identity.spcweb.ch
Open in
urlscan Pro
217.193.132.55
Malicious Activity!
Public Scan
Effective URL: https://identity.spcweb.ch/
Submission: On July 12 via manual from US — Scanned from US
Summary
TLS certificate: Issued by SwissSign RSA TLS OV ICA 2021 - 1 on March 2nd 2022. Valid for: a year.
This is the only time identity.spcweb.ch was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Swiss Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 4 | 217.193.132.55 217.193.132.55 | 3303 (SWISSCOM ...) (SWISSCOM Swisscom Switzerland Ltd) | |
2 | 217.193.132.53 217.193.132.53 | 3303 (SWISSCOM ...) (SWISSCOM Swisscom Switzerland Ltd) | |
5 | 2 |
ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH)
identity.spcweb.ch |
ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH)
repo.eoscop.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
spcweb.ch
1 redirects
identity.spcweb.ch |
2 MB |
2 |
eoscop.com
repo.eoscop.com |
524 KB |
5 | 2 |
Domain | Requested by | |
---|---|---|
4 | identity.spcweb.ch |
1 redirects
identity.spcweb.ch
|
2 | repo.eoscop.com |
identity.spcweb.ch
|
5 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.spcweb.ch SwissSign RSA TLS OV ICA 2021 - 1 |
2022-03-02 - 2023-03-02 |
a year | crt.sh |
*.eoscop.com SwissSign RSA TLS DV ICA 2021 - 1 |
2022-01-18 - 2023-01-18 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://identity.spcweb.ch/
Frame ID: 7A91F066B517C3E1BF4BEFB90E1E1F0A
Requests: 5 HTTP requests in this frame
Screenshot
Page Title
Log in - Post IdentityPage URL History Show full URLs
-
http://identity.spcweb.ch/
HTTP 302
https://identity.spcweb.ch/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://identity.spcweb.ch/
HTTP 302
https://identity.spcweb.ch/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
identity.spcweb.ch/ Redirect Chain
|
9 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors.css
identity.spcweb.ch/css/ |
737 KB 155 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors.js
identity.spcweb.ch/js/ |
5 MB 2 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
post-en.svg
repo.eoscop.com/img/logos/post/ |
3 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.jpg
repo.eoscop.com/img/backgrounds/ |
520 KB 520 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Swiss Post (Transportation)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| FontAwesomeConfig function| $ function| jQuery object| DevExpress object| bootstrap object| ___FONT_AWESOME___ object| FontAwesome function| Submit1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
identity.spcweb.ch/ | Name: .AspNetCore.Antiforgery.5WSfKRMxm6k Value: CfDJ8Jhf5NZkondAvUxhuK5g6Vh0wxMdp1aW-LIZYKSYHBGkGIKcKZMzSbbIvOusi52DTwu_Gi4AysCEn99gBGQjSIgjemJuTbjb5c9s6ScoUneSuWEslQvNI4-YDEo6nzpBFc1lSdtnF6qL-a5_q8CEnNM |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'none'; upgrade-insecure-requests; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; script-src 'self' 'nonce-ocHW1CaPqA6wQUaBwjWZz+SKpN9KBDQIp/TIw0uQgH4='; style-src 'self' 'nonce-ocHW1CaPqA6wQUaBwjWZz+SKpN9KBDQIp/TIw0uQgH4='; font-src 'self'; img-src 'self' https://repo.eoscop.com; |
Strict-Transport-Security | max-age=157680000 |
X-Content-Security-Policy | default-src 'none'; upgrade-insecure-requests; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; script-src 'self' 'nonce-ocHW1CaPqA6wQUaBwjWZz+SKpN9KBDQIp/TIw0uQgH4='; style-src 'self' 'nonce-ocHW1CaPqA6wQUaBwjWZz+SKpN9KBDQIp/TIw0uQgH4='; font-src 'self'; img-src 'self' https://repo.eoscop.com; |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
identity.spcweb.ch
repo.eoscop.com
217.193.132.53
217.193.132.55
05323c7268b5ae5e37e70f75d067ef19376654b8a57d451596d9766554a8a4b2
9e1b287548665268d6a2a77fb9459978d837ec68cf1aff531bba08ed701526df
ce4af8607e0c61389390fe3d523cbd151e186512aa6c627cd04f26b52ff3f8b9
ce542eed2f234965f42457929ffc61a36a95e4f97a393cbc0dd3bccd43839e96
cf9b8c23e2269918ceb66f0777ce7a4ca2ee7ca0c101db8758e6a3870ac5bfc6