urlscan.io logo urlscan.io
SecurityTrails logo

identity.spcweb.ch Open in urlscan Pro
20.76.31.2  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://identity.spcweb.ch/
Submission: On August 21 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 5 HTTP transactions. The main IP is 20.76.31.2, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is identity.spcweb.ch.
TLS certificate: Issued by SwissSign RSA TLS OV ICA 2021 - 1 on January 5th 2023. Valid for: a year.
This is the only time identity.spcweb.ch was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Swiss Post (Transportation)

Domain & IP information

IP Address AS Autonomous System
3 20.76.31.2 8075 (MICROSOFT...)
2 20.4.130.24 8075 (MICROSOFT...)
5 2
Apex Domain
Subdomains		 Transfer
3 spcweb.ch
identity.spcweb.ch
2 MB
2 eoscop.com
repo.eoscop.com
306 KB
5 2
Domain Requested by
3 identity.spcweb.ch identity.spcweb.ch
2 repo.eoscop.com identity.spcweb.ch
5 2

This site contains no links.

Subject Issuer Validity Valid
*.spcweb.ch
SwissSign RSA TLS OV ICA 2021 - 1		 2023-01-05 -
2024-01-05		 a year crt.sh
*.eoscop.com
SwissSign RSA TLS OV ICA 2021 - 1		 2022-12-12 -
2023-12-12		 a year crt.sh

This page contains 1 frames:

Primary Page: https://identity.spcweb.ch/
Frame ID: F0D9DB4509CA91BAF14EF9E411F2CC82
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log in - Post Identity

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

2524 kB
Transfer

6542 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
identity.spcweb.ch/ 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://identity.spcweb.ch/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.76.31.2 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
8885b738ff3a4391c188f080b9f54397da9683838c76a9ec3a0e8cbea85a30d8
Security Headers
Name Value
Content-Security-Policy default-src 'none'; upgrade-insecure-requests; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; script-src 'self' 'nonce-7bzfGgl+KwTA4M21+vwakYtRSyXP42XRGOt9oytfdW0='; style-src 'self' 'nonce-7bzfGgl+KwTA4M21+vwakYtRSyXP42XRGOt9oytfdW0='; font-src 'self'; img-src 'self' https://repo.eoscop.com;
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=15552000; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; upgrade-insecure-requests; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; script-src 'self' 'nonce-7bzfGgl+KwTA4M21+vwakYtRSyXP42XRGOt9oytfdW0='; style-src 'self' 'nonce-7bzfGgl+KwTA4M21+vwakYtRSyXP42XRGOt9oytfdW0='; font-src 'self'; img-src 'self' https://repo.eoscop.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-cache, no-store
content-encoding
gzip
content-security-policy
default-src 'none'; upgrade-insecure-requests; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; script-src 'self' 'nonce-7bzfGgl+KwTA4M21+vwakYtRSyXP42XRGOt9oytfdW0='; style-src 'self' 'nonce-7bzfGgl+KwTA4M21+vwakYtRSyXP42XRGOt9oytfdW0='; font-src 'self'; img-src 'self' https://repo.eoscop.com;
content-type
text/html; charset=utf-8
date
Mon, 21 Aug 2023 19:52:50 GMT
pragma
no-cache
referrer-policy
origin-when-cross-origin
server
Microsoft-IIS/10.0
strict-transport-security
max-age=31536000; includeSubDomains max-age=15552000; includeSubDomains; preload
vary
Accept-Encoding
x-content-security-policy
default-src 'none'; upgrade-insecure-requests; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; script-src 'self' 'nonce-7bzfGgl+KwTA4M21+vwakYtRSyXP42XRGOt9oytfdW0='; style-src 'self' 'nonce-7bzfGgl+KwTA4M21+vwakYtRSyXP42XRGOt9oytfdW0='; font-src 'self'; img-src 'self' https://repo.eoscop.com;
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
ASP.NET
vendors.css
identity.spcweb.ch/css/ 		737 KB
155 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://identity.spcweb.ch/css/vendors.css
Requested by
Host: identity.spcweb.ch
URL: https://identity.spcweb.ch/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.76.31.2 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
ce4af8607e0c61389390fe3d523cbd151e186512aa6c627cd04f26b52ff3f8b9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://identity.spcweb.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Mon, 21 Aug 2023 19:52:50 GMT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
last-modified
Sat, 01 Jul 2023 04:56:40 GMT
server
Microsoft-IIS/10.0
etag
"1d9abd86c23b66b"
x-powered-by
ASP.NET
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
vendors.js
identity.spcweb.ch/js/ 		5 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://identity.spcweb.ch/js/vendors.js
Requested by
Host: identity.spcweb.ch
URL: https://identity.spcweb.ch/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.76.31.2 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4b86bc87af4b78267a61174b3276d11b5b4845ce022108842b5421b79afe0b79
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://identity.spcweb.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Mon, 21 Aug 2023 19:52:50 GMT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
last-modified
Sat, 01 Jul 2023 04:56:40 GMT
server
Microsoft-IIS/10.0
etag
"1d9abd86c7de147"
x-powered-by
ASP.NET
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
post-en.svg
repo.eoscop.com/img/logos/post/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://repo.eoscop.com/img/logos/post/post-en.svg
Requested by
Host: identity.spcweb.ch
URL: https://identity.spcweb.ch/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.4.130.24 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
eosServer /
Resource Hash
cf9b8c23e2269918ceb66f0777ce7a4ca2ee7ca0c101db8758e6a3870ac5bfc6
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://identity.spcweb.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Mon, 21 Aug 2023 19:52:51 GMT
via
NS-CACHE-10.0: 37
strict-transport-security
max-age=15552000; includeSubDomains; preload
last-modified
Mon, 18 Dec 2017 10:52:10 GMT
server
eosServer
age
1
etag
"029fb40ee77d31:0"
access-control-allow-methods
GET
content-type
image/svg+xml
cache-control
no-cache
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
3101
1.jpg
repo.eoscop.com/img/backgrounds/ 		300 KB
303 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://repo.eoscop.com/img/backgrounds/1.jpg
Requested by
Host: identity.spcweb.ch
URL: https://identity.spcweb.ch/css/vendors.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.4.130.24 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
eosServer /
Resource Hash
8671e07edbebac745ae3f89d4ad8c3b0495b9e0eff32e4484e9cd720b595ca82
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://identity.spcweb.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Mon, 21 Aug 2023 19:52:51 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
last-modified
Fri, 07 Jun 2019 06:48:04 GMT
server
eosServer
etag
"0eab2f4fc1cd51:0"
access-control-allow-methods
GET
content-type
image/jpeg
cache-control
no-cache
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
307596

