www.bluewin-ch.eu Open in urlscan Pro
212.227.172.249  Malicious Activity! Public Scan

9 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.bluewin-ch.eu/	10 KB 3 KB	715ms 636ms	Document text/html	212.227.172.249 ONEANDONE-AS Brau...
General Check archive.org Show headers Download Go to Full URL https://www.bluewin-ch.eu/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 212.227.172.249 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE), Reverse DNS 212-227-172-249.elastic-ssl.ui-r.com Software nginx/1.12.2 / PHP/7.0.30 Resource Hash 553930145388084f5b24bb8856a60d581ef807eae549bd448a9d310e1f983f6a Request headers :method GET :authority www.bluewin-ch.eu :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 content-type text/html; charset=UTF-8 server nginx/1.12.2 date Thu, 13 Jun 2019 12:24:47 GMT x-powered-by PHP/7.0.30 content-encoding gzip
GET H/1.1	200 OK	sdx.min.css login.sso.bluewin.ch/resources/sdx/css/	307 KB 39 KB	355ms 49ms	Stylesheet text/css	195.186.196.30 SWISSCOM Swisscom...
General Check archive.org Show headers Download Go to Full URL https://login.sso.bluewin.ch/resources/sdx/css/sdx.min.css Requested by Host: www.bluewin-ch.eu URL: https://www.bluewin-ch.eu/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 195.186.196.30 , Switzerland, ASN3303 (SWISSCOM Swisscom (Switzerland) Ltd, CH), Reverse DNS Software / Resource Hash e0bc3a627d23f2f2e1467bb520cf1a686a8b0e7ef12589e3e0aede4c350ad67e Security Headers Name Value X-Frame-Options DENY Request headers Referer https://www.bluewin-ch.eu/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 13 Jun 2019 12:24:47 GMT Content-Encoding gzip Last-Modified Tue, 21 May 2019 20:31:13 GMT X-Frame-Options DENY ETag "0217967edc09636702f6952b67a33fdec" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=10000, must-revalidate Connection close Content-Length 39311 Expires Thu, 13 Jun 2019 15:11:27 GMT
GET H/1.1	200 OK	nwmain.css login.sso.bluewin.ch/resources/styles/	10 KB 3 KB	352ms 44ms	Stylesheet text/css	195.186.196.30 SWISSCOM Swisscom...
General Check archive.org Show headers Download Go to Full URL https://login.sso.bluewin.ch/resources/styles/nwmain.css Requested by Host: www.bluewin-ch.eu URL: https://www.bluewin-ch.eu/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 195.186.196.30 , Switzerland, ASN3303 (SWISSCOM Swisscom (Switzerland) Ltd, CH), Reverse DNS Software / Resource Hash 0ca0f3af0b2e3bac82e16ee5fbc3db27019d201a1b34fab0d80c6591b9a0e613 Security Headers Name Value X-Frame-Options DENY Request headers Referer https://www.bluewin-ch.eu/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 13 Jun 2019 12:24:47 GMT Content-Encoding gzip Last-Modified Tue, 21 May 2019 20:31:13 GMT X-Frame-Options DENY ETag "026ef55e4c6a0cf0ad9858d249e92ae6d" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=10000, must-revalidate Connection close Content-Length 2827 Expires Thu, 13 Jun 2019 15:11:27 GMT
GET H/1.1	200 OK	webmail.png;jsessionid=0655CD31208E6A7A51D512C10014B514 login.sso.bluewin.ch/resources/images/relying-party/	562 B 1 KB	354ms 43ms	Image image/png	195.186.196.30 SWISSCOM Swisscom...
