swiss-caf5cb-pass.cim-holding.net Open in urlscan Pro
172.67.167.190  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response swiss-caf5cb-pass.cim-holding.net/	4 KB 2 KB	94ms 42ms	Document text/html	172.67.167.190 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://swiss-caf5cb-pass.cim-holding.net/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.167.190 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 35dd80289ea6d4667b5ad2734b84d7900e9ab4f1852caccd128cd37006b0b12b Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8a4e4665ce144d9d-FRA content-encoding br content-type text/html; charset=UTF-8 date Thu, 18 Jul 2024 00:15:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CtO4MGazaExfjTwaonEppZecHmIdCfwyYbgWbskWG1dMpSf9dMiHMNLbjXG6SOG%2FdKQn8qq8Dr3JVpPlGAnfCidlvfALTBheBTe6S9qJZCEoSbhvfDeRWYl1VP%2B4NGYa6BYHdBjy3zmhJktgCzeVkUKpQek%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H3	200	api.js Show response www.google.com/recaptcha/	1 KB 961 B	124ms 48ms	Script text/javascript	142.250.185.100 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js?hl=de Requested by Host: swiss-caf5cb-pass.cim-holding.net URL: https://swiss-caf5cb-pass.cim-holding.net/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.100 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f4.1e100.net Software GSE / Resource Hash df85e001ce72e46c578531cf3ea8bbb0712a4af63abc112d9d633e474c05965f Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://swiss-caf5cb-pass.cim-holding.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 18 Jul 2024 00:15:02 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 1; mode=block expires Thu, 18 Jul 2024 00:15:02 GMT
GET H2	200	logo_text_de-20200819.png www.swisspass.ch//resources/img/	11 KB 12 KB	269ms 181ms	Image image/png	2a06:98c1:3200::90:80 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.swisspass.ch//resources/img/logo_text_de-20200819.png Requested by Host: swiss-caf5cb-pass.cim-holding.net URL: https://swiss-caf5cb-pass.cim-holding.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3200::90:80 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e0f4424a0cfc4143868873503307ca73dd8011e931f21e2d90e018cecf2b8e20 Security Headers Name Value Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://swiss-caf5cb-pass.cim-holding.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 18 Jul 2024 00:15:02 GMT strict-transport-security max-age=16070400; includeSubDomains x-content-type-options nosniff cf-cache-status MISS content-length 11662 x-xss-protection 1; mode=block pragma no-cache referrer-policy same-origin last-modified Thu, 11 Jul 2024 10:03:55 GMT server cloudflare etag "668fae0b-2d8e" x-frame-options SAMEORIGIN vary Accept-Encoding content-type image/png cache-control no-cache, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 feature-policy autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self' accept-ranges bytes cf-ray 8a4e4666aaa3119e-CDG expires Thu, 18 Jul 2024 00:15:01 GMT
GET H3	200	api.js Show response www.google.com/recaptcha/	1 KB 961 B	107ms 48ms	Script text/javascript	142.250.185.100 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js Requested by Host: swiss-caf5cb-pass.cim-holding.net URL: https://swiss-caf5cb-pass.cim-holding.net/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.100 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f4.1e100.net Software GSE / Resource Hash df85e001ce72e46c578531cf3ea8bbb0712a4af63abc112d9d633e474c05965f Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://swiss-caf5cb-pass.cim-holding.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 18 Jul 2024 00:15:02 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 1; mode=block expires Thu, 18 Jul 2024 00:15:02 GMT
GET H2	200	login_bg.jpg resources.swisspass.ch/content/dam/swisspass/co-branding/swiss_ch/	196 KB 197 KB	122ms 29ms	Image image/jpeg	2a06:98c1:3200::90:83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://resources.swisspass.ch/content/dam/swisspass/co-branding/swiss_ch/login_bg.jpg Requested by Host: swiss-caf5cb-pass.cim-holding.net URL: https://swiss-caf5cb-pass.cim-holding.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3200::90:83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 58a037c0bde953b48561826f3df16031f7ddfce33c4018619d3f39c6af6eec1b Security Headers Name Value Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://swiss-caf5cb-pass.cim-holding.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 18 Jul 2024 00:15:02 GMT strict-transport-security max-age=16070400; includeSubDomains x-content-type-options nosniff cf-cache-status HIT age 19343 x-cache MISS x-url /content/dam/swisspass/co-branding/swiss_ch/login_bg.jpg content-length 200933 x-xss-protection 1; mode=block referrer-policy same-origin cf-bgj h2pri last-modified Wed, 17 Jul 2024 12:11:34 GMT server cloudflare etag "310e5-61d705d06633b" x-frame-options SAMEORIGIN vary Accept-Encoding content-type image/jpeg x-varnish 103360049 x-plattform cprod cache-control public, max-age=21600 accept-ranges bytes cf-ray 8a4e4666c8a0047b-CDG expires Thu, 18 Jul 2024 06:15:02 GMT
GET H2	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/	536 KB 213 KB	122ms 37ms	Script text/javascript	2a00:1450:4001:831::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js?hl=de Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 0481cf978633d761686dd05ed060c86593d34768aa66d43d61c4f968cbe6b63d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://swiss-caf5cb-pass.cim-holding.net/ Origin https://swiss-caf5cb-pass.cim-holding.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 17 Jul 2024 07:30:56 GMT content-encoding gzip x-content-type-options nosniff age 60246 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 217833 x-xss-protection 0 last-modified Sun, 23 Jun 2024 08:01:07 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Thu, 17 Jul 2025 07:30:56 GMT
GET H3	200	anchor www.google.com/recaptcha/api2/ Frame 74A0	0 0	133ms 49ms	Document text/html	142.250.185.100 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Leyb_clAAAAABwyCbJMr1G5GtQs7uON-WQl7bPl&co=aHR0cHM6Ly9zd2lzcy1jYWY1Y2ItcGFzcy5jaW0taG9sZGluZy5uZXQ6NDQz&hl=de&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=normal&cb=olsb5ed1cgni Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.100 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f4.1e100.net Software GSE / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-wHrqnTFfq0-RwoA0QWByGw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://swiss-caf5cb-pass.cim-holding.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, no-store, max-age=0, must-revalidate content-encoding gzip content-security-policy script-src 'report-sample' 'nonce-wHrqnTFfq0-RwoA0QWByGw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Thu, 18 Jul 2024 00:15:02 GMT expires Mon, 01 Jan 1990 00:00:00 GMT pragma no-cache report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} server GSE x-content-type-options nosniff x-xss-protection 1; mode=block
GET H3	404	ff.ico swiss-caf5cb-pass.cim-holding.net/img/	3 KB 2 KB	33ms 32ms	Other text/html	172.67.167.190 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://swiss-caf5cb-pass.cim-holding.net/img/ff.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.167.190 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 355ec1a1500c584c024774f02476644861c89f0568ce4ae443213fca622f8f24 Request headers Referer https://swiss-caf5cb-pass.cim-holding.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 18 Jul 2024 00:15:03 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lp7UtoeWUicSR1kk0XrFF1wUSwdi3wXnR5JdsdO1fIbuDyVGv%2BRshS1RePzTrBKGZy2rOUTbYu0DGVqU3eybkeTWpigNUFVXi2QtWQYivu7c3xodZeYf7QMHQYa9WK4TJ31XvuhhHhGSxhDOYw3YVCOKLAU%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=14400 cf-ray 8a4e466c9c6c4d9d-FRA alt-svc h3=":443"; ma=86400

