wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com Open in urlscan Pro
45.55.112.74 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bereja3379.systeme.io/
Effective URL:
https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/1.html?home&j-oin-us.x=d1f089c55516f74cdd352e21864f7d19d1f089c55516f74cdd352e21864f...
Submission: On August 28 via api (August 28th 2023, 1:03:33 pm UTC) from JP — Scanned from JP

Summary HTTP 20 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 20 HTTP transactions. The main IP is 45.55.112.74, located in San Francisco, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com.
TLS certificate: Issued by R3 on July 21st 2023. Valid for: 3 months.

This is the only time wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Schweizerische Bundesbahnen (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	13.226.22.115 13.226.22.115	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:600... 2a04:4e42:600::282	54113 (FASTLY) (FASTLY)
4	2600:9000:24d... 2600:9000:24d2:c600:1c:d937:ae40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 13	45.55.112.74 45.55.112.74	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	193.203.121.166 193.203.121.166	31004 (SBB-CFF-F...) (SBB-CFF-FFS Telecom SBB)
1	3.64.153.186 3.64.153.186	16509 (AMAZON-02) (AMAZON-02)
20	6

1 13.226.22.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-22-115.ord51.r.cloudfront.net

bereja3379.systeme.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::282 (United States)

ASN54113 (FASTLY, US)

cdn.polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:24d2:c600:1c:d937:ae40:93a1 (United States)

ASN16509 (AMAZON-02, US)

d3fit27i5nzkqh.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 45.55.112.74 (San Francisco, United States) 2 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.203.121.166 (Switzerland)

ASN31004 (SBB-CFF-FFS Telecom SBB, CH)

www.swisspass.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.64.153.186 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-153-186.eu-central-1.compute.amazonaws.com

cdn.app.sbb.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	codeanyapp.com 2 redirects wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com	147 KB
4	cloudfront.net d3fit27i5nzkqh.cloudfront.net	423 KB
2	swisspass.ch www.swisspass.ch — Cisco Umbrella Rank: 348217	146 KB
1	sbb.ch cdn.app.sbb.ch — Cisco Umbrella Rank: 328082	14 KB
1	polyfill.io cdn.polyfill.io — Cisco Umbrella Rank: 2930	683 B
1	systeme.io bereja3379.systeme.io	45 KB
20	6

	Domain	Requested by
13	wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com	2 redirects bereja3379.systeme.io wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
4	d3fit27i5nzkqh.cloudfront.net	bereja3379.systeme.io
2	www.swisspass.ch	wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
1	cdn.app.sbb.ch	wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
1	cdn.polyfill.io	bereja3379.systeme.io
1	bereja3379.systeme.io
20	6

This site contains links to these domains. Also see Links.

Domain
corporatedefenseetl.com
www.swisspass.ch

Subject Issuer	Validity	Valid
systeme.io Amazon RSA 2048 M01	`2023-03-02` - `2024-01-24`	a year	crt.sh
polyfill.io Certainly Intermediate R1	`2023-08-24` - `2023-09-23`	a month	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
codeanyapp.com R3	`2023-07-21` - `2023-10-19`	3 months	crt.sh
www.swisspass.ch SwissSign RSA TLS OV ICA 2021 - 1	`2023-01-09` - `2024-01-09`	a year	crt.sh
*.app.sbb.ch Amazon RSA 2048 M02	`2023-08-16` - `2024-09-13`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/1.html?home&j-oin-us.x=d1f089c55516f74cdd352e21864f7d19d1f089c55516f74cdd352e21864f7d19
Frame ID: 92E9CA9339B487D6746F39FEE8431485
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login | SwissPass

Page URL History Show full URLs

https://bereja3379.systeme.io/ Page URL
https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/ HTTP 302
https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop HTTP 301
https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/ Page URL
https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/1.html?home&j-oin-us.x=d1f089c55516f74cdd352e21864f7d19d1f089c5... Page URL

Detected technologies

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

776 kB
Transfer

2965 kB
Size

3
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://corporatedefenseetl.com/home

Search URL Search Domain Scan URL

URL: https://www.swisspass.ch//pw-reset?lang=de&provider=sbbkn&callback=oevlogin
Title: Passwort vergessen?

