kopsipass.wpengine.com
Open in
urlscan Pro
104.199.116.217
Malicious Activity!
Public Scan
Effective URL: http://kopsipass.wpengine.com/good/spass/1.html?home&j-oin-us.x=986020803408b1256c97c7f0f7e225c1986020803408b1256c97c7f0f7e225c1
Submission: On March 04 via api from JP — Scanned from JP
Summary
This is the only time kopsipass.wpengine.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Schweizerische Bundesbahnen (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 65.8.158.66 65.8.158.66 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2404:6800:400... 2404:6800:4004:808::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a04:4e42::282 2a04:4e42::282 | 54113 (FASTLY) (FASTLY) | |
4 | 2600:9000:220... 2600:9000:2201:4800:1c:d937:ae40:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 12 | 104.199.116.217 104.199.116.217 | 15169 (GOOGLE) (GOOGLE) | |
2 | 193.203.121.166 193.203.121.166 | 31004 (SBB-CFF-F...) (SBB-CFF-FFS Telecom SBB) | |
1 | 35.156.102.163 35.156.102.163 | 16509 (AMAZON-02) (AMAZON-02) | |
21 | 7 |
ASN16509 (AMAZON-02, US)
PTR: server-65-8-158-66.sfo53.r.cloudfront.net
limoumla2023.systeme.io |
ASN16509 (AMAZON-02, US)
d3fit27i5nzkqh.cloudfront.net |
ASN15169 (GOOGLE, US)
PTR: 217.116.199.104.bc.googleusercontent.com
kopsipass.wpengine.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-102-163.eu-central-1.compute.amazonaws.com
cdn.app.sbb.ch |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
wpengine.com
1 redirects
kopsipass.wpengine.com |
150 KB |
4 |
cloudfront.net
d3fit27i5nzkqh.cloudfront.net |
388 KB |
2 |
swisspass.ch
www.swisspass.ch — Cisco Umbrella Rank: 390738 |
146 KB |
1 |
sbb.ch
cdn.app.sbb.ch — Cisco Umbrella Rank: 304041 |
14 KB |
1 |
polyfill.io
cdn.polyfill.io — Cisco Umbrella Rank: 2232 |
654 B |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 36 |
1 KB |
1 |
systeme.io
limoumla2023.systeme.io |
288 KB |
21 | 7 |
Domain | Requested by | |
---|---|---|
12 | kopsipass.wpengine.com |
1 redirects
limoumla2023.systeme.io
kopsipass.wpengine.com |
4 | d3fit27i5nzkqh.cloudfront.net |
limoumla2023.systeme.io
|
2 | www.swisspass.ch |
kopsipass.wpengine.com
|
1 | cdn.app.sbb.ch |
kopsipass.wpengine.com
|
1 | cdn.polyfill.io |
limoumla2023.systeme.io
|
1 | fonts.googleapis.com |
limoumla2023.systeme.io
|
1 | limoumla2023.systeme.io | |
21 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
corporatedefenseetl.com |
www.swisspass.ch |
Subject Issuer | Validity | Valid | |
---|---|---|---|
systeme.io Amazon RSA 2048 M01 |
2023-03-02 - 2024-01-24 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-02-08 - 2023-05-03 |
3 months | crt.sh |
polyfill.io GlobalSign Atlas R3 DV TLS CA 2022 Q4 |
2022-12-10 - 2024-01-11 |
a year | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2022-12-08 - 2023-12-07 |
a year | crt.sh |
www.swisspass.ch SwissSign RSA TLS OV ICA 2021 - 1 |
2023-01-09 - 2024-01-09 |
a year | crt.sh |
*.app.sbb.ch Amazon RSA 2048 M01 |
2023-02-10 - 2023-10-14 |
8 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://kopsipass.wpengine.com/good/spass/1.html?home&j-oin-us.x=986020803408b1256c97c7f0f7e225c1986020803408b1256c97c7f0f7e225c1
Frame ID: F6C52E4C78673FA3945378CB82C69BC5
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
Login | SwissPassPage URL History Show full URLs
- https://limoumla2023.systeme.io/ Page URL
-
https://kopsipass.wpengine.com/good/spass
HTTP 301
http://kopsipass.wpengine.com/good/spass/ Page URL
- http://kopsipass.wpengine.com/good/spass/1.html?home&j-oin-us.x=986020803408b1256c97c7f0f7e225c19860208034... Page URL
Detected technologies
Polyfill (JavaScript Libraries) ExpandDetected patterns
- /polyfill\.min\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Passwort vergessen?
Search URL Search Domain Scan URL
Title: Für SwissPass registrieren.