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Swiss Post (Transportation)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| FontAwesomeConfig function| $ function| jQuery object| DevExpress object| bootstrap object| ___FONT_AWESOME___ object| FontAwesome function| Submit

1 Cookies

Domain/Path Name / Value
identity.spcweb.ch/ Name: .AspNetCore.Antiforgery.79LLBMPAMnA
Value: CfDJ8OpFfErjULdDoMtVjtNgFPMsJhvM-oYxqRgV0S559RheBsUbnEpf67HXO5KU4VA-PWpRt4SitKjjalM3ldy09vCwfVPN_jbu4loJFa2P-cEKG_JRYN6I6tpwFYOVtrowAAJbf2cROdRYyoHJ-Oq8XyY

1 Console Messages

Source Level URL
Text
security warning URL: https://identity.spcweb.ch/
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; upgrade-insecure-requests; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; script-src 'self' 'nonce-7bzfGgl+KwTA4M21+vwakYtRSyXP42XRGOt9oytfdW0='; style-src 'self' 'nonce-7bzfGgl+KwTA4M21+vwakYtRSyXP42XRGOt9oytfdW0='; font-src 'self'; img-src 'self' https://repo.eoscop.com;
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=15552000; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; upgrade-insecure-requests; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; script-src 'self' 'nonce-7bzfGgl+KwTA4M21+vwakYtRSyXP42XRGOt9oytfdW0='; style-src 'self' 'nonce-7bzfGgl+KwTA4M21+vwakYtRSyXP42XRGOt9oytfdW0='; font-src 'self'; img-src 'self' https://repo.eoscop.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN