![](/screenshots/da8e7b63-ba6e-4019-9c38-61253efe3364.png)
potspack-ch.xyz
Open in
urlscan Pro
104.21.32.100
Malicious Activity!
Public Scan
Effective URL: https://potspack-ch.xyz/
Submission: On October 09 via api from JP — Scanned from CH
Summary
TLS certificate: Issued by E1 on October 9th 2023. Valid for: 3 months.
This is the only time potspack-ch.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Swiss Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
26 | 104.21.32.100 104.21.32.100 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
26 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
26 |
potspack-ch.xyz
potspack-ch.xyz |
2 MB |
26 | 1 |
Domain | Requested by | |
---|---|---|
26 | potspack-ch.xyz |
potspack-ch.xyz
|
26 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
potspack-ch.xyz E1 |
2023-10-09 - 2024-01-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://potspack-ch.xyz/
Frame ID: 96F6C8D4E685BF646E9E7A3A271A0D95
Requests: 26 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
potspack-ch.xyz/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
XpDTGh7JNe22e38be6.1696621742212.js
potspack-ch.xyz/assets/ |
7 MB 2 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
QafjJJQn8Ae055d3f1.1696621742212.css
potspack-ch.xyz/assets/ |
780 B 712 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
potspack-ch.xyz/socket.io/ |
118 B 402 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
XcRfQQJXAJcb3874cd.1696621742212.js
potspack-ch.xyz/assets/ |
584 KB 149 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
QafjJJQn8Ad01173b1.1696621742212.css
potspack-ch.xyz/assets/ |
13 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
XcRfQQJXAJ0a268db0.1696621742212.js
potspack-ch.xyz/assets/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
XcRfQQJXAJc27b6911.1696621742212.js
potspack-ch.xyz/assets/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
QafjJJQn8A90d68448.1696621742212.css
potspack-ch.xyz/assets/ |
370 B 475 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
potspack-ch.xyz/socket.io/ |
2 B 284 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
potspack-ch.xyz/socket.io/ |
41 B 310 B |
XHR
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
potspack-ch.xyz/socket.io/ |
162 B 394 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
potspack-ch.xyz/socket.io/ |
2 B 291 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
potspack-ch.xyz/socket.io/ |
21 B 293 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
potspack-ch.xyz/socket.io/ |
2 B 275 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
potspack-ch.xyz/socket.io/ |
76 B 329 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
potspack-ch.xyz/socket.io/ |
1 B 303 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
potspack-ch.xyz/socket.io/ |
2 B 276 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
save-data
potspack-ch.xyz/api/ |
744 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get-app-settings
potspack-ch.xyz/api/ |
804 B 748 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get-next-domain
potspack-ch.xyz/api/ |
0 289 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
can-active
potspack-ch.xyz/api/ |
112 B 397 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get-settings
potspack-ch.xyz/api/ |
128 B 438 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
save-data
potspack-ch.xyz/api/ |
732 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
logger
potspack-ch.xyz/api/ |
0 261 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
QafjJJQn8Adc645ddf.1696621742212.woff2
potspack-ch.xyz/assets/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Swiss Post (Transportation)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| IMask boolean| __VUE__ boolean| __vite_is_modern_browser object| __darcula_config0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
11 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
potspack-ch.xyz
104.21.32.100
18b829aa87423f0a56d856e517d69382c2c54596c58012a16a0528f40c34ff7e
19470021856964e9f13369a82716060dcdbb1c2bc648d44c946fc34ea2b8cce2
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2770041fad143fbb30ac2c627933bd02404db1626ffcbe8aa90320dcd7591460
2bd71002cd488c6752a7456475dba9173dd987d5b5165cf882a7d144c547914a
42606cdd70b43d02b1c53e636902766ee36f22742d4f2db74fe60a251811b33f
43a9e69a4bd2f3da5f66303d36faff90d1df8487442480fb8b5184d2ed0d2c6f
43e9e74754c41f44c5f8c7e66839f1bf90f79930f6e0eec972b6a6725a6e9012
4fcb6a416db18d7b04f59500b088a2e0971307a3ed6ea80cec4da05f71cadf84
6d8e5fdec28351fed2cf2e7191ed80f28e8fb14f93371094158ccf6405e6c1fc
70e7973b280916a5e26032bc93d4be4992806903146cc16a205d2f64e9934d00
809e1f077a95f977f6061aa362127f81a63c28805eab6f9fcbfc2b452e0bf45d
8a512e718622a5a1c8d0c360c943ee185f2b9cb0f4afb78d0eac1a7c64ca21ce
905ac3b61def647ff98dd38dcefaca4d50deae6ee05d86814de865f996ea04fc
90d6844806a5e2ee88f1f9fbcc2c844a6fcc57988cb46f4f1e5a81d58441bbee
bdc1eccc470eddbaca39b01aae6a5d724e8643fce429f029995a146849eb95b5
d01173b14a46ebc0f8633d37da616d7d95f1dc3d59f32024d4f3d871e958051b
dc645ddffd4b66feb1f5be4d4c661a9ab2e9be2a26c4a08b376ab68d9025dcd9
e055d3f119a00ee47c6802612a3dd218ee5425dd73d40fd2f20df34be83c2a0b
e224d45665e64a7ea0e97b239d053e62a8ecc88c57e32c2063a0f88b4974b920
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683