app.novagen.info
Open in
urlscan Pro
185.2.4.134
Malicious Activity!
Public Scan
URL:
https://app.novagen.info/ch/Trace/
Submission Tags: @phish_report
Submission: On January 10 via api from FI — Scanned from IT
Submission Tags: @phish_report
Submission: On January 10 via api from FI — Scanned from IT
Summary
This website contacted 3 IPs
in 3 countries
across 3 domains to perform 12 HTTP transactions.
The main IP is 185.2.4.134, located in
Italy and
belongs to REGISTER_UK-AS, IT.
The main domain is app.novagen.info.
TLS certificate: Issued by R3 on December 12th 2023. Valid for: 3 months.
This is the only time app.novagen.info was scanned on urlscan.io!
TLS certificate: Issued by R3 on December 12th 2023. Valid for: 3 months.
This is the only time app.novagen.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Swiss Post (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 10 | 185.2.4.134 185.2.4.134 | 203461 (REGISTER_...) (REGISTER_UK-AS) | |
| 1 | 91.194.146.69 91.194.146.69 | 43183 (SWISSSIGN) (SWISSSIGN) | |
| 1 | 194.48.169.200 194.48.169.200 | 48314 (IP-PROJECTS) (IP-PROJECTS) | |
| 12 | 3 |
1
91.194.146.69
(Opfikon, Switzerland)
ASN43183 (SWISSSIGN, CH)
PTR: gslb-p4.swisssign.net
ASN43183 (SWISSSIGN, CH)
PTR: gslb-p4.swisssign.net
| login.swissid.ch |
1
194.48.169.200
(Germany)
ASN48314 (IP-PROJECTS, DE)
PTR: plesk-wp.ybm-deutschland.de
ASN48314 (IP-PROJECTS, DE)
PTR: plesk-wp.ybm-deutschland.de
| multishipper.de |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 10 |
novagen.info
app.novagen.info |
67 KB |
| 1 |
multishipper.de
multishipper.de |
25 KB |
| 1 |
swissid.ch
login.swissid.ch |
1 KB |
| 12 | 3 |
| Domain | Requested by | |
|---|---|---|
| 10 | app.novagen.info |
app.novagen.info
|
| 1 | multishipper.de |
app.novagen.info
|
| 1 | login.swissid.ch |
app.novagen.info
|
| 12 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| app.novagen.info R3 |
2023-12-12 - 2024-03-11 |
3 months | crt.sh |
| login.swissid.ch SwissSign RSA TLS EV ICA 2022 - 1 |
2023-10-24 - 2024-10-24 |
a year | crt.sh |
| multishipper.de R3 |
2024-01-02 - 2024-04-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://app.novagen.info/ch/Trace/
Frame ID: 2158AA6A5E693C5DD0D4C754F5BB963D
Requests: 12 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
app.novagen.info/ch/Trace/ |
5 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
merchant.css
app.novagen.info/ch/Trace/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
opus.css
app.novagen.info/ch/Trace/css/ |
27 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
footer.css
app.novagen.info/ch/Trace/css/ |
77 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
onei.css
app.novagen.info/ch/Trace/css/ |
145 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
eui.css
app.novagen.info/ch/Trace/css/ |
53 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Post_Logo_digital_RGB.cf61e347.svg
login.swissid.ch/login/img/ |
909 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
notfinish.png
app.novagen.info/ch/Trace/De_files/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
post-logo-1.png
multishipper.de/wp-content/uploads/2020/05/ |
25 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
link.conf
app.novagen.info/ch/Trace/css/base/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
theme
app.novagen.info/ch/Trace/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
selectors
app.novagen.info/ch/Trace/css/lib/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Swiss Post (Transportation)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| app.novagen.info/ | Name: PHPSESSID Value: 33c54b82a1255eeb7c1ec68cb444d344 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.novagen.info
login.swissid.ch
multishipper.de
185.2.4.134
194.48.169.200
91.194.146.69
36a8de31f09e04119a06253de14ff62099d0030ec0cf0c89ea8d6440853e80f0
58c803b6cd8e7b56288f26786cce0d905310e39f3dfa7cb20f24c061c82b3a65
7a5655aa2dc7b5663c2cfb1913aa32876db5e6c8feedf26b0f1a01f9028f49c6
7e00cd9a2d4195faca3ad5c3312a90b25f24a8aa9b0bc52381f11cde541543d9
a9b462ef79aec78654aa79958cbab3b4bdf70cddd614e0e26f9d5c2cc1409f6f
d2787206fc583158a11cdcc0cdc1f7266e09313d3c40dc9bc111d324d725336b
e880503a482e82238217d149ad87278ac4088c4014e963c70d66f6b6f64f5cb3
f054a905f2c8143dce031ee73283b9685aa6dccd1d75413ae0c24353a80f95db
f8369ea59c9d801829dd352f24048078400152dcb1e29a2bc768366ff0f36969