swisscom-extranet.com Open in urlscan Pro
91.215.85.194 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://swisscom-extranet.com/
Submission: On December 07 via automatic, source certstream-suspicious (December 7th 2023, 1:27:32 am UTC) — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 91.215.85.194, located in Russian Federation and belongs to PROSPERO-AS, RU. The main domain is swisscom-extranet.com.
TLS certificate: Issued by R3 on December 7th 2023. Valid for: 3 months.

This is the only time swisscom-extranet.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Swisscom (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
5	91.215.85.194 91.215.85.194	200593 (PROSPERO-AS) (PROSPERO-AS)
5	2606:4700:e2:... 2606:4700:e2::ac40:8416	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2

5 91.215.85.194 (Russian Federation)

ASN200593 (PROSPERO-AS, RU)

swisscom-extranet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:e2::ac40:8416 (United States)

ASN13335 (CLOUDFLARENET, US)

fonts.cdnfonts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	cdnfonts.com fonts.cdnfonts.com — Cisco Umbrella Rank: 9100	154 KB
5	swisscom-extranet.com swisscom-extranet.com	11 KB
10	2

	Domain	Requested by
5	fonts.cdnfonts.com	swisscom-extranet.com fonts.cdnfonts.com
5	swisscom-extranet.com	swisscom-extranet.com
10	2

This site contains no links.

Subject Issuer	Validity	Valid
swisscom-extranet.com R3	`2023-12-07` - `2024-03-06`	3 months	crt.sh
cdnfonts.com GTS CA 1P5	`2023-11-30` - `2024-02-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://swisscom-extranet.com/
Frame ID: 455E4509A7C48DA8B496138EB068E28B
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Swisscom Business Login