Search URL Search Domain Scan URL

URL: https://www.swisspass.ch//register?lang=de&provider=sbbkn&callback=oevlogin
Title: Für SwissPass registrieren.

Search URL Search Domain Scan URL

URL: https://corporatedefenseetl.com/wp-admin/widgs/204d505e4ce918334/pass/
Title: Zurück

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bereja3379.systeme.io/ Page URL
https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/ HTTP 302
https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop HTTP 301
https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/ Page URL
https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/1.html?home&j-oin-us.x=d1f089c55516f74cdd352e21864f7d19d1f089c55516f74cdd352e21864f7d19 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/ HTTP 302
https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop HTTP 301
https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
bereja3379.systeme.io/ 332 KB
45 KB 631ms
366ms Document
text/html 13.226.22.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bereja3379.systeme.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.22.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-22-115.ord51.r.cloudfront.net

Software

nginx/1.24.0 /

Resource Hash

12768a6ac539f91745aa235021071fad1b9cd6ad65b978c7afabfaaa421074cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

cache-control: max-age=30, must-revalidate, public
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 28 Aug 2023 13:03:26 GMT
server: nginx/1.24.0
vary: Accept-Encoding Origin
via: 1.1 548c240ae60f1a12a2cb777a5d992594.cloudfront.net (CloudFront)
x-amz-cf-id: Ft6qwzJzjvHe5mgmhMgN0IoekiycXtNvSjar3ejKNDS5XXl7h1PoOQ==
x-amz-cf-pop: ORD51-C2
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 polyfill.min.js Show response
cdn.polyfill.io/v2/ 100 B
683 B 19ms
3ms Script
text/javascript 2a04:4e42:600::282
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.polyfill.io/v2/polyfill.min.js?features=Intl.~locale.en%2CmatchMedia

Requested by

Host: bereja3379.systeme.io
URL: https://bereja3379.systeme.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::282 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

34e4e4e998d1023cadeeda959be0f4fce5abe4eaf9d241782ae404e36446ecbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://bereja3379.systeme.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 28 Aug 2023 13:03:26 GMT
age: 1169579
detected-user-agent: Chrome/116.0.0
useragent_normaliser: chrome/116.0.0
server-timing: HIT-CLUSTER, fastly;desc="Edge time";dur=1
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 113
referrer-policy: origin-when-cross-origin
last-modified: Thu, 10 Aug 2023 13:32:32 GMT
fastly_service_version: 225
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
normalized-user-agent: chrome/116.0.0
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 all.min.css
d3fit27i5nzkqh.cloudfront.net/assets/css/ 486 KB
82 KB 469ms
165ms Stylesheet
text/css 2600:9000:24d2:c600:1c:d937:ae40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3fit27i5nzkqh.cloudfront.net/assets/css/all.min.css
Requested by: Host: bereja3379.systeme.io
URL: https://bereja3379.systeme.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24d2:c600:1c:d937:ae40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a35f901d01118e5649091bd03ac5784a7db52e111fb3806524c412f3d1dcfc5d

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://bereja3379.systeme.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 23:56:59 GMT
content-encoding: gzip
via: 1.1 2a5d744fb71bb7fd493368b6a274fffa.cloudfront.net (CloudFront)
last-modified: Wed, 18 May 2022 12:25:57 GMT
server: AmazonS3
x-amz-cf-pop: ORD58-P3
age: 2984787
etag: W/"325672b036bab9b57f6873aed5eccc43"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000,public
x-amz-cf-id: TspDYrYEqH8Lk6QU6ogXIMOW9YWfnfS72o63roEjtXCAazN6BMFW9A==

GET
H2 200 runtimeSimplePage.6525755ed16e40f11e2f.js
d3fit27i5nzkqh.cloudfront.net/js/ 2 KB
1 KB 586ms
371ms Script
application/javascript 2600:9000:24d2:c600:1c:d937:ae40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3fit27i5nzkqh.cloudfront.net/js/runtimeSimplePage.6525755ed16e40f11e2f.js
Requested by: Host: bereja3379.systeme.io
URL: https://bereja3379.systeme.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24d2:c600:1c:d937:ae40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://bereja3379.systeme.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 08:12:28 GMT
content-encoding: gzip
via: 1.1 2a5d744fb71bb7fd493368b6a274fffa.cloudfront.net (CloudFront)
last-modified: Mon, 24 Apr 2023 09:13:36 GMT
server: AmazonS3
x-amz-cf-pop: ORD58-P3
age: 10817459
etag: W/"7e48280fb388cda9c9571931b0370d17"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000,public
x-amz-cf-id: F9g7VOcEvKB2PLGos3jUctxKqM5bgWicseaNhNKw1__OfyEBC2Diew==

GET
H2 200 simplePage.0627b26930cc12f674ff.js
d3fit27i5nzkqh.cloudfront.net/js/ 544 KB
93 KB 161ms
161ms Script
application/javascript 2600:9000:24d2:c600:1c:d937:ae40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3fit27i5nzkqh.cloudfront.net/js/simplePage.0627b26930cc12f674ff.js
Requested by: Host: bereja3379.systeme.io
URL: https://bereja3379.systeme.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24d2:c600:1c:d937:ae40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://bereja3379.systeme.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 10:02:57 GMT
content-encoding: br
via: 1.1 2a5d744fb71bb7fd493368b6a274fffa.cloudfront.net (CloudFront)
last-modified: Mon, 28 Aug 2023 10:02:50 GMT
server: AmazonS3
x-amz-cf-pop: ORD58-P3
age: 10831
etag: W/"2137497bd69342a4b8777a53acac7a9f"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000,public
x-amz-cf-id: KrdVZipl4pcvZXXDhCtC0DiUcoH9rspXSnPjRhSyVLBdx2nQkRZCRQ==

GET
H2 200 vendors~simplePage.d9652b592072ee81ab0f.js
d3fit27i5nzkqh.cloudfront.net/js/ 846 KB
247 KB 266ms
266ms Script
application/javascript 2600:9000:24d2:c600:1c:d937:ae40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3fit27i5nzkqh.cloudfront.net/js/vendors~simplePage.d9652b592072ee81ab0f.js
Requested by: Host: bereja3379.systeme.io
URL: https://bereja3379.systeme.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24d2:c600:1c:d937:ae40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://bereja3379.systeme.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 08:56:35 GMT
content-encoding: gzip
via: 1.1 2a5d744fb71bb7fd493368b6a274fffa.cloudfront.net (CloudFront)
last-modified: Fri, 25 Aug 2023 08:56:20 GMT
server: AmazonS3
x-amz-cf-pop: ORD58-P3
age: 274013
etag: W/"15151e46289bce277b6a3d356ff8db07"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000,public
x-amz-cf-id: 7-dosiOSPCg_9WoS1xfRksZ_PbkVgafqoM8tvFj3bG5qyHtYmbi77g==

GET
H2

200

/
wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/
Redirect Chain

https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/
https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop
https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/

132 B
368 B

232ms
231ms

Document
text/html

45.55.112.74
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/
Requested by: Host: bereja3379.systeme.io
URL: https://bereja3379.systeme.io/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 45.55.112.74 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Referer: https://bereja3379.systeme.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 122
content-type: text/html; charset=UTF-8
date: Mon, 28 Aug 2023 12:33:49 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: openresty
vary: Accept-Encoding

Redirect headers

content-length: 405
content-type: text/html; charset=iso-8859-1
date: Mon, 28 Aug 2023 12:33:49 GMT
location: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/
server: openresty

GET
H2 200 Primary Request 1.html Show response
wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/ 49 KB
11 KB 257ms
257ms Document
text/html 45.55.112.74
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/1.html?home&j-oin-us.x=d1f089c55516f74cdd352e21864f7d19d1f089c55516f74cdd352e21864f7d19
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 45.55.112.74 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: openresty /
Resource Hash: e6eb070992e44753f2b5455f6ddb5fcb94778ce1920e1e3c451b82c136aca6e4

