wartungswisspassch.sviluppo.host Open in urlscan Pro
149.62.187.89 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://infonexbpo.com/App/
Effective URL:
https://wartungswisspassch.sviluppo.host/auth/Entry.php
Submission: On May 28 via api (May 28th 2024, 2:32:56 am UTC) from CZ — Scanned from CH

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 149.62.187.89, located in Italy and belongs to COLTENGINE COLTENGINE Network, IT. The main domain is wartungswisspassch.sviluppo.host.
TLS certificate: Issued by R3 on May 22nd 2024. Valid for: 3 months.

This is the only time wartungswisspassch.sviluppo.host was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Schweizerische Bundesbahnen (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	70.32.23.90 70.32.23.90	55293 (A2HOSTING) (A2HOSTING)
1 11	149.62.187.89 149.62.187.89	47242 (COLTENGIN...) (COLTENGINE COLTENGINE Network)
3	141.101.90.105 141.101.90.105	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	141.101.90.107 141.101.90.107	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	3

1 70.32.23.90 (United States) 1 redirects

ASN55293 (A2HOSTING, US)
PTR: mi3-sr28.supercp.com

infonexbpo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 149.62.187.89 (Italy) 1 redirects

ASN47242 (COLTENGINE COLTENGINE Network, IT)
PTR: w3008.shared.host.it

wartungswisspassch.sviluppo.host	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 141.101.90.105 (United States)

ASN13335 (CLOUDFLARENET, US)

login.swisspass.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.101.90.107 (United States)

ASN13335 (CLOUDFLARENET, US)

resources.swisspass.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	sviluppo.host 1 redirects wartungswisspassch.sviluppo.host	160 KB
4	swisspass.ch login.swisspass.ch — Cisco Umbrella Rank: 294116 resources.swisspass.ch	219 KB
1	infonexbpo.com 1 redirects infonexbpo.com	586 B
14	3

	Domain	Requested by
11	wartungswisspassch.sviluppo.host	1 redirects wartungswisspassch.sviluppo.host
3	login.swisspass.ch	wartungswisspassch.sviluppo.host
1	resources.swisspass.ch	wartungswisspassch.sviluppo.host
1	infonexbpo.com	1 redirects
14	4

This site contains no links.

Subject Issuer	Validity	Valid
wartungswisspassch.sviluppo.host R3	`2024-05-22` - `2024-08-20`	3 months	crt.sh
swisspass.ch SwissSign RSA TLS DV ICA 2022 - 1	`2024-03-14` - `2025-03-14`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://wartungswisspassch.sviluppo.host/auth/Entry.php
Frame ID: 501681B40DE16C30CE52E935626B05BA
Requests: 13 HTTP requests in this frame

Frame: https://wartungswisspassch.sviluppo.host/auth/userapp_files/saved_resource.html
Frame ID: D8411EFA012685119129990CCC19E8FF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login | SwissPass

Page URL History Show full URLs

https://infonexbpo.com/App/ HTTP 302
https://wartungswisspassch.sviluppo.host/auth/ HTTP 302
https://wartungswisspassch.sviluppo.host/auth/Entry.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

otSDKStub\.js

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

379 kB
Transfer

1121 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://infonexbpo.com/App/ HTTP 302
https://wartungswisspassch.sviluppo.host/auth/ HTTP 302
https://wartungswisspassch.sviluppo.host/auth/Entry.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request Entry.php Show response
wartungswisspassch.sviluppo.host/auth/
Redirect Chain

https://infonexbpo.com/App/
https://wartungswisspassch.sviluppo.host/auth/
https://wartungswisspassch.sviluppo.host/auth/Entry.php

131 KB
25 KB

433ms
432ms

Document
text/html

149.62.187.89
COLTENGINE COLTEN...

General

Check archive.org

Show headers Download Go to

Full URL: https://wartungswisspassch.sviluppo.host/auth/Entry.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.62.187.89 , Italy, ASN47242 (COLTENGINE COLTENGINE Network, IT),
Reverse DNS: w3008.shared.host.it
Software: nginx / PHP/7.4.33
Resource Hash: 729063f305e6efcd4a5eac69b799c96da4403fc5f082219d68f824b66213402d

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 28 May 2024 02:32:31 GMT
server: nginx
vary: Accept-Encoding,User-Agent
x-powered-by: PHP/7.4.33

Redirect headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-encoding: br
content-length: 5
content-type: text/html; charset=UTF-8
date: Tue, 28 May 2024 02:32:30 GMT
location: ./Entry.php
server: nginx
vary: Accept-Encoding,User-Agent
x-powered-by: PHP/7.4.33

GET
H3 200 otSDKStub.js Show response
wartungswisspassch.sviluppo.host/auth/userapp_files/ 21 KB
7 KB 43ms
42ms Script
application/javascript 149.62.187.89
COLTENGINE COLTEN...

