www.swissexpressweb.ch
Open in
urlscan Pro
217.193.132.55
Malicious Activity!
Public Scan
Effective URL: https://www.swissexpressweb.ch/Authentication/Login
Submission: On February 28 via manual from CH — Scanned from DE
Summary
TLS certificate: Issued by SwissSign Server Gold CA 2014 - G22 on September 7th 2021. Valid for: a year.
This is the only time www.swissexpressweb.ch was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Swiss Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 27 | 217.193.132.55 217.193.132.55 | 3303 (SWISSCOM ...) (SWISSCOM Swisscom Switzerland Ltd) | |
26 | 1 |
ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH)
www.swissexpressweb.ch |
Apex Domain Subdomains |
Transfer | |
---|---|---|
27 |
swissexpressweb.ch
1 redirects
www.swissexpressweb.ch |
625 KB |
26 | 1 |
Domain | Requested by | |
---|---|---|
27 | www.swissexpressweb.ch |
1 redirects
www.swissexpressweb.ch
|
26 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.swissexpressweb.ch SwissSign Server Gold CA 2014 - G22 |
2021-09-07 - 2022-09-07 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.swissexpressweb.ch/Authentication/Login
Frame ID: DCD18A7634A808AA5166EC0A67D66372
Requests: 26 HTTP requests in this frame
Screenshot
Page Title
LoginPage URL History Show full URLs
-
https://www.swissexpressweb.ch/
HTTP 302
https://www.swissexpressweb.ch/Authentication/Login Page URL
Detected technologies
Microsoft ASP.NET (Web Frameworks) ExpandDetected patterns
- <input[^>]+name="__VIEWSTATE
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.swissexpressweb.ch/
HTTP 302
https://www.swissexpressweb.ch/Authentication/Login Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Login
www.swissexpressweb.ch/Authentication/ Redirect Chain
|
11 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DXR.axd
www.swissexpressweb.ch/ |
25 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DXR.axd
www.swissexpressweb.ch/ |
91 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DXR.axd
www.swissexpressweb.ch/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DXR.axd
www.swissexpressweb.ch/ |
104 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DXR.axd
www.swissexpressweb.ch/ |
22 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DXR.axd
www.swissexpressweb.ch/ |
25 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DXR.axd
www.swissexpressweb.ch/ |
61 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eos.min.css
www.swissexpressweb.ch/Content/ |
235 KB 60 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
public-access.min.css
www.swissexpressweb.ch/Content/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MsAjaxJs
www.swissexpressweb.ch/bundles/ |
142 KB 45 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
WebFormsJs
www.swissexpressweb.ch/bundles/ |
60 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eos.min.js
www.swissexpressweb.ch/Scripts/ |
672 KB 253 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Login.min.js
www.swissexpressweb.ch/users/authentication/ |
547 B 588 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DXR.axd
www.swissexpressweb.ch/ |
194 KB 43 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DXR.axd
www.swissexpressweb.ch/ |
149 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DXR.axd
www.swissexpressweb.ch/ |
39 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DXR.axd
www.swissexpressweb.ch/ |
1 KB 465 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DXR.axd
www.swissexpressweb.ch/ |
4 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DXR.axd
www.swissexpressweb.ch/ |
86 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DXR.axd
www.swissexpressweb.ch/ |
27 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DXR.axd
www.swissexpressweb.ch/ |
5 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DXR.axd
www.swissexpressweb.ch/ |
22 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DXR.axd
www.swissexpressweb.ch/ |
43 B 85 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
post-de.svg
www.swissexpressweb.ch/Content/img/logos/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
www.swissexpressweb.ch/fonts/ |
