![](/screenshots/90d188f7-8376-40e6-981e-bd958e441a7c.png)
wartungswisspassch.sviluppo.host
Open in
urlscan Pro
149.62.187.89
Malicious Activity!
Public Scan
Effective URL: https://wartungswisspassch.sviluppo.host/auth/Entry.php
Submission: On May 28 via api from CZ — Scanned from CH
Summary
TLS certificate: Issued by R3 on May 22nd 2024. Valid for: 3 months.
This is the only time wartungswisspassch.sviluppo.host was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Schweizerische Bundesbahnen (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 70.32.23.90 70.32.23.90 | 55293 (A2HOSTING) (A2HOSTING) | |
1 11 | 149.62.187.89 149.62.187.89 | 47242 (COLTENGIN...) (COLTENGINE COLTENGINE Network) | |
3 | 141.101.90.105 141.101.90.105 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 141.101.90.107 141.101.90.107 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 3 |
ASN47242 (COLTENGINE COLTENGINE Network, IT)
PTR: w3008.shared.host.it
wartungswisspassch.sviluppo.host |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
sviluppo.host
1 redirects
wartungswisspassch.sviluppo.host |
160 KB |
4 |
swisspass.ch
login.swisspass.ch — Cisco Umbrella Rank: 294116 resources.swisspass.ch |
219 KB |
1 |
infonexbpo.com
1 redirects
infonexbpo.com |
586 B |
14 | 3 |
Domain | Requested by | |
---|---|---|
11 | wartungswisspassch.sviluppo.host |
1 redirects
wartungswisspassch.sviluppo.host
|
3 | login.swisspass.ch |
wartungswisspassch.sviluppo.host
|
1 | resources.swisspass.ch |
wartungswisspassch.sviluppo.host
|
1 | infonexbpo.com | 1 redirects |
14 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
wartungswisspassch.sviluppo.host R3 |
2024-05-22 - 2024-08-20 |
3 months | crt.sh |
swisspass.ch SwissSign RSA TLS DV ICA 2022 - 1 |
2024-03-14 - 2025-03-14 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://wartungswisspassch.sviluppo.host/auth/Entry.php
Frame ID: 501681B40DE16C30CE52E935626B05BA
Requests: 13 HTTP requests in this frame
Frame:
https://wartungswisspassch.sviluppo.host/auth/userapp_files/saved_resource.html
Frame ID: D8411EFA012685119129990CCC19E8FF
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/90d188f7-8376-40e6-981e-bd958e441a7c.png)
Page Title
Login | SwissPassPage URL History Show full URLs
-
https://infonexbpo.com/App/
HTTP 302
https://wartungswisspassch.sviluppo.host/auth/ HTTP 302
https://wartungswisspassch.sviluppo.host/auth/Entry.php Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
![](/vendor/wappa/icons/OneTrust.png)
Detected patterns
- otSDKStub\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://infonexbpo.com/App/
HTTP 302
https://wartungswisspassch.sviluppo.host/auth/ HTTP 302
https://wartungswisspassch.sviluppo.host/auth/Entry.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Entry.php
wartungswisspassch.sviluppo.host/auth/ Redirect Chain
|
131 KB 25 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
otSDKStub.js
wartungswisspassch.sviluppo.host/auth/userapp_files/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
styles.8501c3a64c32c7c4.css
wartungswisspassch.sviluppo.host/auth/userapp_files/ |
177 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
otBannerSdk.js
wartungswisspassch.sviluppo.host/auth/userapp_files/ |
442 KB 101 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.png
wartungswisspassch.sviluppo.host/auth/userapp_files/ |
548 B 607 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_text_de-20200819.svg
login.swisspass.ch/resources/img/ |
137 KB 18 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-20200819.svg
login.swisspass.ch/resources/img/ |
7 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
saved_resource.html
wartungswisspassch.sviluppo.host/auth/userapp_files/ Frame D841 |
198 B 253 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
OneTrust_SwissPass_logo_mobile.png
wartungswisspassch.sviluppo.host/auth/userapp_files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
powered_by_logo.svg
wartungswisspassch.sviluppo.host/auth/userapp_files/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_bg.jpg
resources.swisspass.ch/content/dam/swisspass/co-branding/swiss_ch/ |
196 KB 197 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json
wartungswisspassch.sviluppo.host/auth/userapp_files/otSDKStub.js/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/ |
1 KB 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
SBBWeb-Light.3f0cdd23274e17f7.woff2
wartungswisspassch.sviluppo.host/auth/userapp_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
login.swisspass.ch/v3/oevlogin/ui/assets/custom/img/ |
1 KB 365 B |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Schweizerische Bundesbahnen (Transportation)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| OneTrustStub2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
infonexbpo.com/ | Name: PHPSESSID Value: 268413060fedb359a2cfd0e4bab425f9 |
|
.swisspass.ch/ | Name: __cf_bm Value: Vqn_yQLjnMbHphdPxjnxr7HqvopMCJxaffB5oTypSSY-1716863569-1.0.1.1-x_CpvP8jIOIh9fqbjHs5ccH93JcU5nXSD3HiDrKTCk_sPLUIXkZMg45WYLPGeYzjm3X15IJIBpz0MiXlvaMUyA |
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
infonexbpo.com
login.swisspass.ch
resources.swisspass.ch
wartungswisspassch.sviluppo.host
141.101.90.105
141.101.90.107
149.62.187.89
70.32.23.90
15de250a16ce58a10f84bebab59b9005ce36df4ec8e87c3bb1acc92726cfa971
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896
58a037c0bde953b48561826f3df16031f7ddfce33c4018619d3f39c6af6eec1b
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
729063f305e6efcd4a5eac69b799c96da4403fc5f082219d68f824b66213402d
7a036d721a3bbb21568fa68822dfb58ab04cc78a274c6608590440becb307ec9
7c1925da382279a72f94990d0a1456f78918619f35780ea0905e4ae0db684677
8e12bf257a56e15f5cb4fcc36e706ae4615dc43b497e24933a52886fc15587a1
92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909
e42fe383c86ab1185425bf334a44f9a311dd06d8ccf9e409d05b45dbe0bc48c6
f2f0d94a5141a75ef227f2699b6a43588741ede3edd2fe2d075a65b3d413b2f8