General

Check archive.org

Show headers Download Go to

Full URL: https://wartungswisspassch.sviluppo.host/auth/userapp_files/otSDKStub.js
Requested by: Host: wartungswisspassch.sviluppo.host
URL: https://wartungswisspassch.sviluppo.host/auth/Entry.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 149.62.187.89 , Italy, ASN47242 (COLTENGINE COLTENGINE Network, IT),
Reverse DNS: w3008.shared.host.it
Software: LiteSpeed /
Resource Hash: 92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://wartungswisspassch.sviluppo.host/auth/Entry.php
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 28 May 2024 02:32:31 GMT
content-encoding: br
last-modified: Wed, 27 Mar 2024 23:15:53 GMT
server: LiteSpeed
etag: "526c-6604a8a9-fd1c4fd27883e841;br"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 6575
expires: Tue, 04 Jun 2024 02:32:31 GMT

GET
H3 200 styles.8501c3a64c32c7c4.css
wartungswisspassch.sviluppo.host/auth/userapp_files/ 177 KB
21 KB 44ms
42ms Stylesheet
text/css 149.62.187.89
COLTENGINE COLTEN...

General

Check archive.org

Show headers Download Go to

Full URL: https://wartungswisspassch.sviluppo.host/auth/userapp_files/styles.8501c3a64c32c7c4.css
Requested by: Host: wartungswisspassch.sviluppo.host
URL: https://wartungswisspassch.sviluppo.host/auth/Entry.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 149.62.187.89 , Italy, ASN47242 (COLTENGINE COLTENGINE Network, IT),
Reverse DNS: w3008.shared.host.it
Software: LiteSpeed /
Resource Hash: 8e12bf257a56e15f5cb4fcc36e706ae4615dc43b497e24933a52886fc15587a1

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://wartungswisspassch.sviluppo.host/auth/Entry.php
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 28 May 2024 02:32:31 GMT
content-encoding: br
last-modified: Wed, 27 Mar 2024 23:21:03 GMT
server: LiteSpeed
etag: "2c588-6604a9df-7c172a937512531a;br"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 21555
expires: Tue, 04 Jun 2024 02:32:31 GMT

GET
H3 200 otBannerSdk.js Show response
wartungswisspassch.sviluppo.host/auth/userapp_files/ 442 KB
101 KB 43ms
43ms Script
application/javascript 149.62.187.89
COLTENGINE COLTEN...

General

Check archive.org

Show headers Download Go to

Full URL: https://wartungswisspassch.sviluppo.host/auth/userapp_files/otBannerSdk.js
Requested by: Host: wartungswisspassch.sviluppo.host
URL: https://wartungswisspassch.sviluppo.host/auth/Entry.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 149.62.187.89 , Italy, ASN47242 (COLTENGINE COLTENGINE Network, IT),
Reverse DNS: w3008.shared.host.it
Software: LiteSpeed /
Resource Hash: 15de250a16ce58a10f84bebab59b9005ce36df4ec8e87c3bb1acc92726cfa971

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://wartungswisspassch.sviluppo.host/auth/Entry.php
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 28 May 2024 02:32:31 GMT
content-encoding: br
last-modified: Wed, 27 Mar 2024 23:15:53 GMT
server: LiteSpeed
etag: "6e895-6604a8a9-cc6a5fd3fd674ca3;br"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 103628
expires: Tue, 04 Jun 2024 02:32:31 GMT

GET
H3 200 logo.png
wartungswisspassch.sviluppo.host/auth/userapp_files/ 548 B
607 B 56ms
55ms Image
image/png 149.62.187.89
COLTENGINE COLTEN...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wartungswisspassch.sviluppo.host/auth/userapp_files/logo.png
Requested by: Host: wartungswisspassch.sviluppo.host
URL: https://wartungswisspassch.sviluppo.host/auth/Entry.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 149.62.187.89 , Italy, ASN47242 (COLTENGINE COLTENGINE Network, IT),
Reverse DNS: w3008.shared.host.it
Software: LiteSpeed /
Resource Hash: f2f0d94a5141a75ef227f2699b6a43588741ede3edd2fe2d075a65b3d413b2f8