75 KB 76 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Swiss Post (Transportation)224 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| theForm function| __doPostBack function| Sys$Enum$parse function| Sys$Enum$toString function| Sys$Component$_setProperties function| Sys$Component$_setReferences function| $create function| $removeHandler function| $get function| $find function| $addHandler function| $addHandlers function| $clearHandlers function| Type object| Sys object| _events function| WebForm_PostBackOptions function| WebForm_DoPostBackWithOptions function| WebForm_DoCallback function| WebForm_CallbackComplete function| WebForm_ExecuteCallback function| WebForm_FillFirstAvailableSlot function| WebForm_InitCallback function| WebForm_InitCallbackAddField function| WebForm_EncodeCallback function| WebForm_ReEnableControls function| WebForm_ReDisableControls function| WebForm_SimulateClick function| WebForm_FireDefaultButton function| WebForm_GetScrollX function| WebForm_GetScrollY function| WebForm_SaveScrollPositionSubmit function| WebForm_SaveScrollPositionOnSubmit function| WebForm_RestoreScrollPosition function| WebForm_TextBoxKeyHandler function| WebForm_TrimString function| WebForm_AppendToClassName function| WebForm_RemoveClassName function| WebForm_GetElementById function| WebForm_GetElementByTagName function| WebForm_GetElementsByTagName function| WebForm_GetElementDir function| WebForm_GetElementPosition function| WebForm_GetParentByTagName function| WebForm_SetElementHeight function| WebForm_SetElementWidth function| WebForm_SetElementX function| WebForm_SetElementY function| ValidatorUpdateDisplay function| ValidatorUpdateIsValid function| AllValidatorsValid function| ValidatorHookupControlID function| ValidatorHookupControl function| ValidatorHookupEvent function| ValidatorGetValue function| ValidatorGetValueRecursive function| Page_ClientValidate function| ValidatorCommonOnSubmit function| ValidatorEnable function| ValidatorOnChange function| ValidatedTextBoxOnKeyPress function| ValidatedControlOnBlur function| ValidatorValidate function| ValidatorSetFocus function| IsInVisibleContainer function| IsValidationGroupMatch function| ValidatorOnLoad function| ValidatorConvert function| ValidatorCompare function| CompareValidatorEvaluateIsValid function| CustomValidatorEvaluateIsValid function| RegularExpressionValidatorEvaluateIsValid function| ValidatorTrim function| RequiredFieldValidatorEvaluateIsValid function| RangeValidatorEvaluateIsValid function| ValidationSummaryOnSubmit function| WebForm_FindFirstFocusableChild function| WebForm_AutoFocus function| WebForm_CanFocus function| WebForm_IsFocusableTag function| WebForm_IsInVisibleContainer function| GridView function| GridView_createPropertyString function| GridView_setStateValue function| GridView_OnCallback function| GridView_getHiddenFieldContents function| createPropertyStringFromValues_GridView function| DetailsView function| DetailsView_createPropertyString function| DetailsView_setStateValue function| DetailsView_OnCallback function| DetailsView_getHiddenFieldContents function| createPropertyStringFromValues_DetailsView function| TreeView_HoverNode function| TreeView_GetNodeText function| TreeView_PopulateNode function| TreeView_ProcessNodeData function| TreeView_SelectNode function| TreeView_ToggleNode function| TreeView_UnhoverNode function| Point function| __wpTranslateOffset function| __wpGetPageEventLocation function| __wpClearSelection function| WebPart function| WebPart_Dispose function| WebPart_OnMouseDown function| WebPart_OnDragStart function| WebPart_OnDrag function| WebPart_OnDragEnd function| WebPart_GetParentWebPartElement function| WebPart_UpdatePosition function| Zone function| Zone_Dispose function| Zone_OnDragEnter function| Zone_OnDragOver function| Zone_OnDrop function| Zone_GetParentZoneElement function| Zone_AddWebPart function| Zone_ToggleDropCues function| Zone_GetWebPartIndex function| Zone_UpdatePosition function| WebPartDragState function| WebPartMenu function| WebPartMenu_Dispose function| WebPartMenu_Show function| WebPartMenu_Hide function| WebPartMenu_Hover function| WebPartMenu_Unhover function| WebPartMenu_OnClick function| WebPartMenu_OnKeyPress function| WebPartMenu_OnMouseEnter function| WebPartMenu_OnMouseLeave function| WebPartManager function| WebPartManager_Dispose function| WebPartManager_AddZone function| WebPartManager_IsDragDropEnabled function| WebPartManager_DragDrop function| WebPartManager_InitiateWebPartDragDrop function| WebPartManager_CompleteWebPartDragDrop function| WebPartManager_ContinueWebPartDragDrop function| WebPartManager_Execute function| WebPartManager_ProcessWebPartDragEnter function| WebPartManager_ProcessWebPartDragOver function| WebPartManager_ProcessWebPartDrop function| WebPartManager_ShowHelp function| WebPartManager_ExportWebPart