src 'self'; img-src 'self' https://repo.eoscop.com;
content-type
text/html; charset=utf-8
date
Tue, 12 Jul 2022 17:02:30 GMT
pragma
no-cache
referrer-policy
origin-when-cross-origin
server
Microsoft-IIS/10.0
strict-transport-security
max-age=157680000
vary
Accept-Encoding
x-content-security-policy
default-src 'none'; upgrade-insecure-requests; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; script-src 'self' 'nonce-ocHW1CaPqA6wQUaBwjWZz+SKpN9KBDQIp/TIw0uQgH4='; style-src 'self' 'nonce-ocHW1CaPqA6wQUaBwjWZz+SKpN9KBDQIp/TIw0uQgH4='; font-src 'self'; img-src 'self' https://repo.eoscop.com;
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
ASP.NET

Redirect headers

Cache-Control
no-cache
Connection
close
Location
https://identity.spcweb.ch/
Pragma
no-cache
vendors.css
identity.spcweb.ch/css/ 		737 KB
155 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://identity.spcweb.ch/css/vendors.css
Requested by
Host: identity.spcweb.ch
URL: https://identity.spcweb.ch/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
217.193.132.55 Bolligen, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
ce4af8607e0c61389390fe3d523cbd151e186512aa6c627cd04f26b52ff3f8b9
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://identity.spcweb.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 12 Jul 2022 17:02:30 GMT
content-encoding
gzip
last-modified
Sat, 21 May 2022 06:16:06 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"1d86cda4138156b"
vary
Accept-Encoding
content-type
text/css
strict-transport-security
max-age=157680000
accept-ranges
bytes
vendors.js
identity.spcweb.ch/js/ 		5 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://identity.spcweb.ch/js/vendors.js
Requested by
Host: identity.spcweb.ch
URL: https://identity.spcweb.ch/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
217.193.132.55 Bolligen, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
05323c7268b5ae5e37e70f75d067ef19376654b8a57d451596d9766554a8a4b2
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://identity.spcweb.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 12 Jul 2022 17:02:30 GMT
content-encoding
gzip
last-modified
Sat, 21 May 2022 06:16:06 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"1d86cda41664714"
vary
Accept-Encoding
content-type
application/javascript
strict-transport-security
max-age=157680000
accept-ranges
bytes
post-en.svg
repo.eoscop.com/img/logos/post/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://repo.eoscop.com/img/logos/post/post-en.svg
Requested by
Host: identity.spcweb.ch
URL: https://identity.spcweb.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.193.132.53 Bolligen, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
eosServer /
Resource Hash
cf9b8c23e2269918ceb66f0777ce7a4ca2ee7ca0c101db8758e6a3870ac5bfc6
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://identity.spcweb.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 12 Jul 2022 17:02:32 GMT
Last-Modified
Mon, 18 Dec 2017 10:52:10 GMT
Server
eosServer
ETag
"029fb40ee77d31:0"
Strict-Transport-Security
max-age=157680000
Access-Control-Allow-Methods
GET
Content-Type
image/svg+xml
Cache-Control
no-cache
Accept-Ranges
bytes
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
3101
2.jpg
repo.eoscop.com/img/backgrounds/ 		520 KB
520 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://repo.eoscop.com/img/backgrounds/2.jpg
Requested by
Host: identity.spcweb.ch
URL: https://identity.spcweb.ch/css/vendors.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.193.132.53 Bolligen, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
eosServer /
Resource Hash
9e1b287548665268d6a2a77fb9459978d837ec68cf1aff531bba08ed701526df
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://identity.spcweb.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 12 Jul 2022 17:02:32 GMT
Last-Modified
Fri, 07 Jun 2019 06:58:44 GMT
Server
eosServer
ETag
"02a2b72fe1cd51:0"
Strict-Transport-Security
max-age=157680000
Access-Control-Allow-Methods
GET
Content-Type
image/jpeg
Cache-Control
no-cache
Accept-Ranges
bytes
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
532393

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Swiss Post (Transportation)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| FontAwesomeConfig function| $ function| jQuery object| DevExpress object| bootstrap object| ___FONT_AWESOME___ object| FontAwesome function| Submit

1 Cookies

Domain/Path Name / Value
identity.spcweb.ch/ Name: .AspNetCore.Antiforgery.5WSfKRMxm6k
Value: CfDJ8Jhf5NZkondAvUxhuK5g6Vh0wxMdp1aW-LIZYKSYHBGkGIKcKZMzSbbIvOusi52DTwu_Gi4AysCEn99gBGQjSIgjemJuTbjb5c9s6ScoUneSuWEslQvNI4-YDEo6nzpBFc1lSdtnF6qL-a5_q8CEnNM

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; upgrade-insecure-requests; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; script-src 'self' 'nonce-ocHW1CaPqA6wQUaBwjWZz+SKpN9KBDQIp/TIw0uQgH4='; style-src 'self' 'nonce-ocHW1CaPqA6wQUaBwjWZz+SKpN9KBDQIp/TIw0uQgH4='; font-src 'self'; img-src 'self' https://repo.eoscop.com;
Strict-Transport-Security max-age=157680000
X-Content-Security-Policy default-src 'none'; upgrade-insecure-requests; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; script-src 'self' 'nonce-ocHW1CaPqA6wQUaBwjWZz+SKpN9KBDQIp/TIw0uQgH4='; style-src 'self' 'nonce-ocHW1CaPqA6wQUaBwjWZz+SKpN9KBDQIp/TIw0uQgH4='; font-src 'self'; img-src 'self' https://repo.eoscop.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN