br-abayat.com Open in urlscan Pro
195.201.163.40  Malicious Activity! Public Scan

3 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response br-abayat.com/.well-known/ticket/torsion/pass/	23 KB 23 KB	117ms 49ms	Document text/html	195.201.163.40 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://br-abayat.com/.well-known/ticket/torsion/pass/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 195.201.163.40 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS bragma.com Software nginx / Resource Hash 6e8a2825cc74e35f58f7381900babbca959a5fc525b55df8126a9d25db043606 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Cache-Control max-age=0, no-cache, no-store, must-revalidate Connection keep-alive Content-Length 23291 Content-Type text/html Date Sun, 11 Dec 2022 18:22:53 GMT Expires Thu, 1 Jan 1970 00:00:00 GMT Pragma no-cache Server nginx
GET H/1.1	200 OK	sso.min-20200819.css www.swisspass.ch//resources/css/normal/app/	180 KB 181 KB	154ms 47ms	Stylesheet text/css	193.203.121.166 SBB-CFF-FFS Telec...
General Check archive.org Show headers Download Go to Full URL https://www.swisspass.ch//resources/css/normal/app/sso.min-20200819.css Requested by Host: br-abayat.com URL: https://br-abayat.com/.well-known/ticket/torsion/pass/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 193.203.121.166 , Switzerland, ASN31004 (SBB-CFF-FFS Telecom SBB, CH), Reverse DNS Software Apache / Resource Hash 17b7c94cb891331ef612c7b2b3648f007c1c4f6a2eb420199bb275d91450959b Security Headers Name Value Strict-Transport-Security max-age=16070400 X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://br-abayat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers Date Sun, 11 Dec 2022 18:22:54 GMT Strict-Transport-Security max-age=16070400 X-Content-Type-Options nosniff Connection Keep-Alive Content-Length 184064 X-XSS-Protection 1; mode=block Referrer-Policy same-origin last-modified Thu, 17 Nov 2022 12:57:11 GMT Server Apache etag "63762fa7-2cf00" x-frame-options sameorigin Content-Type text/css cache-control private Feature-Policy autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self' accept-ranges bytes Keep-Alive timeout=10, max=500
GET H/1.1	200 OK	modernizr-20200819.js Show response www.swisspass.ch//resources/js/vendor/head/modernizr/	8 KB 8 KB	145ms 38ms	Script application/javascript	193.203.121.166 SBB-CFF-FFS Telec...
General Check archive.org Show headers Download Go to Full URL https://www.swisspass.ch//resources/js/vendor/head/modernizr/modernizr-20200819.js Requested by Host: br-abayat.com URL: https://br-abayat.com/.well-known/ticket/torsion/pass/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 193.203.121.166 , Switzerland, ASN31004 (SBB-CFF-FFS Telecom SBB, CH), Reverse DNS Software Apache / Resource Hash 4a3d4cf982535aaf485c6e3af9ad1498df5c065adf94eed056f0aa13c31e92ed Security Headers Name Value Strict-Transport-Security max-age=16070400 X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://br-abayat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers Date Sun, 11 Dec 2022 18:22:54 GMT Strict-Transport-Security max-age=16070400 X-Content-Type-Options nosniff Connection Keep-Alive Content-Length 7769 X-XSS-Protection 1; mode=block Referrer-Policy same-origin last-modified Thu, 17 Nov 2022 12:57:12 GMT Server Apache etag "63762fa8-1e59" x-frame-options sameorigin Content-Type application/javascript cache-control private Feature-Policy autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self' accept-ranges bytes Keep-Alive timeout=10, max=500
GET H2	200	otSDKStub.js Show response cdn.cookielaw.org/scripttemplates/	21 KB 8 KB	84ms 29ms	Script application/javascript	2606:4700::6810:9540 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/otSDKStub.js Requested by Host: br-abayat.com URL: https://br-abayat.com/.well-known/ticket/torsion/pass/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://br-abayat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 11 Dec 2022 18:22:53 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 bKkFjZE43AfZo3jm8gqLew== age 68403 strict-transport-security max-age=31536000; includeSubDomains; preload content-length 7151 x-ms-lease-status unlocked last-modified Thu, 08 Dec 2022 21:22:16 GMT server cloudflare etag 0x8DAD96247F69588 vary Accept-Encoding content-type application/javascript access-control-allow-origin * x-ms-request-id 8efa7dae-001e-0030-5f62-0b82cc000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 77803f936f3d90ec-FRA
