afrits.net
Open in
urlscan Pro
198.54.125.47
Malicious Activity!
Public Scan
Submission: On February 10 via api from EE — Scanned from CH
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 31st 2023. Valid for: a year.
This is the only time afrits.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Schweizerische Bundesbahnen (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 198.54.125.47 198.54.125.47 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
4 | 2a00:1450:400... 2a00:1450:4001:828::2004 | 15169 (GOOGLE) (GOOGLE) | |
4 | 2a00:1450:400... 2a00:1450:4001:831::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 193.203.121.145 193.203.121.145 | 31004 (SBB-CFF-F...) (SBB-CFF-FFS Telecom SBB) | |
1 | 18.193.233.226 18.193.233.226 | () () | |
2 | 2a00:1450:400... 2a00:1450:4001:830::2003 | 15169 (GOOGLE) (GOOGLE) | |
18 | 6 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server258-1.web-hosting.com
afrits.net |
ASN- ()
PTR: ec2-18-193-233-226.eu-central-1.compute.amazonaws.com
cdn.app.sbb.ch |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
gstatic.com
www.gstatic.com fonts.gstatic.com |
441 KB |
6 |
afrits.net
afrits.net |
52 KB |
4 |
google.com
www.google.com — Cisco Umbrella Rank: 2 |
36 KB |
1 |
sbb.ch
cdn.app.sbb.ch — Cisco Umbrella Rank: 361189 |
14 KB |
1 |
swisspass.ch
resources.swisspass.ch |
197 KB |
18 | 5 |
Domain | Requested by | |
---|---|---|
6 | afrits.net |
afrits.net
|
4 | www.gstatic.com |
www.google.com
www.gstatic.com |
4 | www.google.com |
afrits.net
www.gstatic.com www.google.com |
2 | fonts.gstatic.com |
www.google.com
|
1 | cdn.app.sbb.ch |
afrits.net
|
1 | resources.swisspass.ch |
afrits.net
|
18 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.afrits.net Sectigo RSA Domain Validation Secure Server CA |
2023-05-31 - 2024-05-31 |
a year | crt.sh |
www.google.com GTS CA 1C3 |
2024-01-09 - 2024-04-02 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2024-01-09 - 2024-04-02 |
3 months | crt.sh |
resources.swisspass.ch R3 |
2024-01-07 - 2024-04-06 |
3 months | crt.sh |
*.app.sbb.ch Amazon RSA 2048 M02 |
2023-08-16 - 2024-09-13 |
a year | crt.sh |
*.google.com GTS CA 1C3 |
2024-01-09 - 2024-04-02 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://afrits.net/ezl/pass/signin.php
Frame ID: 36458B316701F41B06E5049935D9B2B7
Requests: 10 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduNG4pAAAAADeJlhGKXwALnN2JuoL9X73l1HyN&co=aHR0cHM6Ly9hZnJpdHMubmV0OjQ0Mw..&hl=de-CH&v=x5WWoE57Fv0d6ATKsLDIAKnt&size=invisible&cb=benuydpwn6h4
Frame ID: BC2EBE30289DED26C8B7A687C1166AE7
Requests: 8 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
signin.php
afrits.net/ezl/pass/ |
19 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
887 B 911 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sso.min-20200819.css
afrits.net/ezl/pass/Login%20_%20SwissPass_files/ |
180 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_text_de-20200819.svg
afrits.net/ezl/pass/ |
137 KB 15 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-20200819.svg
afrits.net/ezl/pass/ |
7 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loader-20200819.png
afrits.net/ezl/pass/Login%20_%20SwissPass_files/ |
272 B 472 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__de_ch.js
www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/ |
493 KB 197 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_bg.jpg
resources.swisspass.ch/content/dam/swisspass/co-branding/swiss_ch/ |
196 KB 197 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SBBWeb-Light.woff2
cdn.app.sbb.ch/fonts/v1_6_subset/ |
14 KB 14 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icomoon.woff2
afrits.net/ezl/pass/ |
7 KB 7 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anchor
www.google.com/recaptcha/api2/ Frame BC2E |
45 KB 28 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
styles__ltr.css
www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/ Frame BC2E |
55 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
recaptcha__de_ch.js
www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/ Frame BC2E |
493 KB 196 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
KkWFeSURekXGycdprVC-UY6ED-ZF5ll2JCMiHhJE2Rk.js
www.google.com/js/bg/ Frame BC2E |
17 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame BC2E |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v18/ Frame BC2E |
10 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v18/ Frame BC2E |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
webworker.js
www.google.com/recaptcha/api2/ Frame BC2E |
105 B 138 B |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Schweizerische Bundesbahnen (Transportation)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha function| validateForm object| closure_lm_142640 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
afrits.net
cdn.app.sbb.ch
fonts.gstatic.com
resources.swisspass.ch
www.google.com
www.gstatic.com
18.193.233.226
193.203.121.145
198.54.125.47
2a00:1450:4001:828::2004
2a00:1450:4001:830::2003
2a00:1450:4001:831::2003
1b71f90f3c1acead61245bf2df8f2aa77d593ae0e8abad11c86a2b2a0a1e05e5
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1eae71477b8bd44eb0cee256ad035d2abd693e88ee8562b2db36d0a660879b01
2a45857925117a45c6c9c769ad50be518e840fe645e659762423221e1244d919
4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280
52ca9a6b6cab23a69d6a73085d1b30bd6cb815a365ae2adec7d7549053c7a064
58a037c0bde953b48561826f3df16031f7ddfce33c4018619d3f39c6af6eec1b
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
78a4a776506b173ae79fd021d0e9003c7d653ca204ea1d69bea4d553f92f787d
9d58079a7d4c008aa85e701802c2a19357aaff0f9bbdd6775be237d53d99ad1e
b79781efede37903be212fcdf63955e41c8649e678b6b83adf824459d240a188
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
d86563427a2b5e797fe6787b4408335a369cf594183cee2ff533b7527e211e80
da86a8f910323e36049f6fee7c877d53f9f5020f2031efdfabaec371476e1b5a
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909
f766c7457c6ec463eaa85778aa47261344f1772e0b7cf1987ad212f889f472f5