www.ccasarl.ch - urlscan.io

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 2 HTTP transactions. The main IP is 94.103.96.226, located in Switzerland and belongs to OPENBUSINESS, CH. The main domain is www.ccasarl.ch.

This is the only time www.ccasarl.ch was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DocuSign (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	156.67.218.75 156.67.218.75	47583 (AS-HOSTINGER) (AS-HOSTINGER)
1	94.103.96.226 94.103.96.226	49457 (OPENBUSINESS) (OPENBUSINESS)
1	185.81.100.38 185.81.100.38	62856 (DOCUS-6-PROD) (DOCUS-6-PROD)
2	2

1 156.67.218.75 (Cyprus) 1 redirects

ASN47583 (AS-HOSTINGER, CY)

pktj.ac.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.103.96.226 (Switzerland)

ASN49457 (OPENBUSINESS, CH)
PTR: web07.swisscenter.com

www.ccasarl.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.81.100.38 (United States)

ASN62856 (DOCUS-6-PROD, US)

account.docusign.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	docusign.com account.docusign.com	4 KB
1	ccasarl.ch www.ccasarl.ch	12 KB
1	pktj.ac.id 1 redirects pktj.ac.id	240 B
2	3

	Domain	Requested by
1	account.docusign.com	www.ccasarl.ch
1	www.ccasarl.ch
1	pktj.ac.id	1 redirects
2	3

This site contains links to these domains. Also see Links.

Domain
www.docusign.com

Subject Issuer	Validity	Valid
account.docusign.com DigiCert SHA2 Extended Validation Server CA	`2020-01-09` - `2022-03-26`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://www.ccasarl.ch/unavailable.html
Frame ID: 47BEC8EAEE2BCA176A906EEF47D40ECC
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Please log in to your account

Page URL History Show full URLs

http://pktj.ac.id/site/vendor/doc.php HTTP 302
http://www.ccasarl.ch/unavailable.html Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

UNIX (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Unix/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

2
Requests

50 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

17 kB
Transfer

16 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: http://www.docusign.com/support
Title: Help

Search URL Search Domain Scan URL

URL: https://www.docusign.com/company/terms-of-use/lang/en
Title: Terms

Search URL Search Domain Scan URL

URL: https://www.docusign.com/IP/lang/en
Title: Intellectual Property

Search URL Search Domain Scan URL

URL: https://www.docusign.com/company/privacy-policy/lang/en
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://pktj.ac.id/site/vendor/doc.php HTTP 302
http://www.ccasarl.ch/unavailable.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request unavailable.html Show response
www.ccasarl.ch/
Redirect Chain

http://pktj.ac.id/site/vendor/doc.php
http://www.ccasarl.ch/unavailable.html

12 KB
12 KB

216ms
115ms

Document
text/html

94.103.96.226
OPENBUSINESS

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ccasarl.ch/unavailable.html
Protocol: HTTP/1.1
Server: 94.103.96.226 , Switzerland, ASN49457 (OPENBUSINESS, CH),
Reverse DNS: web07.swisscenter.com
Software: Apache/2.4.43 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.3.1 mod_qos/11.66 /
Resource Hash: 7a5c8c8c94e70fb59db9e2d41dca497b5bc2bc3b1277d80984d3910cd6cd0d83

Request headers

Host: www.ccasarl.ch
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 03 Sep 2021 04:50:41 GMT
Server: Apache/2.4.43 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.3.1 mod_qos/11.66
Last-Modified: Thu, 02 Sep 2021 14:56:41 GMT
ETag: "2ff8-5cb0463fc433a"
Accept-Ranges: bytes
Content-Length: 12280
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Fri, 03 Sep 2021 04:50:40 GMT
Server: Apache
Location: http://www.ccasarl.ch/unavailable.html
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK docusign_logo_small.png
account.docusign.com/LoginAppNext/images/ 4 KB
4 KB 496ms
67ms Image
image/png 185.81.100.38
DOCUS-6-PROD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://account.docusign.com/LoginAppNext/images/docusign_logo_small.png

Requested by

Host: www.ccasarl.ch
URL: http://www.ccasarl.ch/unavailable.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.81.100.38 , United States, ASN62856 (DOCUS-6-PROD, US),

Reverse DNS

Software

/

Resource Hash

e83f8d0b4a78d14185abfca96ee2fbaf18e396a047f725d944ff27a845787279

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: http://www.ccasarl.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 13 Aug 2021 20:18:15 GMT
ETag: "314941598090d71:0"
Content-Type: image/png
Date: Fri, 03 Sep 2021 04:50:41 GMT
Accept-Ranges: bytes
X-DocuSign-Node: FR1FE21
Content-Length: 4064

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DocuSign (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

account.docusign.com
pktj.ac.id
www.ccasarl.ch
156.67.218.75
185.81.100.38
94.103.96.226
7a5c8c8c94e70fb59db9e2d41dca497b5bc2bc3b1277d80984d3910cd6cd0d83
e83f8d0b4a78d14185abfca96ee2fbaf18e396a047f725d944ff27a845787279

www.ccasarl.ch Open in urlscan Pro 94.103.96.226 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

2 Requests

50 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

17 kBTransfer

16 kBSize

0 Cookies

4 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

Indicators

www.ccasarl.ch Open in urlscan Pro
94.103.96.226 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

50 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

17 kB
Transfer

16 kB
Size

0
Cookies

2 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!