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

165 kB
Transfer

168 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response swisscom-extranet.com/	2 KB 710 B	246ms 57ms	Document text/html	91.215.85.194 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://swisscom-extranet.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.215.85.194 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software nginx / PHP/8.2.13 PleskLin Resource Hash `152f308e716c4e3dd51402f6df8466aaf1cea4faa21b629c5e88c8fc60984980` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-type text/html; charset=UTF-8 date Thu, 07 Dec 2023 01:27:27 GMT server nginx x-powered-by PHP/8.2.13 PleskLin
GET H2	200	thesansb fonts.cdnfonts.com/css/	3 KB 819 B	114ms 38ms	Stylesheet text/css	2606:4700:e2::ac40:8416 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fonts.cdnfonts.com/css/thesansb Requested by Host: swisscom-extranet.com URL: https://swisscom-extranet.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e2::ac40:8416 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2afac1238d515d8ff647895e76b18d3a26f4d9f116cf421634594013909cde4b` Request headers accept-language de-DE,de;q=0.9 Referer https://swisscom-extranet.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36 Response headers date Thu, 07 Dec 2023 01:27:27 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1071683 cf-polished origSize=3551 alt-svc h3=":443"; ma=86400 cf-bgj minify last-modified Fri, 24 Nov 2023 15:46:04 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PVzSBrhoD9bNiyL95yrqeJTe7Ujlo98OMEZcATs7hVOS7YmvZ%2FrvxLNo3VNYXTTXumt6Aw2AI7xl19wGwAjk5%2F7TO%2BN4jpz2OPSmMNBM%2Bi3WxszpP%2FUJkr10I%2BQveYfclxh22PbV6F2pg5seTZVhUio%3D"}],"group":"cf-nel","max_age":604800} content-type text/css;charset=UTF-8 access-control-allow-origin * cache-control max-age=2678400 cf-ray 8318fc7ca9b67745-AMS
GET H2	200	index.css swisscom-extranet.com/css/	3 KB 942 B	57ms 56ms	Stylesheet text/css	91.215.85.194 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://swisscom-extranet.com/css/index.css Requested by Host: swisscom-extranet.com URL: https://swisscom-extranet.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.215.85.194 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software nginx / PleskLin Resource Hash `be8609d9b2e9398a98b7c9cf037e78b4652c2d2947a46c559910048544149a6c` Request headers accept-language de-DE,de;q=0.9 Referer https://swisscom-extranet.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36 Response headers date Thu, 07 Dec 2023 01:27:27 GMT content-encoding br last-modified Mon, 04 Dec 2023 14:13:26 GMT server nginx etag W/"656dde86-bae" x-powered-by PleskLin content-type text/css
GET H2	200	connect.png swisscom-extranet.com/img/	7 KB 7 KB	59ms 58ms	Image image/png	91.215.85.194 PROSPERO-AS
General Check archive.org Show headers Download Go to Show image Full URL https://swisscom-extranet.com/img/connect.png Requested by Host: swisscom-extranet.com URL: https://swisscom-extranet.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.215.85.194 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software nginx / PleskLin Resource Hash `dc58ded68592d0376a68cb174f5509208c22edc10b0003aaac51e35484447364` Request headers accept-language de-DE,de;q=0.9 Referer https://swisscom-extranet.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36 Response headers date Thu, 07 Dec 2023 01:27:27 GMT last-modified Mon, 04 Dec 2023 01:57:08 GMT server nginx etag "656d31f4-1c10" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 7184
GET H2	200	show.png swisscom-extranet.com/img/	599 B 768 B	59ms 59ms	Image image/png	91.215.85.194 PROSPERO-AS
General Check archive.org Show headers Download Go to Show image Full URL https://swisscom-extranet.com/img/show.png Requested by Host: swisscom-extranet.com URL: https://swisscom-extranet.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.215.85.194 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software nginx / PleskLin Resource Hash `6ef662586c2ff0498e9e3dda5ccf3ebcaeeb0960edc42d8debc5bf35b345fc4e` Request headers accept-language de-DE,de;q=0.9 Referer https://swisscom-extranet.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36 Response headers date Thu, 07 Dec 2023 01:27:27 GMT last-modified Mon, 04 Dec 2023 02:26:36 GMT server nginx x-accel-version 0.01 etag "257-60ba5d8daef00" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 599
GET H2	200	logo.png swisscom-extranet.com/img/	1 KB 2 KB	57ms 57ms	Image image/png	91.215.85.194 PROSPERO-AS
General Check archive.org Show headers Download Go to Show image Full URL https://swisscom-extranet.com/img/logo.png Requested by Host: swisscom-extranet.com URL: https://swisscom-extranet.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.215.85.194 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software nginx / PleskLin Resource Hash `6043ce9a9a937fa7f0c4da011842e74edb2f1389fe9692cae357496c820c7289` Request headers accept-language de-DE,de;q=0.9 Referer https://swisscom-extranet.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36 Response headers date Thu, 07 Dec 2023 01:27:27 GMT last-modified Mon, 04 Dec 2023 01:58:14 GMT server nginx etag "656d3236-5d1" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 1489
GET H2	200	TheSansUltLt.woff fonts.cdnfonts.com/s/39338/	28 KB 29 KB	95ms 48ms	Font font/woff	2606:4700:e2::ac40:8416 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fonts.cdnfonts.com/s/39338/TheSansUltLt.woff Requested by Host: fonts.cdnfonts.com URL: https://fonts.cdnfonts.com/css/thesansb Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e2::ac40:8416 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9679fa083ccb985967dbf3aad4af3d593df9ee8dfb0bc7e92ffbc919343e347b` Request headers Referer https://fonts.cdnfonts.com/css/thesansb Origin https://swisscom-extranet.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36 Response headers date Thu, 07 Dec 2023 01:27:27 GMT cf-cache-status MISS last-modified Sat, 05 Feb 2022 02:00:49 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "716c-5d73bbc82669b" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2Fa2u3HzvfviWKYlQ5GbbF4Z4xLh9tzOUCYkGhHqHBTAQ82f42FpPjdHL0rpfd32Ug58xWF5NiMMEde6mC0xTL6ZPFEaynU9sHp6aO5%2B9CNtSsulePMrKCauBs%2B2IQc8D4bGqUgjEuuFtWy%2BEvkBosc%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff access-control-allow-origin * cache-control max-age=2678400 accept-ranges bytes cf-ray 8318fc7d3fd3365d-FRA alt-svc h3=":443"; ma=86400 content-length 29036
GET H2	200	TheSansBW7Bold.woff fonts.cdnfonts.com/s/39338/	42 KB 42 KB	119ms 73ms	Font font/woff	2606:4700:e2::ac40:8416 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fonts.cdnfonts.com/s/39338/TheSansBW7Bold.woff Requested by Host: fonts.cdnfonts.com URL: https://fonts.cdnfonts.com/css/thesansb Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e2::ac40:8416 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a26f96264c1f3350fd5b81ad64f4b3aa81a42bfd9517a06f716fa823d34bc049` Request headers Referer https://fonts.cdnfonts.com/css/thesansb Origin https://swisscom-extranet.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36 Response headers date Thu, 07 Dec 2023 01:27:27 GMT cf-cache-status MISS last-modified Sat, 05 Feb 2022 02:00:49 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "a854-5d73bbc82669b" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KUejVEMny8S8KjHGApJjjsxLLnC56Rw7o1iMhay%2BLSXFLq2mxz%2BockI6iPokCXXvWvOBQOmw9Fs8pvmi8UlVQ0SCHqBvD56te8JRdLKCOmZPhvg10lpwhKGx%2BjiVroUyszh2j1sbh1BsvjFAz09D1Vg%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff access-control-allow-origin * cache-control max-age=2678400 accept-ranges bytes cf-ray 8318fc7d3fd8365d-FRA alt-svc h3=":443"; ma=86400 content-length 43092
GET H2	200	TheSansBW2XtraLt.woff fonts.cdnfonts.com/s/39338/	40 KB 40 KB	100ms 53ms	Font font/woff	2606:4700:e2::ac40:8416 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fonts.cdnfonts.com/s/39338/TheSansBW2XtraLt.woff Requested by Host: fonts.cdnfonts.com URL: https://fonts.cdnfonts.com/css/thesansb Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e2::ac40:8416 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b3462cf61ca7a89af9c2febe58cbea95a591da516f8da143c06d4da6c6e53b30` Request headers Referer https://fonts.cdnfonts.com/css/thesansb Origin https://swisscom-extranet.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36 Response headers date Thu, 07 Dec 2023 01:27:27 GMT cf-cache-status MISS last-modified Sat, 05 Feb 2022 02:00:49 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "9e4c-5d73bbc8262b3" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BakjnhM6hjjVq1RgyDp4A%2B8JFy5%2FplvERpxUnB5RYYgvpEZq2F8IDnl6KzDf0a6cSu5S5uN9cj3p1z%2FWkZYi47AMqvQOt9ZfB2F734G6dToFpc0GRZ3DCdWRYaWBuzAqDbhraBZHdniulpX0ySN0%2BeI%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff access-control-allow-origin * cache-control max-age=2678400 accept-ranges bytes cf-ray 8318fc7d3fd9365d-FRA alt-svc h3=":443"; ma=86400 content-length 40524
GET H2	200	TheSansBW3Light.woff fonts.cdnfonts.com/s/39338/	41 KB 42 KB	120ms 73ms	Font font/woff	2606:4700:e2::ac40:8416 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fonts.cdnfonts.com/s/39338/TheSansBW3Light.woff Requested by Host: fonts.cdnfonts.com URL: https://fonts.cdnfonts.com/css/thesansb Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e2::ac40:8416 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `71d0f56829338ea1ec8aa92079e98559bcc9e4964602bdd58bb4323b78ee0767` Request headers Referer https://fonts.cdnfonts.com/css/thesansb Origin https://swisscom-extranet.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36 Response headers date Thu, 07 Dec 2023 01:27:27 GMT cf-cache-status MISS last-modified Sat, 05 Feb 2022 02:00:49 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "a554-5d73bbc8262b3" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k6pWi5H%2Bhoz%2B99agD56egWBFC%2BEhZYUAxQr4j%2BGgBxKoihJ0bzY5g%2BtJfLh8g7D%2F7ROobphib%2BcJxfkpm88hwNndDhlo4IZpZiMLfqECAYNo8c6OGvR1B1QpzNHRin7oz1p2rjZiPUN565isYNyD0dA%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff access-control-allow-origin * cache-control max-age=2678400 accept-ranges bytes cf-ray 8318fc7d3fd6365d-FRA alt-svc h3=":443"; ma=86400 content-length 42324