Request headers

Referer: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 10866
content-type: text/html
date: Mon, 28 Aug 2023 12:33:49 GMT
etag: "c417-5f63056c27180-gzip"
last-modified: Mon, 06 Mar 2023 00:25:58 GMT
server: openresty
vary: Accept-Encoding

GET
H2 200 sso.min-20200819.css
wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/css/ 180 KB
23 KB 262ms
261ms Stylesheet
text/css 45.55.112.74
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/css/sso.min-20200819.css
Requested by: Host: wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/1.html?home&j-oin-us.x=d1f089c55516f74cdd352e21864f7d19d1f089c55516f74cdd352e21864f7d19
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 45.55.112.74 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: openresty /
Resource Hash: fd23aeccc08239852a5ac678a7cc5b29c723987a0287674000b930cf606b115e

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/1.html?home&j-oin-us.x=d1f089c55516f74cdd352e21864f7d19d1f089c55516f74cdd352e21864f7d19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 12:33:50 GMT
content-encoding: gzip
last-modified: Mon, 06 Mar 2023 00:03:22 GMT
server: openresty
etag: "2cf01-5f63005ef8680-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 23732

GET
H/1.1 200
OK logo_text_de-20200819.svg
www.swisspass.ch//resources/img/ 137 KB
138 KB 721ms
248ms Image
image/svg+xml 193.203.121.166
SBB-CFF-FFS Telec...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.swisspass.ch//resources/img/logo_text_de-20200819.svg

Requested by

Host: wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/1.html?home&j-oin-us.x=d1f089c55516f74cdd352e21864f7d19d1f089c55516f74cdd352e21864f7d19

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.203.121.166 , Switzerland, ASN31004 (SBB-CFF-FFS Telecom SBB, CH),

Reverse DNS

Software

Apache /

Resource Hash

c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Mon, 28 Aug 2023 13:03:28 GMT
Strict-Transport-Security: max-age=16070400
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 139971
X-XSS-Protection: 1; mode=block
Referrer-Policy: same-origin
last-modified: Tue, 15 Aug 2023 11:04:17 GMT
Server: Apache
etag: "64db5bb1-222c3"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
cache-control: max-age=31536000, private
Feature-Policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
accept-ranges: bytes
Keep-Alive: timeout=10, max=500
expires: Tue, 27 Aug 2024 13:03:28 GMT

GET
H/1.1 200
OK logo-20200819.svg
www.swisspass.ch//resources/img/ 7 KB
8 KB 719ms
248ms Image
image/svg+xml 193.203.121.166
SBB-CFF-FFS Telec...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.swisspass.ch//resources/img/logo-20200819.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.203.121.166 , Switzerland, ASN31004 (SBB-CFF-FFS Telecom SBB, CH),

Reverse DNS

Software

Apache /

Resource Hash

deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Mon, 28 Aug 2023 13:03:28 GMT
Strict-Transport-Security: max-age=16070400
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 7374
X-XSS-Protection: 1; mode=block
Referrer-Policy: same-origin
last-modified: Tue, 15 Aug 2023 11:04:17 GMT
Server: Apache
etag: "64db5bb1-1cce"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
cache-control: max-age=31536000, private
Feature-Policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
accept-ranges: bytes
Keep-Alive: timeout=10, max=500
expires: Tue, 27 Aug 2024 13:03:28 GMT

GET
H2 404 loader-20200819.png
wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/ 351 B
351 B 237ms
236ms Image
text/html 45.55.112.74
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/loader-20200819.png
Requested by: Host: wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/1.html?home&j-oin-us.x=d1f089c55516f74cdd352e21864f7d19d1f089c55516f74cdd352e21864f7d19
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 45.55.112.74 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: openresty /
Resource Hash: c5022e1876f34bf9abab5c436231f2e49ab25e6e4b48e4e211986e48aa05e7fa

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/1.html?home&j-oin-us.x=d1f089c55516f74cdd352e21864f7d19d1f089c55516f74cdd352e21864f7d19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 12:33:50 GMT
server: openresty
content-length: 351
content-type: text/html; charset=iso-8859-1