function| WebPartManager_UpdatePositions function| WebPartManager_SubmitPage object| __pendingCallbacks number| __synchronousCallBackIndex boolean| __nonMSDOMBrowser string| __theFormPostData object| __theFormPostCollection object| __callbackTextTypes object| __disabledControlArray string| Page_ValidationVer boolean| Page_IsValid boolean| Page_BlockSubmit object| Page_InvalidControlToBeFocused object| Page_TextTypes object| __wpm object| utils object| inputUtils object| ms_logout object| gb_mp_js object| controls_masterpage_menuv2 object| controls_generic_popupYesNo object| noty function| docWriteWrapper function| qzReady function| qzDonePrinting object| print_control function| ES6Promise function| $ function| jQuery function| moment function| Noty object| MsGlobalResources object| Login object| login object| ASPx object| dx object| ASPxClientUtils function| ListBoxTemporaryCache object| Ident function| AccessKeysHelper function| AccessKey object| CheckBoxCheckState object| CheckBoxInputKey function| ASPxClientEvent function| ASPxClientEventArgs function| ASPxClientCancelEventArgs function| ASPxClientProcessingModeEventArgs function| ASPxClientProcessingModeCancelEventArgs function| ASPxStateItem function| ASPxClientStateEventArgs function| ASPxStateController object| PagerCommands function| ASPxClientBeginCallbackEventArgs function| ASPxClientGlobalBeginCallbackEventArgs function| ASPxClientEndCallbackEventArgs function| ASPxClientGlobalEndCallbackEventArgs function| ASPxClientCallbackErrorEventArgs function| ASPxClientGlobalCallbackErrorEventArgs function| ASPxClientCustomDataCallbackEventArgs function| ASPxClientValidationCompletedEventArgs function| ASPxClientControlsInitializedEventArgs function| ASPxClientControlBeforePronounceEventArgs function| ASPxClientControlUnloadEventArgs function| ASPxClientEndFocusEventArgs function| ASPxClientItemFocusedEventArgs function| ASPxClientControlCollection function| ASPxClientControlBase function| ASPxClientControl function| ASPxClientComponent function| ASPxClientLoadingPanel function| ASPxClientButton object| gb_mp_loadingPanel object| dynamicControlSiteMap_ctl00 object| dynamicControlSiteMap_ctl01 object| dynamicControlSiteMap_ctl02 object| dynamicControlSiteMap_ctl034 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.swissexpressweb.ch/ | Name: eos_session Value: 0g4yf00c5yzks1k4jvn1xeew |
|
www.swissexpressweb.ch/ | Name: eos_AntiXsrfToken Value: 84ea4ae4b1dd4ea3b78ae128808365c6 |
|
www.swissexpressweb.ch/ | Name: eos_lang Value: de |
|
www.swissexpressweb.ch/ | Name: NSC_MCWT_80_IUUQ_QSPE_JJT Value: 14b5a3d91dd8c00bf6053a526f9d4cee1562ec0aca4102848a91565d923bb84710aa34c2 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=157680000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.swissexpressweb.ch
217.193.132.55
0fe4d57c3a9669070e127b25fd1913bd56e10edbb67b96b4eda212750e7c70d3
1448f914f164cb28fed4bbbe14066892c8096036895695227ef1310c9742f778
160405d6dd4c0070b6ce676a4c6f4124d602025d97e86bdf49b3e79afb4fa923
1dc915070a94d318e6b72545e6c5fa70a7b1803a52bae83e8888f319c0aec8be
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3958b7a2fee2b6f64f24eb85a62ffd6cbb4a1159e68580c025104e0003fd403e
3dde9dedb9f792f073379316bb3b188437c340e08c840776e88bc0ced11808f4
46717ddb131beab8385f44590b719c618e1ff42f9ab47d9de485149b3b96c19f
594e60989897c3fe7e623be3e586d11d1e80d5288270d9604ab2b492d79cbcc9
5be6896b220d6a0c875f4b42ff873b3c3a10ec3b80028300467213639c4dfeeb
66eb193a229c2beac06f94c4190ec0394dc21082dd4170483f82d433d674aa33
6a7b84518fb4e6b688c70b28d98a5649b72fad112b83d58b3b7f8f7ca08740fc
6d2cc8f8d9aebed1f8c9a9178b1893b0fd6dc4e1de429807be366a8b6f22400d
6deb33e40aaba146a56e73f57bc0bbd134502c4e5f509f4d0587db82079b9d10
6fad1e34c7cbb37ce461e1ddfa7638939079ede2e9fed535ac887d588bdfa46e
721c962955aac58f7d111f92a004345292a0341ea032d45f695c44f0346c8d16
88cd9a0080384a7b60b6dc20ae2bd62e3625f2f04ee721cced81cca23a842d76
99caecb8475a08fc86c812cf804ddc904f6e6d3fd1591848a09f2413952f2a97
b075ebf57f4581d405a642b335bad6509a2029c64d960e7ba76dbc4e06e28c28
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c33d2eeb46f41ebdccc2b62b178a76466645fc91a640c3e718a9999a6b4b9965
dabcd2e59cf35e1f7b1894ce7c5d3b38b995e7f2815a9724032e5c630c57e172
ebc647dc2e6155063d37cca252d9d42a224303dec481ad5cf39a95c64e8d55f5
f1024f9294f2557d331808abc44dd0155f0b9bcfeedd3f54e1d50392ae4cde09
f88e204442b663aaaf431af0cabb841548f527e00e9517e0da72a6a26bcacbb5
fe07bc2ffc95e03b904a088caffac78e18f88885e4ba413d76330c0701b9b596