General Check archive.org Show headers Download Go to Show image Full URL https://login.sso.bluewin.ch/resources/images/relying-party/webmail.png;jsessionid=0655CD31208E6A7A51D512C10014B514 Requested by Host: www.bluewin-ch.eu URL: https://www.bluewin-ch.eu/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 195.186.196.30 , Switzerland, ASN3303 (SWISSCOM Swisscom (Switzerland) Ltd, CH), Reverse DNS Software / Resource Hash f07b8927a11190e0d9988dd003bb5079a5905678ad8951eb424ab7c71dcaba33 Security Headers Name Value X-Frame-Options DENY Request headers Referer https://www.bluewin-ch.eu/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 13 Jun 2019 12:24:47 GMT Last-Modified Tue, 21 May 2019 20:40:31 GMT ETag "02a6185f01f8bdc7147d221fd776e534d" X-Frame-Options DENY Content-Type image/png Cache-Control max-age=10000, must-revalidate Connection close Content-Length 562 Expires Thu, 13 Jun 2019 15:11:27 GMT
GET H/1.1	200 OK	all.js Show response login.sso.bluewin.ch/resources/scripts/	103 KB 35 KB	362ms 50ms	Script text/javascript	195.186.196.30 SWISSCOM Swisscom...
General Check archive.org Show headers Download Go to Full URL https://login.sso.bluewin.ch/resources/scripts/all.js Requested by Host: www.bluewin-ch.eu URL: https://www.bluewin-ch.eu/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 195.186.196.30 , Switzerland, ASN3303 (SWISSCOM Swisscom (Switzerland) Ltd, CH), Reverse DNS Software / Resource Hash b7312452dac2d97e4e51b8bb0af9f6750b35866186178b7b5ef0975e942068c9 Security Headers Name Value X-Frame-Options DENY Request headers Referer https://www.bluewin-ch.eu/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 13 Jun 2019 12:24:47 GMT Content-Encoding gzip Last-Modified Tue, 21 May 2019 20:31:13 GMT X-Frame-Options DENY ETag "033d2b6fede1d941831778952b0513d2f" Vary Accept-Encoding Content-Type text/javascript Cache-Control max-age=10000, must-revalidate Connection close Content-Length 35322 Expires Thu, 13 Jun 2019 15:11:27 GMT
GET H/1.1	200 OK	critical.js Show response login.sso.bluewin.ch/resources/scripts/	17 KB 7 KB	351ms 43ms	Script text/javascript	195.186.196.30 SWISSCOM Swisscom...
General Check archive.org Show headers Download Go to Full URL https://login.sso.bluewin.ch/resources/scripts/critical.js Requested by Host: www.bluewin-ch.eu URL: https://www.bluewin-ch.eu/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 195.186.196.30 , Switzerland, ASN3303 (SWISSCOM Swisscom (Switzerland) Ltd, CH), Reverse DNS Software / Resource Hash 8390fbc9533f4baba09fc5d92999ce77139e089c02991fd4e006f8ac19f1b9dc Security Headers Name Value X-Frame-Options DENY Request headers Referer https://www.bluewin-ch.eu/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 13 Jun 2019 12:24:47 GMT Content-Encoding gzip Last-Modified Tue, 21 May 2019 20:40:31 GMT X-Frame-Options DENY ETag "0255cb71b1abccfa446b1b85c856ca1a6" Vary Accept-Encoding Content-Type text/javascript Cache-Control max-age=10000, must-revalidate Connection close Content-Length 6521 Expires Thu, 13 Jun 2019 15:11:27 GMT
GET H/1.1	200 OK	sdx.min.js Show response login.sso.bluewin.ch/resources/sdx/js/	339 KB 92 KB	373ms 64ms	Script text/javascript	195.186.196.30 SWISSCOM Swisscom...
General Check archive.org Show headers Download Go to Full URL https://login.sso.bluewin.ch/resources/sdx/js/sdx.min.js Requested by Host: www.bluewin-ch.eu URL: https://www.bluewin-ch.eu/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 195.186.196.30 , Switzerland, ASN3303 (SWISSCOM Swisscom (Switzerland) Ltd, CH), Reverse DNS Software / Resource Hash d60a1bb4c61997e05a638eabb41e8356dac43c6c5bd46d07230f3d5b7a828829 Security Headers Name Value X-Frame-Options DENY Request headers Referer https://www.bluewin-ch.eu/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 13 Jun 2019 12:24:47 GMT Content-Encoding gzip Last-Modified Tue, 21 May 2019 20:40:31 GMT X-Frame-Options DENY ETag "04dd6cf73a7d00775056fafd6810fb4b2" Vary Accept-Encoding Content-Type text/javascript Cache-Control max-age=10000, must-revalidate Transfer-Encoding chunked Connection close Expires Thu, 13 Jun 2019 15:11:27 GMT