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://wartungswisspassch.sviluppo.host/auth/Entry.php
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 28 May 2024 02:32:31 GMT
last-modified: Wed, 27 Mar 2024 23:15:53 GMT
server: LiteSpeed
etag: "224-6604a8a9-fdd41235502091ec;;;"
vary: User-Agent
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 548
expires: Tue, 04 Jun 2024 02:32:31 GMT

GET
H2 200 logo_text_de-20200819.svg
login.swisspass.ch/resources/img/ 137 KB
18 KB 537ms
72ms Image
image/svg+xml 141.101.90.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.swisspass.ch/resources/img/logo_text_de-20200819.svg

Requested by

Host: wartungswisspassch.sviluppo.host
URL: https://wartungswisspassch.sviluppo.host/auth/Entry.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.101.90.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://wartungswisspassch.sviluppo.host/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 28 May 2024 02:32:49 GMT
strict-transport-security: max-age=16070400; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 101709
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 26 Apr 2024 10:42:00 GMT
server: cloudflare
etag: W/"662b84f8-222c3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000
feature-policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
cf-ray: 88aad61e59c9153f-CDG
expires: Wed, 28 May 2025 02:32:49 GMT

GET
H2 200 logo-20200819.svg
login.swisspass.ch/resources/img/ 7 KB
3 KB 501ms
69ms Image
image/svg+xml 141.101.90.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.swisspass.ch/resources/img/logo-20200819.svg

Requested by

Host: wartungswisspassch.sviluppo.host
URL: https://wartungswisspassch.sviluppo.host/auth/Entry.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.101.90.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://wartungswisspassch.sviluppo.host/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 28 May 2024 02:32:49 GMT
strict-transport-security: max-age=16070400; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 101670
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 26 Apr 2024 10:42:00 GMT
server: cloudflare
etag: W/"662b84f8-1cce"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000
feature-policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
cf-ray: 88aad61e59ca153f-CDG
expires: Wed, 28 May 2025 02:32:49 GMT

GET
H3 200 saved_resource.html Show response
wartungswisspassch.sviluppo.host/auth/userapp_files/ Frame D841 198 B
253 B 53ms
53ms Document
text/html 149.62.187.89
COLTENGINE COLTEN...

General

Check archive.org

Show headers Download Go to

Full URL: https://wartungswisspassch.sviluppo.host/auth/userapp_files/saved_resource.html
Requested by: Host: wartungswisspassch.sviluppo.host
URL: https://wartungswisspassch.sviluppo.host/auth/Entry.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 149.62.187.89 , Italy, ASN47242 (COLTENGINE COLTENGINE Network, IT),
Reverse DNS: w3008.shared.host.it
Software: LiteSpeed /
Resource Hash: 7a036d721a3bbb21568fa68822dfb58ab04cc78a274c6608590440becb307ec9

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://wartungswisspassch.sviluppo.host/auth/Entry.php
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

accept-ranges: bytes
content-length: 198
content-type: text/html
date: Tue, 28 May 2024 02:32:31 GMT
etag: "c6-6604a8a9-14b10220aec788cb;;;"
last-modified: Wed, 27 Mar 2024 23:15:53 GMT
server: LiteSpeed
vary: User-Agent

GET
H3 200 OneTrust_SwissPass_logo_mobile.png
wartungswisspassch.sviluppo.host/auth/userapp_files/ 2 KB
2 KB 47ms
46ms Image
image/png 149.62.187.89
COLTENGINE COLTEN...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wartungswisspassch.sviluppo.host/auth/userapp_files/OneTrust_SwissPass_logo_mobile.png
Requested by: Host: wartungswisspassch.sviluppo.host
URL: https://wartungswisspassch.sviluppo.host/auth/Entry.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 149.62.187.89 , Italy, ASN47242 (COLTENGINE COLTENGINE Network, IT),
Reverse DNS: w3008.shared.host.it
Software: LiteSpeed /
Resource Hash: e42fe383c86ab1185425bf334a44f9a311dd06d8ccf9e409d05b45dbe0bc48c6