GET
H2 200 jquery-20200819.js.download Show response
wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/js/ 95 KB
33 KB 329ms
327ms Script
application/javascript 45.55.112.74
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/js/jquery-20200819.js.download
Requested by: Host: wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/1.html?home&j-oin-us.x=d1f089c55516f74cdd352e21864f7d19d1f089c55516f74cdd352e21864f7d19
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 45.55.112.74 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: openresty /
Resource Hash: 24f31a4afb4d98c85b6cff4c9a953654a77986d6c4c9e9cae52cf57e59095e01

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/1.html?home&j-oin-us.x=d1f089c55516f74cdd352e21864f7d19d1f089c55516f74cdd352e21864f7d19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 12:33:50 GMT
content-encoding: gzip
last-modified: Mon, 06 Mar 2023 00:04:58 GMT
server: openresty
etag: "17c54-5f6300ba85e80-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 33850

GET
H2 200 vendor.min-20200819.js.download Show response
wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/js/ 175 KB
53 KB 336ms
334ms Script
application/javascript 45.55.112.74
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/js/vendor.min-20200819.js.download
Requested by: Host: wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/1.html?home&j-oin-us.x=d1f089c55516f74cdd352e21864f7d19d1f089c55516f74cdd352e21864f7d19
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 45.55.112.74 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: openresty /
Resource Hash: be0223ae72bc8c610c7a5453d349964cbe78ff8646695a58bc13a4cf0a8d81d6

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/1.html?home&j-oin-us.x=d1f089c55516f74cdd352e21864f7d19d1f089c55516f74cdd352e21864f7d19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 12:33:50 GMT
content-encoding: gzip
last-modified: Mon, 06 Mar 2023 00:05:12 GMT
server: openresty
etag: "2bc0a-5f6300c7dfe00-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 53848

GET
H2 200 swisspass.min-20200819.js.download Show response
wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/js/ 97 KB
25 KB 244ms
242ms Script
application/javascript 45.55.112.74
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/js/swisspass.min-20200819.js.download
Requested by: Host: wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/1.html?home&j-oin-us.x=d1f089c55516f74cdd352e21864f7d19d1f089c55516f74cdd352e21864f7d19
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 45.55.112.74 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: openresty /
Resource Hash: 225e078f0432e7459d74e8d9245f1982570a3897d664ca2d219ccd09b244ab95

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/1.html?home&j-oin-us.x=d1f089c55516f74cdd352e21864f7d19d1f089c55516f74cdd352e21864f7d19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 12:33:50 GMT
content-encoding: gzip
last-modified: Mon, 06 Mar 2023 00:05:10 GMT
server: openresty
etag: "183fc-5f6300c5f7980-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 25407

GET
H2 200 SBBWeb-Light.woff2
cdn.app.sbb.ch/fonts/v1_6_subset/ 14 KB
14 KB 978ms
483ms Font
application/font-woff2 3.64.153.186
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Light.woff2
Requested by: Host: wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/css/sso.min-20200819.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.64.153.186 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-64-153-186.eu-central-1.compute.amazonaws.com
Software: nginx/1.23.2 /
Resource Hash: 5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf

Request headers

Referer: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/
Origin: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 13:03:29 GMT
content-encoding: br
last-modified: Fri, 17 Dec 2021 15:16:26 GMT
server: nginx/1.23.2
etag: W/"61bca9ca-3784"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31536000, public, private
access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With
expires: Tue, 27 Aug 2024 13:03:29 GMT

GET
H2 404 icomoon.woff2
wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/fonts/icomoon/ 0
0 230ms
229ms Font
text/html 45.55.112.74
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/fonts/icomoon/icomoon.woff2?7m5yri
Requested by: Host: wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/css/sso.min-20200819.css
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 45.55.112.74 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Referer: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/css/sso.min-20200819.css
Origin: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 12:33:50 GMT
server: openresty
content-length: 350
content-type: text/html; charset=iso-8859-1

GET
H2 404 co-branding Show response
wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/idp/ 334 B
423 B 228ms
228ms XHR
text/html 45.55.112.74
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/idp/co-branding?resource=co-branding&lang=de&provider=sbbkn
Requested by: Host: wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/js/jquery-20200819.js.download
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 45.55.112.74 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: openresty /
Resource Hash: 4e4470077d37cea455fef9b049b14e8e03ee6a054d497c691119d4116acaddb8

