login.sso.bluewin.ch
Open in
urlscan Pro
195.186.145.195
Malicious Activity!
Public Scan
Effective URL: https://login.sso.bluewin.ch/login?SNA=myswisscom&keepLogin=true&RURL=https%3A%2F%2Fwww.swisscom.ch%2Fmyswisscom%2F%3Flogin%2...
Submission: On April 07 via api from CH
Summary
TLS certificate: Issued by SwissSign Server Gold CA 2014 - G22 on March 11th 2020. Valid for: 2 years.
This is the only time login.sso.bluewin.ch was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Swisscom (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 4 | 2a02:a90:c400... 2a02:a90:c400:5001::2 | 3303 (SWISSCOM ...) (SWISSCOM Swisscom (Switzerland) Ltd) | |
12 | 195.186.145.195 195.186.145.195 | 3303 (SWISSCOM ...) (SWISSCOM Swisscom (Switzerland) Ltd) | |
13 | 2 |
ASN3303 (SWISSCOM Swisscom (Switzerland) Ltd, CH)
www.swisscom.ch |
ASN3303 (SWISSCOM Swisscom (Switzerland) Ltd, CH)
login.sso.bluewin.ch |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
bluewin.ch
login.sso.bluewin.ch |
403 KB |
4 |
swisscom.ch
3 redirects
www.swisscom.ch |
3 KB |
13 | 2 |
Domain | Requested by | |
---|---|---|
12 | login.sso.bluewin.ch |
login.sso.bluewin.ch
|
4 | www.swisscom.ch | 3 redirects |
13 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
registration.scl.swisscom.ch |
www.swisscom.ch |
Subject Issuer | Validity | Valid | |
---|---|---|---|
login.sso.bluewin.ch SwissSign Server Gold CA 2014 - G22 |
2020-03-11 - 2022-03-11 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://login.sso.bluewin.ch/login?SNA=myswisscom&keepLogin=true&RURL=https%3A%2F%2Fwww.swisscom.ch%2Fmyswisscom%2F%3Flogin%26nevistokenconsume&L=en&pps=desktop
Frame ID: 150BED62070B0DEC6C9EEE67D65BBF73
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://www.swisscom.ch/login
HTTP 301
http://www.swisscom.ch/login/ Page URL
-
https://www.swisscom.ch/myswisscom/
HTTP 302
https://www.swisscom.ch/myswisscom/?login HTTP 302
https://login.sso.bluewin.ch/login?SNA=myswisscom&keepLogin=true&RURL=https%3A%2F%2Fwww.swisscom.ch%2Fmys... Page URL
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: Register
Search URL Search Domain Scan URL
Title: Using Mobile ID
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: About Swisscom Login
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.swisscom.ch/login
HTTP 301
http://www.swisscom.ch/login/ Page URL
-
https://www.swisscom.ch/myswisscom/
HTTP 302
https://www.swisscom.ch/myswisscom/?login HTTP 302
https://login.sso.bluewin.ch/login?SNA=myswisscom&keepLogin=true&RURL=https%3A%2F%2Fwww.swisscom.ch%2Fmyswisscom%2F%3Flogin%26nevistokenconsume&L=en&pps=desktop Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://www.swisscom.ch/login HTTP 301
- http://www.swisscom.ch/login/
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
/
www.swisscom.ch/login/ Redirect Chain
|
247 B 719 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
login
login.sso.bluewin.ch/ Redirect Chain
|
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sdx.min.css
login.sso.bluewin.ch/resources/sdx/css/ |
307 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nwmain.css
login.sso.bluewin.ch/resources/styles/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
all.js
login.sso.bluewin.ch/resources/scripts/ |
103 KB 35 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
critical.js
login.sso.bluewin.ch/resources/scripts/ |
17 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sdx.min.js
login.sso.bluewin.ch/resources/sdx/js/ |
339 KB 92 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Logo_Lifeform.png
login.sso.bluewin.ch/resources/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TheSansB_400_.woff2
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
50 KB 50 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lifeform-spritesheet.png
login.sso.bluewin.ch/resources/sdx/images/ |
38 KB 38 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TheSansB_600_.woff2
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
54 KB 54 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sdx-icons.woff2
login.sso.bluewin.ch/resources/sdx/fonts/sdx-icons/ |
24 KB 24 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TheSansB_300_.woff2
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
55 KB 55 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Swisscom (Telecommunication)81 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| handleSelect boolean| Ba object| webfont object| WebFont object| PubSub object| __core-js_shared__ object| Modernizr function| __extends function| __assign function| __rest function| __decorate function| __param function| __metadata function| __awaiter function| __generator function| __exportStar function| __values function| __read function| __spread function| __await function| __asyncGenerator function| __asyncDelegator function| __asyncValues function| __makeTemplateObject function| __importStar function| __importDefault function| flatpickr object| _gsQueue object| GreenSockGlobals object| com function| _gsDefine function| Ease function| Power4 function| Strong function| Quint function| Power3 function| Quart function| Power2 function| Cubic function| Power1 function| Quad function| Power0 function| Linear function| TweenLite function| TweenPlugin function| TweenMax function| TimelineLite function| TimelineMax function| BezierPlugin function| CSSPlugin function| BackOut function| BackIn function| BackInOut object| Back function| SlowMo function| SteppedEase function| RoughEase function| BounceOut function| BounceIn function| BounceInOut object| Bounce function| CircOut function| CircIn function| CircInOut object| Circ function| ElasticOut function| ElasticIn function| ElasticInOut object| Elastic function| ExpoOut function| ExpoIn function| ExpoInOut object| Expo function| SineOut function| SineIn function| SineInOut object| Sine object| EaseLookup object| sdx3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
login.sso.bluewin.ch/ | Name: JSESSIONID Value: 30CDA41F578C16554DEDFAA5423BA7D3 |
|
.sso.bluewin.ch/ | Name: uxtype Value: new |
|
login.sso.bluewin.ch/ | Name: hazelcast.sessionId Value: HZAF15CCD513DF4358B139E0116FA1E3C5 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.sso.bluewin.ch
www.swisscom.ch
195.186.145.195
2a02:a90:c400:5001::2
00d1f1e910ddaad24569af837051ddb92b59561f83c1f6fb0d6f5d8f8f4bfd83
06f449cdf9a25d9d55a22e797374da2fa5313c892e523e5aeb601db6e92fc53d
416e243e6ac013c2ce428f5707887796719657f13e7e52a08fe2b6a1a57e5c1b
4d548d98cba42e47876b305aa4a1715f6467633aac66ad376d2648031d82fa3d
5e39a8bb7dc50616b9f41997f90bbb8330be6eb35bb973995618c38a0e3c21f4
8390fbc9533f4baba09fc5d92999ce77139e089c02991fd4e006f8ac19f1b9dc
8c236766f23c140010dd8da2f231017bdd9d46293b6b75cd10e584638d9a4319
a6bab48f290efd74478d95eab8bc0610cc32ffa78dc5adbb8fbc34f30ce8d930
a97828c19bc63b55b8ac1504b7b072f952fd335a44ab9a281af46210eecd720f
aea14de2f15479f33a2cdfab1cdf996596cd10de05d4c2f1f5137ad1f16a2d4c
e0bc3a627d23f2f2e1467bb520cf1a686a8b0e7ef12589e3e0aede4c350ad67e
f0cc4ee9dc83925f474ab0b5ed3a5395038c979e157d4bae8e67225f1b0922d8
f9adb57dca9cbd2514ed249714b613d65e78a81cadda2882679a9672c812d25e