Search URL Search Domain Scan URL
Title: Zurück
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://limoumla2023.systeme.io/ Page URL
-
https://kopsipass.wpengine.com/good/spass
HTTP 301
http://kopsipass.wpengine.com/good/spass/ Page URL
- http://kopsipass.wpengine.com/good/spass/1.html?home&j-oin-us.x=986020803408b1256c97c7f0f7e225c1986020803408b1256c97c7f0f7e225c1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 7- https://kopsipass.wpengine.com/good/spass HTTP 301
- http://kopsipass.wpengine.com/good/spass/
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
limoumla2023.systeme.io/ |
287 KB 288 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
15 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfill.min.js
cdn.polyfill.io/v2/ |
100 B 654 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
d3fit27i5nzkqh.cloudfront.net/assets/css/ |
486 KB 80 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
runtimeSimplePage.6525755ed16e40f11e2f.js
d3fit27i5nzkqh.cloudfront.net/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
simplePage.d7a3abc1ee393c766641.js
d3fit27i5nzkqh.cloudfront.net/js/ |
487 KB 80 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors~simplePage.ee9310ad2d6b7ab45026.js
d3fit27i5nzkqh.cloudfront.net/js/ |
843 KB 227 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
kopsipass.wpengine.com/good/spass/ Redirect Chain
|
132 B 552 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
1.html
kopsipass.wpengine.com/good/spass/ |
49 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sso.min-20200819.css
kopsipass.wpengine.com/good/spass/css/ |
180 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_text_de-20200819.svg
www.swisspass.ch//resources/img/ |
137 KB 138 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-20200819.svg
www.swisspass.ch//resources/img/ |
7 KB 8 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loader-20200819.png
kopsipass.wpengine.com/good/spass/ |
548 B 548 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-20200819.js.download
kopsipass.wpengine.com/good/spass/js/ |
95 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor.min-20200819.js.download
kopsipass.wpengine.com/good/spass/js/ |
175 KB 53 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
swisspass.min-20200819.js.download
kopsipass.wpengine.com/good/spass/js/ |
97 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SBBWeb-Light.woff2
cdn.app.sbb.ch/fonts/v1_6_subset/ |
14 KB 14 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icomoon.woff2
kopsipass.wpengine.com/fonts/icomoon/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icomoon.ttf
kopsipass.wpengine.com/fonts/icomoon/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icomoon.woff
kopsipass.wpengine.com/fonts/icomoon/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
co-branding
kopsipass.wpengine.com/idp/ |
0 360 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Schweizerische Bundesbahnen (Transportation)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| validateForm function| closeModal function| $ function| jQuery object| jQuery1120023768594682956956 function| A11yDialog function| iFrameResize function| Cleave function| OevcResourceLoader object| dp object| oevc object| webtrends boolean| isMobile function| validate object| options object| attrs object| allowedProviders object| rememberMe boolean| providerAllowsRememberMe2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
limoumla2023.systeme.io/ | Name: user Value: ee9t8l9rgk59vlgj62aqfpok7v |
|
.www.swisspass.ch/ | Name: AL_SESS-S Value: AS8c91Oz0nClYbH1HGM9PczOpbaRTXv5_OsZcnSuMbdn5pHljWe_g!8sln!psy9zllXy |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.app.sbb.ch
cdn.polyfill.io
d3fit27i5nzkqh.cloudfront.net
fonts.googleapis.com
kopsipass.wpengine.com
limoumla2023.systeme.io
www.swisspass.ch
104.199.116.217
193.203.121.166
2404:6800:4004:808::200a
2600:9000:2201:4800:1c:d937:ae40:93a1
2a04:4e42::282
35.156.102.163
65.8.158.66
225e078f0432e7459d74e8d9245f1982570a3897d664ca2d219ccd09b244ab95
24f31a4afb4d98c85b6cff4c9a953654a77986d6c4c9e9cae52cf57e59095e01
34e4e4e998d1023cadeeda959be0f4fce5abe4eaf9d241782ae404e36446ecbf
3ffcfcc3648d05491857368acaaa84b39989f0d6984ff9553cfc1e3e3c162efc
4b660682be7261fc619af318ea0aa2d2b9cda577175622924aa23e9a0792ced4
4e6c5b52851ee6c951d6eda49aff92bbf6571799a025e4092ab2e81c1c175c92
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf
a35f901d01118e5649091bd03ac5784a7db52e111fb3806524c412f3d1dcfc5d
be0223ae72bc8c610c7a5453d349964cbe78ff8646695a58bc13a4cf0a8d81d6
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fd23aeccc08239852a5ac678a7cc5b29c723987a0287674000b930cf606b115e