GET H2	200	launch-6cc731e967aa.min.js Show response assets.adobedtm.com/15ff638fdec4/7a0c4d63ddff/	139 KB 41 KB	112ms 18ms	Script application/x-javascript	2a02:26f0:480:287::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/15ff638fdec4/7a0c4d63ddff/launch-6cc731e967aa.min.js Requested by Host: br-abayat.com URL: https://br-abayat.com/.well-known/ticket/torsion/pass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:287::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 811e8df757d166dce4bda35c81d2f639eed22055abd034720214c7125b21b737 Request headers accept-language de-DE,de;q=0.9 Referer https://br-abayat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Sun, 11 Dec 2022 18:22:54 GMT content-encoding gzip last-modified Mon, 11 Jul 2022 13:22:51 GMT server AkamaiNetStorage etag "189167e53066c0526a1465b03aaa8a84:1657545771.809033" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://br-abayat.com cache-control max-age=3600 accept-ranges bytes timing-allow-origin * content-length 41295 expires Sun, 11 Dec 2022 19:22:54 GMT
GET H/1.1	200 OK	logo_text_de-20200819.svg www.swisspass.ch//resources/img/	137 KB 137 KB	68ms 39ms	Image image/svg+xml	193.203.121.166 SBB-CFF-FFS Telec...
General Check archive.org Show headers Download Go to Show image Full URL https://www.swisspass.ch//resources/img/logo_text_de-20200819.svg Requested by Host: br-abayat.com URL: https://br-abayat.com/.well-known/ticket/torsion/pass/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 193.203.121.166 , Switzerland, ASN31004 (SBB-CFF-FFS Telecom SBB, CH), Reverse DNS Software Apache / Resource Hash c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07 Security Headers Name Value Strict-Transport-Security max-age=16070400 X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://br-abayat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers Date Sun, 11 Dec 2022 18:22:54 GMT Strict-Transport-Security max-age=16070400 X-Content-Type-Options nosniff Referrer-Policy same-origin last-modified Thu, 17 Nov 2022 12:57:11 GMT Server Apache etag "63762fa7-222c3" x-frame-options sameorigin Content-Type image/svg+xml Feature-Policy autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self' Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=10, max=498 Content-Length 139971 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	logo-20200819.svg www.swisspass.ch//resources/img/	7 KB 8 KB	71ms 41ms	Image image/svg+xml	193.203.121.166 SBB-CFF-FFS Telec...
General Check archive.org Show headers Download Go to Show image Full URL https://www.swisspass.ch//resources/img/logo-20200819.svg Requested by Host: br-abayat.com URL: https://br-abayat.com/.well-known/ticket/torsion/pass/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 193.203.121.166 , Switzerland, ASN31004 (SBB-CFF-FFS Telecom SBB, CH), Reverse DNS Software Apache / Resource Hash deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909 Security Headers Name Value Strict-Transport-Security max-age=16070400 X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://br-abayat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers Date Sun, 11 Dec 2022 18:22:54 GMT Strict-Transport-Security max-age=16070400 X-Content-Type-Options nosniff Referrer-Policy same-origin last-modified Thu, 17 Nov 2022 12:57:11 GMT Server Apache etag "63762fa7-1cce" x-frame-options sameorigin Content-Type image/svg+xml Feature-Policy autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self' Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=10, max=497 Content-Length 7374 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	loader-20200819.png www.swisspass.ch//resources/img/	272 B 942 B	95ms 35ms	Image image/png	193.203.121.166 SBB-CFF-FFS Telec...
General Check archive.org Show headers Download Go to Show image Full URL https://www.swisspass.ch//resources/img/loader-20200819.png Requested by Host: br-abayat.com URL: https://br-abayat.com/.well-known/ticket/torsion/pass/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 193.203.121.166 , Switzerland, ASN31004 (SBB-CFF-FFS Telecom SBB, CH), Reverse DNS Software Apache / Resource Hash f766c7457c6ec463eaa85778aa47261344f1772e0b7cf1987ad212f889f472f5 Security Headers Name Value Strict-Transport-Security max-age=16070400 X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://br-abayat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers Date Sun, 11 Dec 2022 18:22:54 GMT Strict-Transport-Security max-age=16070400 X-Content-Type-Options nosniff Referrer-Policy same-origin last-modified Thu, 17 Nov 2022 12:57:11 GMT Server Apache etag "63762fa7-110" x-frame-options sameorigin Content-Type image/png Feature-Policy autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self' Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=10, max=500 Content-Length 272 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	jquery-20200819.js Show response www.swisspass.ch//resources/primefaces/jquery/	95 KB 96 KB	39ms 38ms	Script application/javascript	193.203.121.166 SBB-CFF-FFS Telec...
General Check archive.org Show headers Download Go to Full URL https://www.swisspass.ch//resources/primefaces/jquery/jquery-20200819.js Requested by Host: br-abayat.com URL: https://br-abayat.com/.well-known/ticket/torsion/pass/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 193.203.121.166 , Switzerland, ASN31004 (SBB-CFF-FFS Telecom SBB, CH), Reverse DNS Software Apache / Resource Hash 24f31a4afb4d98c85b6cff4c9a953654a77986d6c4c9e9cae52cf57e59095e01 Security Headers Name Value Strict-Transport-Security max-age=16070400 X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://br-abayat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers Date Sun, 11 Dec 2022 18:22:54 GMT Strict-Transport-Security max-age=16070400 X-Content-Type-Options nosniff Referrer-Policy same-origin last-modified Thu, 17 Nov 2022 12:57:12 GMT Server Apache etag "63762fa8-17c54" x-frame-options sameorigin Content-Type application/javascript Feature-Policy autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self' Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=10, max=499 Content-Length 97364 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	vendor.min-20200819.js Show response www.swisspass.ch//resources/js/vendor/	175 KB 176 KB	45ms 44ms	Script application/javascript	193.203.121.166 SBB-CFF-FFS Telec...
General Check archive.org Show headers Download Go to Full URL https://www.swisspass.ch//resources/js/vendor/vendor.min-20200819.js Requested by Host: br-abayat.com URL: https://br-abayat.com/.well-known/ticket/torsion/pass/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 193.203.121.166 , Switzerland, ASN31004 (SBB-CFF-FFS Telecom SBB, CH), Reverse DNS Software Apache / Resource Hash be0223ae72bc8c610c7a5453d349964cbe78ff8646695a58bc13a4cf0a8d81d6 Security Headers Name Value Strict-Transport-Security max-age=16070400 X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://br-abayat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers Date Sun, 11 Dec 2022 18:22:54 GMT Strict-Transport-Security max-age=16070400 X-Content-Type-Options nosniff Referrer-Policy same-origin last-modified Thu, 17 Nov 2022 12:57:12 GMT Server Apache etag "63762fa8-2bc0a" x-frame-options sameorigin Content-Type application/javascript Feature-Policy autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self' Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=10, max=499 Content-Length 179210 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	swisspass.min-20200819.js Show response www.swisspass.ch//resources/js/	97 KB 98 KB	40ms 39ms	Script application/javascript	193.203.121.166 SBB-CFF-FFS Telec...
General Check archive.org Show headers Download Go to Full URL https://www.swisspass.ch//resources/js/swisspass.min-20200819.js Requested by Host: br-abayat.com URL: https://br-abayat.com/.well-known/ticket/torsion/pass/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 193.203.121.166 , Switzerland, ASN31004 (SBB-CFF-FFS Telecom SBB, CH), Reverse DNS Software Apache / Resource Hash 225e078f0432e7459d74e8d9245f1982570a3897d664ca2d219ccd09b244ab95 Security Headers Name Value Strict-Transport-Security max-age=16070400 X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://br-abayat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers Date Sun, 11 Dec 2022 18:22:54 GMT Strict-Transport-Security max-age=16070400 X-Content-Type-Options nosniff Referrer-Policy same-origin last-modified Thu, 17 Nov 2022 12:57:12 GMT Server Apache etag "63762fa8-183fc" x-frame-options sameorigin Content-Type application/javascript Feature-Policy autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self' Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=10, max=498 Content-Length 99324 X-XSS-Protection 1; mode=block