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Schweizerische Bundesbahnen (Transportation)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| closure_lm_103105

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.swisspass.ch/	1970-01-20 22:07:43	Name: __cf_bm Value: dnp5sgKiT.GCTBAPSOEy2WBGKRsTeNXnv0AzMKQ42GM-1721261702-1.0.1.1-qET6WeYrlymkG1CV6oetqeuSytso12fPcL7SWXBP0kbx9U3sFqa2ozpwhRoTDnbStyuAZ3FEo.DJcQr66BrMlw

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://swiss-caf5cb-pass.cim-holding.net/img/ff.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

resources.swisspass.ch
swiss-caf5cb-pass.cim-holding.net
www.google.com
www.gstatic.com
www.swisspass.ch
142.250.185.100
172.67.167.190
2a00:1450:4001:831::2003
2a06:98c1:3200::90:80
2a06:98c1:3200::90:83
0481cf978633d761686dd05ed060c86593d34768aa66d43d61c4f968cbe6b63d
355ec1a1500c584c024774f02476644861c89f0568ce4ae443213fca622f8f24
35dd80289ea6d4667b5ad2734b84d7900e9ab4f1852caccd128cd37006b0b12b
58a037c0bde953b48561826f3df16031f7ddfce33c4018619d3f39c6af6eec1b
df85e001ce72e46c578531cf3ea8bbb0712a4af63abc112d9d633e474c05965f
e0f4424a0cfc4143868873503307ca73dd8011e931f21e2d90e018cecf2b8e20