Request headers

Accept: */*
Referer: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/1.html?home&j-oin-us.x=d1f089c55516f74cdd352e21864f7d19d1f089c55516f74cdd352e21864f7d19
X-Requested-With: XMLHttpRequest
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 12:33:50 GMT
server: openresty
content-length: 334
content-type: text/html; charset=iso-8859-1

GET
H2 404 icomoon.ttf
wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/fonts/icomoon/ 0
0 229ms
229ms Font
text/html 45.55.112.74
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/fonts/icomoon/icomoon.ttf?7m5yri
Requested by: Host: wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/css/sso.min-20200819.css
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 45.55.112.74 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Referer: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/css/sso.min-20200819.css
Origin: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 12:33:50 GMT
server: openresty
content-length: 348
content-type: text/html; charset=iso-8859-1

GET
H2 404 icomoon.woff
wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/fonts/icomoon/ 0
0 231ms
231ms Font
text/html 45.55.112.74
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/fonts/icomoon/icomoon.woff?7m5yri
Requested by: Host: wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/css/sso.min-20200819.css
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 45.55.112.74 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Referer: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/css/sso.min-20200819.css
Origin: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 12:33:50 GMT
server: openresty
content-length: 349
content-type: text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Schweizerische Bundesbahnen (Transportation)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
bereja3379.systeme.io/	1969-12-31 23:59:59	Name: sio_u Value: h5nubfovq1l2v3cp2oop61dgu7
wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: i05mbe260l1qp3q9gqupaqb3f5
.www.swisspass.ch/	1969-12-31 23:59:59	Name: AL_SESS-S Value: ASB26!9cc5M7g92W_!kyBfblRcPjGnk76JVCPRpx5KZiCe_D7u_!FFQJd3n9_K80ZMnI

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/mpmp/pop/loader-20200819.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/fonts/icomoon/icomoon.woff2?7m5yri Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/idp/co-branding?resource=co-branding&lang=de&provider=sbbkn Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/fonts/icomoon/icomoon.ttf?7m5yri Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com/osp/fonts/icomoon/icomoon.woff?7m5yri Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bereja3379.systeme.io
cdn.app.sbb.ch
cdn.polyfill.io
d3fit27i5nzkqh.cloudfront.net
wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com
www.swisspass.ch
13.226.22.115
193.203.121.166
2600:9000:24d2:c600:1c:d937:ae40:93a1
2a04:4e42:600::282
3.64.153.186
45.55.112.74
12768a6ac539f91745aa235021071fad1b9cd6ad65b978c7afabfaaa421074cb
225e078f0432e7459d74e8d9245f1982570a3897d664ca2d219ccd09b244ab95
24f31a4afb4d98c85b6cff4c9a953654a77986d6c4c9e9cae52cf57e59095e01
34e4e4e998d1023cadeeda959be0f4fce5abe4eaf9d241782ae404e36446ecbf
4e4470077d37cea455fef9b049b14e8e03ee6a054d497c691119d4116acaddb8
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf
a35f901d01118e5649091bd03ac5784a7db52e111fb3806524c412f3d1dcfc5d
be0223ae72bc8c610c7a5453d349964cbe78ff8646695a58bc13a4cf0a8d81d6
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
c5022e1876f34bf9abab5c436231f2e49ab25e6e4b48e4e211986e48aa05e7fa
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909
e6eb070992e44753f2b5455f6ddb5fcb94778ce1920e1e3c451b82c136aca6e4
fd23aeccc08239852a5ac678a7cc5b29c723987a0287674000b930cf606b115e

wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com Open in urlscan Pro 45.55.112.74 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

33 %IPv6

6 Domains

6 Subdomains

6 IPs

3 Countries

776 kBTransfer

2965 kBSize

3 Cookies

4 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

20 JavaScript Global Variables

3 Cookies

5 Console Messages

Security Headers

Indicators

wordpress-salmon-mouse-pedovaj696855884.codeanyapp.com Open in urlscan Pro
45.55.112.74 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

776 kB
Transfer

2965 kB
Size

3
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!