GET H2	200	SBBWeb-Light.woff2 cdn.app.sbb.ch/fonts/v1_6_subset/	14 KB 14 KB	104ms 41ms	Font application/font-woff2	52.28.182.162 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Light.woff2 Requested by Host: www.swisspass.ch URL: https://www.swisspass.ch//resources/css/normal/app/sso.min-20200819.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.28.182.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-28-182-162.eu-central-1.compute.amazonaws.com Software nginx/1.23.2 / Resource Hash 5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf Request headers Referer Origin https://br-abayat.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Sun, 11 Dec 2022 18:22:54 GMT content-encoding br last-modified Fri, 17 Dec 2021 15:16:26 GMT server nginx/1.23.2 etag W/"61bca9ca-3784" vary Accept-Encoding access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS content-type application/font-woff2 access-control-allow-origin * cache-control max-age=31536000, public, private access-control-allow-credentials true access-control-allow-headers Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With expires Mon, 11 Dec 2023 18:22:54 GMT
GET H2	200	e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json Show response cdn.cookielaw.org/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/	4 KB 2 KB	99ms 59ms	XHR application/x-javascript	2606:4700::6810:9540 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b6d7a8a9faa62fca5c82d46a0529984c00bd18e7c6c35e564fecd795b538a6ab Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://br-abayat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 11 Dec 2022 18:22:54 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC content-md5 ff53+VGF/tBRNSHyLiz7Xg== strict-transport-security max-age=31536000; includeSubDomains; preload content-length 1445 x-ms-lease-status unlocked last-modified Thu, 12 May 2022 08:50:28 GMT server cloudflare etag 0x8DA33F476D1F927 content-type application/x-javascript access-control-allow-origin * x-ms-request-id 2906fb03-b01e-006d-748d-0d72c8000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=14400 x-ms-version 2009-09-19 cf-ray 77803f950f9c90c7-FRA
GET		icomoon.woff2 www.swisspass.ch//resources/fonts/icomoon/	0 0
GET H/1.1	200 OK	co-branding Show response br-abayat.com/idp/	169 KB 170 KB	473ms 473ms	XHR text/html	195.201.163.40 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://br-abayat.com/idp/co-branding?resource=co-branding&lang=de&provider=sbbkn Requested by Host: www.swisspass.ch URL: https://www.swisspass.ch//resources/primefaces/jquery/jquery-20200819.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 195.201.163.40 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS bragma.com Software nginx / Resource Hash 0c17ab5d5076bc59d96e20754270290456150fb1f9ca0354e577153af4ca538f Request headers Accept */* Referer https://br-abayat.com/.well-known/ticket/torsion/pass/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers Pragma no-cache Date Sun, 11 Dec 2022 18:22:54 GMT Server nginx Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, no-store, must-revalidate Connection keep-alive Expires 0
GET H2	200	location Show response geolocation.onetrust.com/cookieconsentpub/v1/geo/	59 B 304 B	122ms 61ms	XHR application/json	2606:4700::6812:1b55 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1b55 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept application/json Referer https://br-abayat.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Sun, 11 Dec 2022 18:22:54 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip server cloudflare vary Accept-Encoding access-control-allow-methods GET, OPTIONS content-type application/json access-control-allow-origin * cf-ray 77803f95cd52bba7-FRA access-control-allow-headers Content-Type
GET		icomoon.ttf www.swisspass.ch//resources/fonts/icomoon/	0 0
GET		icomoon.woff www.swisspass.ch//resources/fonts/icomoon/	0 0
GET H2	200	otBannerSdk.js Show response cdn.cookielaw.org/scripttemplates/6.28.0/	324 KB 77 KB	28ms 27ms	Script application/javascript	2606:4700::6810:9540 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/6.28.0/otBannerSdk.js Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 204a3299ddc67db6fd1836653ece6696c46f1b2d7fb7abcb4fe9132abe2b6612 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://br-abayat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 11 Dec 2022 18:22:54 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 uLX5MH+Q3LyO9KMWLS7oIw== age 67741 strict-transport-security max-age=31536000; includeSubDomains; preload content-length 78871 x-ms-lease-status unlocked last-modified Thu, 10 Feb 2022 10:47:32 GMT server cloudflare etag 0x8D9EC82BE23B55F vary Accept-Encoding content-type application/javascript access-control-allow-origin * x-ms-request-id 335710a5-201e-00a4-41b0-2ce202000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 77803f963c8b90ec-FRA