GET H/1.1	200 OK	Logo_Lifeform.png login.sso.bluewin.ch/resources/images/	3 KB 4 KB	127ms 48ms	Image image/png	195.186.196.30 SWISSCOM Swisscom...
General Check archive.org Show headers Download Go to Show image Full URL https://login.sso.bluewin.ch/resources/images/Logo_Lifeform.png Requested by Host: www.bluewin-ch.eu URL: https://www.bluewin-ch.eu/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 195.186.196.30 , Switzerland, ASN3303 (SWISSCOM Swisscom (Switzerland) Ltd, CH), Reverse DNS Software / Resource Hash aea14de2f15479f33a2cdfab1cdf996596cd10de05d4c2f1f5137ad1f16a2d4c Security Headers Name Value X-Frame-Options DENY Request headers Referer https://login.sso.bluewin.ch/resources/styles/nwmain.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 13 Jun 2019 12:24:47 GMT Last-Modified Tue, 21 May 2019 20:40:31 GMT ETag "0fc6476552b76aa3c16cc1ea908dda205" X-Frame-Options DENY Content-Type image/png Cache-Control max-age=10000, must-revalidate Connection close Content-Length 3440 Expires Thu, 13 Jun 2019 15:11:27 GMT
GET		TheSansB_400_.woff2 login.sso.bluewin.ch/resources/sdx/fonts/TheSans/	0 0
GET H/1.1	200 OK	lifeform-spritesheet.png login.sso.bluewin.ch/resources/sdx/images/	38 KB 38 KB	117ms 43ms	Image image/png	195.186.196.30 SWISSCOM Swisscom...
General Check archive.org Show headers Download Go to Show image Full URL https://login.sso.bluewin.ch/resources/sdx/images/lifeform-spritesheet.png Requested by Host: www.bluewin-ch.eu URL: https://www.bluewin-ch.eu/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 195.186.196.30 , Switzerland, ASN3303 (SWISSCOM Swisscom (Switzerland) Ltd, CH), Reverse DNS Software / Resource Hash f9adb57dca9cbd2514ed249714b613d65e78a81cadda2882679a9672c812d25e Security Headers Name Value X-Frame-Options DENY Request headers Referer https://login.sso.bluewin.ch/resources/sdx/css/sdx.min.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 13 Jun 2019 12:24:47 GMT Last-Modified Tue, 21 May 2019 20:31:13 GMT ETag "0db5b9234be03de8612bb31c38e09fcf7" X-Frame-Options DENY Content-Type image/png Cache-Control max-age=10000, must-revalidate Connection close Content-Length 38448 Expires Thu, 13 Jun 2019 15:11:27 GMT
GET		TheSansB_600_.woff2 login.sso.bluewin.ch/resources/sdx/fonts/TheSans/	0 0
GET		TheSansB_300_.woff2 login.sso.bluewin.ch/resources/sdx/fonts/TheSans/	0 0
GET		sdx-icons.woff2 login.sso.bluewin.ch/resources/sdx/fonts/sdx-icons/	0 0
GET		TheSansB_400_.woff login.sso.bluewin.ch/resources/sdx/fonts/TheSans/	0 0
GET		TheSansB_600_.woff login.sso.bluewin.ch/resources/sdx/fonts/TheSans/	0 0
GET		TheSansB_300_.woff login.sso.bluewin.ch/resources/sdx/fonts/TheSans/	0 0
GET		sdx-icons.woff login.sso.bluewin.ch/resources/sdx/fonts/sdx-icons/	0 0
GET		TheSansB_400_.ttf login.sso.bluewin.ch/resources/sdx/fonts/TheSans/	0 0
GET		TheSansB_600_.ttf login.sso.bluewin.ch/resources/sdx/fonts/TheSans/	0 0
GET		TheSansB_300_.ttf login.sso.bluewin.ch/resources/sdx/fonts/TheSans/	0 0
GET		sdx-icons.ttf login.sso.bluewin.ch/resources/sdx/fonts/sdx-icons/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