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://wartungswisspassch.sviluppo.host/auth/Entry.php
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 28 May 2024 02:32:31 GMT
last-modified: Wed, 27 Mar 2024 23:15:53 GMT
server: LiteSpeed
etag: "7aa-6604a8a9-9595c9d577abeb68;;;"
vary: User-Agent
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1962
expires: Tue, 04 Jun 2024 02:32:31 GMT

GET
H3 200 powered_by_logo.svg
wartungswisspassch.sviluppo.host/auth/userapp_files/ 5 KB
2 KB 50ms
49ms Image
image/svg+xml 149.62.187.89
COLTENGINE COLTEN...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wartungswisspassch.sviluppo.host/auth/userapp_files/powered_by_logo.svg
Requested by: Host: wartungswisspassch.sviluppo.host
URL: https://wartungswisspassch.sviluppo.host/auth/Entry.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 149.62.187.89 , Italy, ASN47242 (COLTENGINE COLTENGINE Network, IT),
Reverse DNS: w3008.shared.host.it
Software: LiteSpeed /
Resource Hash: 5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://wartungswisspassch.sviluppo.host/auth/Entry.php
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 28 May 2024 02:32:31 GMT
content-encoding: br
last-modified: Wed, 27 Mar 2024 23:15:53 GMT
server: LiteSpeed
etag: "144a-6604a8a9-97edb047a6e716b9;br"
vary: Accept-Encoding,User-Agent
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1988
expires: Tue, 04 Jun 2024 02:32:31 GMT

GET
H2 200 login_bg.jpg
resources.swisspass.ch/content/dam/swisspass/co-branding/swiss_ch/ 196 KB
197 KB 547ms
75ms Image
image/jpeg 141.101.90.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://resources.swisspass.ch/content/dam/swisspass/co-branding/swiss_ch/login_bg.jpg

Requested by

Host: wartungswisspassch.sviluppo.host
URL: https://wartungswisspassch.sviluppo.host/auth/Entry.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.101.90.107 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

58a037c0bde953b48561826f3df16031f7ddfce33c4018619d3f39c6af6eec1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://wartungswisspassch.sviluppo.host/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 28 May 2024 02:32:49 GMT
strict-transport-security: max-age=16070400; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15283
x-cache: MISS
x-url: /content/dam/swisspass/co-branding/swiss_ch/login_bg.jpg
content-length: 200933
x-xss-protection: 1; mode=block
referrer-policy: same-origin
cf-bgj: h2pri
last-modified: Mon, 27 May 2024 01:53:27 GMT
server: cloudflare
etag: "310e5-61965c88ecc23"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
x-varnish: 177848420
x-plattform: cprod
cache-control: public, max-age=21600
accept-ranges: bytes
cf-ray: 88aad61eada73c9e-CDG
expires: Tue, 28 May 2024 08:32:49 GMT

GET
H3 404 e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json Show response
wartungswisspassch.sviluppo.host/auth/userapp_files/otSDKStub.js/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/ 1 KB
1 KB 44ms
44ms XHR
text/html 149.62.187.89
COLTENGINE COLTEN...

General

Check archive.org

Show headers Download Go to

Full URL: https://wartungswisspassch.sviluppo.host/auth/userapp_files/otSDKStub.js/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json
Requested by: Host: wartungswisspassch.sviluppo.host
URL: https://wartungswisspassch.sviluppo.host/auth/userapp_files/otSDKStub.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 149.62.187.89 , Italy, ASN47242 (COLTENGINE COLTENGINE Network, IT),
Reverse DNS: w3008.shared.host.it
Software: LiteSpeed /
Resource Hash: 4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://wartungswisspassch.sviluppo.host/auth/Entry.php
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma: no-cache
date: Tue, 28 May 2024 02:32:31 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 1251
vary: User-Agent
content-type: text/html

GET
H3 404 SBBWeb-Light.3f0cdd23274e17f7.woff2
wartungswisspassch.sviluppo.host/auth/userapp_files/ 0
0 76ms
76ms Font
text/html 149.62.187.89
COLTENGINE COLTEN...