GET H2	200	de-ch.json Show response cdn.cookielaw.org/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/ba92dbb5-02d7-443f-8481-b67e4427328b/	51 KB 14 KB	61ms 60ms	Fetch application/x-javascript	2606:4700::6810:9540 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/ba92dbb5-02d7-443f-8481-b67e4427328b/de-ch.json Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/6.28.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash febc6f911627d3a8cda6790087fbcf351221485f4ec2895279ca014b03f5ddae Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://br-abayat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 11 Dec 2022 18:22:54 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC content-md5 IFtFcLxlSmQAY+OQFNOEjA== strict-transport-security max-age=31536000; includeSubDomains; preload content-length 14098 x-ms-lease-status unlocked last-modified Thu, 12 May 2022 08:50:32 GMT server cloudflare etag 0x8DA33F47908F81C content-type application/x-javascript access-control-allow-origin * x-ms-request-id c4245c42-601e-0046-438d-0d0670000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=14400 x-ms-version 2009-09-19 cf-ray 77803f96b99c90c7-FRA
GET H2	200	otFlat.json Show response cdn.cookielaw.org/scripttemplates/6.28.0/assets/	13 KB 3 KB	50ms 49ms	Fetch application/json	2606:4700::6810:9540 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/6.28.0/assets/otFlat.json Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/6.28.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://br-abayat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 11 Dec 2022 18:22:54 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 NLM0iGNpyC/+I80+dPdiSQ== strict-transport-security max-age=31536000; includeSubDomains; preload content-length 2950 x-ms-lease-status unlocked last-modified Thu, 10 Feb 2022 10:47:22 GMT server cloudflare etag 0x8D9EC82B7D61026 vary Accept-Encoding content-type application/json access-control-allow-origin * x-ms-request-id 4bf4ef7b-701e-015d-6e64-0d6eb7000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 77803f972a1b90c7-FRA
GET H2	200	otCommonStyles.css Show response cdn.cookielaw.org/scripttemplates/6.28.0/assets/	20 KB 4 KB	86ms 85ms	Fetch text/css	2606:4700::6810:9540 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/6.28.0/assets/otCommonStyles.css Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/6.28.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://br-abayat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 11 Dec 2022 18:22:54 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding gzip content-md5 Ye6OeZcNyuFoWog7CYs00A== x-ms-lease-status unlocked last-modified Thu, 10 Feb 2022 10:47:44 GMT server cloudflare vary Accept-Encoding content-type text/css access-control-allow-origin * x-ms-request-id 8e766180-d01e-0172-3c64-0def8d000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 cf-ray 77803f972a1f90c7-FRA
GET H2	200	SBBWeb-Roman.woff2 cdn.app.sbb.ch/fonts/v1_6_subset/	14 KB 14 KB	24ms 24ms	Font application/font-woff2	52.28.182.162 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Roman.woff2 Requested by Host: www.swisspass.ch URL: https://www.swisspass.ch//resources/css/normal/app/sso.min-20200819.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.28.182.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-28-182-162.eu-central-1.compute.amazonaws.com Software nginx/1.23.2 / Resource Hash 966a89b8080879ba41c6b9f15c5efb58182c33a0d2d1e08748beb554b28b4997 Request headers Referer Origin https://br-abayat.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Sun, 11 Dec 2022 18:22:54 GMT content-encoding br last-modified Fri, 17 Dec 2021 15:16:26 GMT server nginx/1.23.2 etag W/"61bca9ca-3748" vary Accept-Encoding access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS content-type application/font-woff2 access-control-allow-origin * cache-control max-age=31536000, public, private access-control-allow-credentials true access-control-allow-headers Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With expires Mon, 11 Dec 2023 18:22:54 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

