login.sso.bluewin.ch
Open in
urlscan Pro
195.186.145.195
Malicious Activity!
Public Scan
Effective URL: https://login.sso.bluewin.ch/login?SNA=map&keepLogin=true&keepLogin=true&RURL=https%3A%2F%2Fwww.swisscom.ch%2Fhomescreen%2Fon...
Submission: On June 18 via api from CH
Summary
TLS certificate: Issued by SwissSign EV Gold CA 2014 - G22 on March 21st 2018. Valid for: 2 years.
This is the only time login.sso.bluewin.ch was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Swisscom (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 4 | 2a02:a90:c400... 2a02:a90:c400:4001::2 | 3303 (SWISSCOM ...) (SWISSCOM Swisscom (Switzerland) Ltd) | |
1 1 | 2a02:a90:c400... 2a02:a90:c400:5001::2 | 3303 (SWISSCOM ...) (SWISSCOM Swisscom (Switzerland) Ltd) | |
13 | 195.186.145.195 195.186.145.195 | 3303 (SWISSCOM ...) (SWISSCOM Swisscom (Switzerland) Ltd) | |
14 | 2 |
ASN3303 (SWISSCOM Swisscom (Switzerland) Ltd, CH)
www.swisscom.ch |
ASN3303 (SWISSCOM Swisscom (Switzerland) Ltd, CH)
www1.swisscom.ch |
ASN3303 (SWISSCOM Swisscom (Switzerland) Ltd, CH)
login.sso.bluewin.ch |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
bluewin.ch
login.sso.bluewin.ch |
405 KB |
5 |
swisscom.ch
4 redirects
www.swisscom.ch www1.swisscom.ch |
4 KB |
14 | 2 |
Domain | Requested by | |
---|---|---|
13 | login.sso.bluewin.ch |
login.sso.bluewin.ch
|
4 | www.swisscom.ch | 3 redirects |
1 | www1.swisscom.ch | 1 redirects |
14 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
registration.scl.swisscom.ch |
www.swisscom.ch |
Subject Issuer | Validity | Valid | |
---|---|---|---|
login.sso.bluewin.ch SwissSign EV Gold CA 2014 - G22 |
2018-03-21 - 2020-03-21 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://login.sso.bluewin.ch/login?SNA=map&keepLogin=true&keepLogin=true&RURL=https%3A%2F%2Fwww.swisscom.ch%2Fhomescreen%2Fonline%2FhomeScreen.html%3Flogin%26keepLogin%3Dtrue%26nevistokenconsume&L=en&pps=desktop
Frame ID: E2547390CF306D565DD597A1B07A17C0
Requests: 14 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://www.swisscom.ch/login
HTTP 301
http://www.swisscom.ch/login/ Page URL
-
https://www1.swisscom.ch/homescreen/online/homeScreen.html?keepLogin=true
HTTP 302
https://www.swisscom.ch/homescreen/online/homeScreen.html?keepLogin=true HTTP 302
https://www.swisscom.ch/homescreen/online/homeScreen.html?login&keepLogin=true HTTP 302
https://login.sso.bluewin.ch/login?SNA=map&keepLogin=true&keepLogin=true&RURL=https%3A%2F%2Fwww.swisscom.... Page URL
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: Register
Search URL Search Domain Scan URL
Title: Using Mobile ID
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: About Swisscom Login
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.swisscom.ch/login
HTTP 301
http://www.swisscom.ch/login/ Page URL
-
https://www1.swisscom.ch/homescreen/online/homeScreen.html?keepLogin=true
HTTP 302
https://www.swisscom.ch/homescreen/online/homeScreen.html?keepLogin=true HTTP 302
https://www.swisscom.ch/homescreen/online/homeScreen.html?login&keepLogin=true HTTP 302
https://login.sso.bluewin.ch/login?SNA=map&keepLogin=true&keepLogin=true&RURL=https%3A%2F%2Fwww.swisscom.ch%2Fhomescreen%2Fonline%2FhomeScreen.html%3Flogin%26keepLogin%3Dtrue%26nevistokenconsume&L=en&pps=desktop Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://www.swisscom.ch/login HTTP 301
- http://www.swisscom.ch/login/
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
/
www.swisscom.ch/login/ Redirect Chain
|
285 B 735 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
login
login.sso.bluewin.ch/ Redirect Chain
|
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sdx.min.css
login.sso.bluewin.ch/resources/sdx/css/ |
307 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nwmain.css
login.sso.bluewin.ch/resources/styles/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
map.png;jsessionid=AB3831175B8E8FE2A7CFD2DBEC922117
login.sso.bluewin.ch/resources/images/relying-party/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
all.js