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Swisscom (Telecommunication)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.cdnfonts.com
swisscom-extranet.com
2606:4700:e2::ac40:8416
91.215.85.194
152f308e716c4e3dd51402f6df8466aaf1cea4faa21b629c5e88c8fc60984980
2afac1238d515d8ff647895e76b18d3a26f4d9f116cf421634594013909cde4b
6043ce9a9a937fa7f0c4da011842e74edb2f1389fe9692cae357496c820c7289
6ef662586c2ff0498e9e3dda5ccf3ebcaeeb0960edc42d8debc5bf35b345fc4e
71d0f56829338ea1ec8aa92079e98559bcc9e4964602bdd58bb4323b78ee0767
9679fa083ccb985967dbf3aad4af3d593df9ee8dfb0bc7e92ffbc919343e347b
a26f96264c1f3350fd5b81ad64f4b3aa81a42bfd9517a06f716fa823d34bc049
b3462cf61ca7a89af9c2febe58cbea95a591da516f8da143c06d4da6c6e53b30
be8609d9b2e9398a98b7c9cf037e78b4652c2d2947a46c559910048544149a6c
dc58ded68592d0376a68cb174f5509208c22edc10b0003aaac51e35484447364

swisscom-extranet.com Open in urlscan Pro 91.215.85.194 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

10 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

165 kBTransfer

168 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

swisscom-extranet.com Open in urlscan Pro
91.215.85.194 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

165 kB
Transfer

168 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!