www.swisspass.ch

URL

https://www.swisspass.ch//resources/fonts/icomoon/icomoon.woff2?7m5yri

Domain

www.swisspass.ch

URL

https://www.swisspass.ch//resources/fonts/icomoon/icomoon.ttf?7m5yri

Domain

www.swisspass.ch

URL

https://www.swisspass.ch//resources/fonts/icomoon/icomoon.woff?7m5yri

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Schweizerische Bundesbahnen (Transportation)

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| digitalDataLayer object| html5 object| Modernizr object| OneTrustStub object| digitalData object| dataLayerEvent function| OptanonWrapper function| validateForm function| closeModal function| $ function| jQuery object| jQuery11200022167255752537862 function| A11yDialog function| iFrameResize function| Cleave function| OevcResourceLoader object| dp object| oevc object| webtrends boolean| isMobile function| validate object| options object| attrs object| allowedProviders object| rememberMe boolean| providerAllowsRememberMe object| _satellite boolean| __satelliteLoaded string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData object| Optanon object| OneTrust

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.www.swisspass.ch/	1969-12-31 23:59:59	Name: AL_SESS-S Value: ATH8QZUsXSnBeejTCuzsyJlpr3lQoRz0PYYtNuTxa4BV1bxsO8QzBep5lF2xPGLLGGIC
			br-abayat.com/	1970-01-20 16:51:58	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Sun+Dec+11+2022+18%3A22%3A54+GMT%2B0000+(GMT)&version=6.28.0&isIABGlobal=false&hosts=&consentId=ca4f3c8f-4d03-4f0d-8bab-3cf2af461eab&interactionCount=0&landingPath=https%3A%2F%2Fbr-abayat.com%2F.well-known%2Fticket%2Ftorsion%2Fpass%2F&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://br-abayat.com/.well-known/ticket/torsion/pass/ Message: Access to font at 'https://www.swisspass.ch//resources/fonts/icomoon/icomoon.woff2?7m5yri' from origin 'https://br-abayat.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.swisspass.ch//resources/fonts/icomoon/icomoon.woff2?7m5yri Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://br-abayat.com/.well-known/ticket/torsion/pass/ Message: Access to font at 'https://www.swisspass.ch//resources/fonts/icomoon/icomoon.ttf?7m5yri' from origin 'https://br-abayat.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.swisspass.ch//resources/fonts/icomoon/icomoon.ttf?7m5yri Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://br-abayat.com/.well-known/ticket/torsion/pass/ Message: Access to font at 'https://www.swisspass.ch//resources/fonts/icomoon/icomoon.woff?7m5yri' from origin 'https://br-abayat.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.swisspass.ch//resources/fonts/icomoon/icomoon.woff?7m5yri Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
br-abayat.com
cdn.app.sbb.ch
cdn.cookielaw.org
geolocation.onetrust.com
www.swisspass.ch
www.swisspass.ch
193.203.121.166
195.201.163.40
2606:4700::6810:9540
2606:4700::6812:1b55
2a02:26f0:480:287::1e80
52.28.182.162
0c17ab5d5076bc59d96e20754270290456150fb1f9ca0354e577153af4ca538f
17b7c94cb891331ef612c7b2b3648f007c1c4f6a2eb420199bb275d91450959b
204a3299ddc67db6fd1836653ece6696c46f1b2d7fb7abcb4fe9132abe2b6612
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
225e078f0432e7459d74e8d9245f1982570a3897d664ca2d219ccd09b244ab95
24f31a4afb4d98c85b6cff4c9a953654a77986d6c4c9e9cae52cf57e59095e01
2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659
4a3d4cf982535aaf485c6e3af9ad1498df5c065adf94eed056f0aa13c31e92ed
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf
6e8a2825cc74e35f58f7381900babbca959a5fc525b55df8126a9d25db043606
72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4
811e8df757d166dce4bda35c81d2f639eed22055abd034720214c7125b21b737
966a89b8080879ba41c6b9f15c5efb58182c33a0d2d1e08748beb554b28b4997
b6d7a8a9faa62fca5c82d46a0529984c00bd18e7c6c35e564fecd795b538a6ab
bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0
be0223ae72bc8c610c7a5453d349964cbe78ff8646695a58bc13a4cf0a8d81d6
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909
f766c7457c6ec463eaa85778aa47261344f1772e0b7cf1987ad212f889f472f5
febc6f911627d3a8cda6790087fbcf351221485f4ec2895279ca014b03f5ddae