login.sso.bluewin.ch/resources/scripts/ |
103 KB 35 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
critical.js
login.sso.bluewin.ch/resources/scripts/ |
17 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sdx.min.js
login.sso.bluewin.ch/resources/sdx/js/ |
339 KB 92 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Logo_Lifeform.png
login.sso.bluewin.ch/resources/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TheSansB_400_.woff2
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
50 KB 50 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lifeform-spritesheet.png
login.sso.bluewin.ch/resources/sdx/images/ |
38 KB 38 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TheSansB_600_.woff2
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
54 KB 54 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sdx-icons.woff2
login.sso.bluewin.ch/resources/sdx/fonts/sdx-icons/ |
24 KB 24 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TheSansB_300_.woff2
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
55 KB 55 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Swisscom (Telecommunication)82 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| handleSelect boolean| Ba object| webfont object| WebFont object| PubSub object| __core-js_shared__ object| Modernizr function| __extends function| __assign function| __rest function| __decorate function| __param function| __metadata function| __awaiter function| __generator function| __exportStar function| __values function| __read function| __spread function| __await function| __asyncGenerator function| __asyncDelegator function| __asyncValues function| __makeTemplateObject function| __importStar function| __importDefault function| flatpickr object| _gsQueue object| GreenSockGlobals object| com function| _gsDefine function| Ease function| Power4 function| Strong function| Quint function| Power3 function| Quart function| Power2 function| Cubic function| Power1 function| Quad function| Power0 function| Linear function| TweenLite function| TweenPlugin function| TweenMax function| TimelineLite function| TimelineMax function| BezierPlugin function| CSSPlugin function| BackOut function| BackIn function| BackInOut object| Back function| SlowMo function| SteppedEase function| RoughEase function| BounceOut function| BounceIn function| BounceInOut object| Bounce function| CircOut function| CircIn function| CircInOut object| Circ function| ElasticOut function| ElasticIn function| ElasticInOut object| Elastic function| ExpoOut function| ExpoIn function| ExpoInOut object| Expo function| SineOut function| SineIn function| SineInOut object| Sine object| EaseLookup object| sdx3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
login.sso.bluewin.ch/ | Name: JSESSIONID Value: 36D4EC01BEBBE3472FD3049F9EC4F5E8 |
|
.login.sso.bluewin.ch/ | Name: uxtype Value: new |
|
login.sso.bluewin.ch/ | Name: hazelcast.sessionId Value: HZ29AE60F75B9E4399954AC148F38369B2 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.sso.bluewin.ch
www.swisscom.ch
www1.swisscom.ch
195.186.145.195
2a02:a90:c400:4001::2
2a02:a90:c400:5001::2
06f449cdf9a25d9d55a22e797374da2fa5313c892e523e5aeb601db6e92fc53d
0ca0f3af0b2e3bac82e16ee5fbc3db27019d201a1b34fab0d80c6591b9a0e613
1573af38d48a35675d955142f69dcc06c6e5d5b78193f86763d2750f39770d6b
416e243e6ac013c2ce428f5707887796719657f13e7e52a08fe2b6a1a57e5c1b
4d548d98cba42e47876b305aa4a1715f6467633aac66ad376d2648031d82fa3d
5e39a8bb7dc50616b9f41997f90bbb8330be6eb35bb973995618c38a0e3c21f4
8390fbc9533f4baba09fc5d92999ce77139e089c02991fd4e006f8ac19f1b9dc
a6bab48f290efd74478d95eab8bc0610cc32ffa78dc5adbb8fbc34f30ce8d930
aea14de2f15479f33a2cdfab1cdf996596cd10de05d4c2f1f5137ad1f16a2d4c
e0bc3a627d23f2f2e1467bb520cf1a686a8b0e7ef12589e3e0aede4c350ad67e
e243a4c37a410972c192fa7a8f7d39e3b886184401cffd3ff2178019c87e89b5
f0cc4ee9dc83925f474ab0b5ed3a5395038c979e157d4bae8e67225f1b0922d8
f40f183cf129b8b9809e3c05fde6add10c861fbd7d4aad0e4c38fbd4073ccd9f
f9adb57dca9cbd2514ed249714b613d65e78a81cadda2882679a9672c812d25e