General

Check archive.org

Show headers Download Go to

Full URL: https://wartungswisspassch.sviluppo.host/auth/userapp_files/SBBWeb-Light.3f0cdd23274e17f7.woff2
Requested by: Host: wartungswisspassch.sviluppo.host
URL: https://wartungswisspassch.sviluppo.host/auth/userapp_files/styles.8501c3a64c32c7c4.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 149.62.187.89 , Italy, ASN47242 (COLTENGINE COLTENGINE Network, IT),
Reverse DNS: w3008.shared.host.it
Software: LiteSpeed /
Resource Hash

Request headers

Referer: https://wartungswisspassch.sviluppo.host/auth/userapp_files/styles.8501c3a64c32c7c4.css
Origin: https://wartungswisspassch.sviluppo.host
Accept-Language: de-CH,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma: no-cache
date: Tue, 28 May 2024 02:32:31 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 1251
vary: User-Agent
content-type: text/html

GET
H2 200 favicon.ico
login.swisspass.ch/v3/oevlogin/ui/assets/custom/img/ 1 KB
365 B 75ms
74ms Other
image/x-icon 141.101.90.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.swisspass.ch/v3/oevlogin/ui/assets/custom/img/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.101.90.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c1925da382279a72f94990d0a1456f78918619f35780ea0905e4ae0db684677

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://wartungswisspassch.sviluppo.host/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 28 May 2024 02:32:49 GMT
strict-transport-security: max-age=16070400; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 5577
server-timing: intid;desc=3ec28f965ff00d05
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 02 May 2024 08:39:57 GMT
server: cloudflare
etag: W/"1150-1714639197000"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/x-icon;charset=UTF-8
cache-control: public, max-age=14400
feature-policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
cf-ray: 88aad61f5a1e153f-CDG
expires: Tue, 28 May 2024 06:32:49 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Schweizerische Bundesbahnen (Transportation)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| OneTrustStub

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			infonexbpo.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 268413060fedb359a2cfd0e4bab425f9
			.swisspass.ch/	1970-01-20 20:54:25	Name: __cf_bm Value: Vqn_yQLjnMbHphdPxjnxr7HqvopMCJxaffB5oTypSSY-1716863569-1.0.1.1-x_CpvP8jIOIh9fqbjHs5ccH93JcU5nXSD3HiDrKTCk_sPLUIXkZMg45WYLPGeYzjm3X15IJIBpz0MiXlvaMUyA

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	warning	URL: https://wartungswisspassch.sviluppo.host/auth/Entry.php Message: [DOM] Found 2 elements with non-unique id #username: (More info: https://goo.gl/9p2vKq) %o %o
network	error	URL: https://wartungswisspassch.sviluppo.host/auth/userapp_files/otSDKStub.js/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://wartungswisspassch.sviluppo.host/auth/userapp_files/SBBWeb-Light.3f0cdd23274e17f7.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://wartungswisspassch.sviluppo.host/auth/Entry.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://wartungswisspassch.sviluppo.host/auth/Entry.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://wartungswisspassch.sviluppo.host/auth/Entry.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://wartungswisspassch.sviluppo.host/auth/Entry.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

infonexbpo.com
login.swisspass.ch
resources.swisspass.ch
wartungswisspassch.sviluppo.host
141.101.90.105
141.101.90.107
149.62.187.89
70.32.23.90
15de250a16ce58a10f84bebab59b9005ce36df4ec8e87c3bb1acc92726cfa971
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896
58a037c0bde953b48561826f3df16031f7ddfce33c4018619d3f39c6af6eec1b
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
729063f305e6efcd4a5eac69b799c96da4403fc5f082219d68f824b66213402d
7a036d721a3bbb21568fa68822dfb58ab04cc78a274c6608590440becb307ec9
7c1925da382279a72f94990d0a1456f78918619f35780ea0905e4ae0db684677
8e12bf257a56e15f5cb4fcc36e706ae4615dc43b497e24933a52886fc15587a1
92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909
e42fe383c86ab1185425bf334a44f9a311dd06d8ccf9e409d05b45dbe0bc48c6
f2f0d94a5141a75ef227f2699b6a43588741ede3edd2fe2d075a65b3d413b2f8

wartungswisspassch.sviluppo.host Open in urlscan Pro 149.62.187.89 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

3 IPs

2 Countries

379 kBTransfer

1121 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

2 Cookies

7 Console Messages

Indicators

wartungswisspassch.sviluppo.host Open in urlscan Pro
149.62.187.89 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

379 kB
Transfer

1121 kB
Size

2
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!