login.sso.bluewin.ch

URL

https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_400_.woff2

Domain

login.sso.bluewin.ch

URL

https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_600_.woff2

Domain

login.sso.bluewin.ch

URL

https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_300_.woff2

Domain

login.sso.bluewin.ch

URL

https://login.sso.bluewin.ch/resources/sdx/fonts/sdx-icons/sdx-icons.woff2

Domain

login.sso.bluewin.ch

URL

https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_400_.woff

Domain

login.sso.bluewin.ch

URL

https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_600_.woff

Domain

login.sso.bluewin.ch

URL

https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_300_.woff

Domain

login.sso.bluewin.ch

URL

https://login.sso.bluewin.ch/resources/sdx/fonts/sdx-icons/sdx-icons.woff

Domain

login.sso.bluewin.ch

URL

https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_400_.ttf

Domain

login.sso.bluewin.ch

URL

https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_600_.ttf

Domain

login.sso.bluewin.ch

URL

https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_300_.ttf

Domain

login.sso.bluewin.ch

URL

https://login.sso.bluewin.ch/resources/sdx/fonts/sdx-icons/sdx-icons.ttf

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Swisscom (Telecommunication)

82 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| handleSelect boolean| Ba object| webfont object| WebFont object| PubSub object| __core-js_shared__ object| Modernizr function| __extends function| __assign function| __rest function| __decorate function| __param function| __metadata function| __awaiter function| __generator function| __exportStar function| __values function| __read function| __spread function| __await function| __asyncGenerator function| __asyncDelegator function| __asyncValues function| __makeTemplateObject function| __importStar function| __importDefault function| flatpickr object| _gsQueue object| GreenSockGlobals object| com function| _gsDefine function| Ease function| Power4 function| Strong function| Quint function| Power3 function| Quart function| Power2 function| Cubic function| Power1 function| Quad function| Power0 function| Linear function| TweenLite function| TweenPlugin function| TweenMax function| TimelineLite function| TimelineMax function| BezierPlugin function| CSSPlugin function| BackOut function| BackIn function| BackInOut object| Back function| SlowMo function| SteppedEase function| RoughEase function| BounceOut function| BounceIn function| BounceInOut object| Bounce function| CircOut function| CircIn function| CircInOut object| Circ function| ElasticOut function| ElasticIn function| ElasticInOut object| Elastic function| ExpoOut function| ExpoIn function| ExpoInOut object| Expo function| SineOut function| SineIn function| SineInOut object| Sine object| EaseLookup object| sdx

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login.sso.bluewin.ch
www.bluewin-ch.eu
login.sso.bluewin.ch
195.186.196.30
212.227.172.249
0ca0f3af0b2e3bac82e16ee5fbc3db27019d201a1b34fab0d80c6591b9a0e613
553930145388084f5b24bb8856a60d581ef807eae549bd448a9d310e1f983f6a
8390fbc9533f4baba09fc5d92999ce77139e089c02991fd4e006f8ac19f1b9dc
aea14de2f15479f33a2cdfab1cdf996596cd10de05d4c2f1f5137ad1f16a2d4c
b7312452dac2d97e4e51b8bb0af9f6750b35866186178b7b5ef0975e942068c9
d60a1bb4c61997e05a638eabb41e8356dac43c6c5bd46d07230f3d5b7a828829
e0bc3a627d23f2f2e1467bb520cf1a686a8b0e7ef12589e3e0aede4c350ad67e
f07b8927a11190e0d9988dd003bb5079a5905678ad8951eb424ab7c71dcaba33
f9adb57dca9cbd2514ed249714b613d65e78a81cadda2882679a9672c812d25e