passswichweiz.sviluppo.host
Open in
urlscan Pro
185.201.65.73
Malicious Activity!
Public Scan
URL:
https://passswichweiz.sviluppo.host/no/cf/Entry.php
Submission: On August 24 via automatic, source phishtank — Scanned from IT
Submission: On August 24 via automatic, source phishtank — Scanned from IT
Summary
This website contacted 3 IPs
in 2 countries
across 2 domains to perform 14 HTTP transactions.
The main IP is 185.201.65.73, located in
Italy and
belongs to COLTENGINE COLTENGINE Network, IT.
The main domain is passswichweiz.sviluppo.host.
TLS certificate: Issued by E5 on August 24th 2024. Valid for: 3 months.
This is the only time passswichweiz.sviluppo.host was scanned on urlscan.io!
TLS certificate: Issued by E5 on August 24th 2024. Valid for: 3 months.
This is the only time passswichweiz.sviluppo.host was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Schweizerische Bundesbahnen (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 10 | 185.201.65.73 185.201.65.73 | 47242 (COLTENGIN...) (COLTENGINE COLTENGINE Network) | |
| 3 | 141.101.90.107 141.101.90.107 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 141.101.90.106 141.101.90.106 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 14 | 3 |
10
185.201.65.73
(Italy)
ASN47242 (COLTENGINE COLTENGINE Network, IT)
PTR: w3002pi.shared.host.it
ASN47242 (COLTENGINE COLTENGINE Network, IT)
PTR: w3002pi.shared.host.it
| passswichweiz.sviluppo.host |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 10 |
sviluppo.host
passswichweiz.sviluppo.host |
162 KB |
| 4 |
swisspass.ch
login.swisspass.ch — Cisco Umbrella Rank: 266400 resources.swisspass.ch — Cisco Umbrella Rank: 857601 |
219 KB |
| 14 | 2 |
| Domain | Requested by | |
|---|---|---|
| 10 | passswichweiz.sviluppo.host |
passswichweiz.sviluppo.host
|
| 3 | login.swisspass.ch |
passswichweiz.sviluppo.host
|
| 1 | resources.swisspass.ch |
passswichweiz.sviluppo.host
|
| 14 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| passswichweiz.sviluppo.host E5 |
2024-08-24 - 2024-11-22 |
3 months | crt.sh |
| swisspass.ch SwissSign RSA TLS DV ICA 2022 - 1 |
2024-03-14 - 2025-03-14 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://passswichweiz.sviluppo.host/no/cf/Entry.php
Frame ID: 01AC91AC86F84A1F8216AF8189420277
Requests: 13 HTTP requests in this frame
Frame:
https://passswichweiz.sviluppo.host/no/cf/userapp_files/saved_resource.html
Frame ID: 2493609B7B6998BE6A183F83D31D7085
Requests: 1 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
Entry.php
passswichweiz.sviluppo.host/no/cf/ |
131 KB 25 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
otSDKStub.js
passswichweiz.sviluppo.host/no/cf/userapp_files/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
styles.8501c3a64c32c7c4.css
passswichweiz.sviluppo.host/no/cf/userapp_files/ |
177 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
otBannerSdk.js
passswichweiz.sviluppo.host/no/cf/userapp_files/ |
442 KB 102 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
saved_resource.html
passswichweiz.sviluppo.host/no/cf/userapp_files/ Frame 2493 |
198 B 534 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.png
passswichweiz.sviluppo.host/no/cf/userapp_files/ |
548 B 939 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo_text_de-20200819.svg
login.swisspass.ch/resources/img/ |
137 KB 18 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo-20200819.svg
login.swisspass.ch/resources/img/ |
7 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
OneTrust_SwissPass_logo_mobile.png
passswichweiz.sviluppo.host/no/cf/userapp_files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
powered_by_logo.svg
passswichweiz.sviluppo.host/no/cf/userapp_files/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login_bg.jpg
resources.swisspass.ch/content/dam/swisspass/co-branding/swiss_ch/ |
196 KB 197 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json
passswichweiz.sviluppo.host/no/cf/userapp_files/otSDKStub.js/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/ |
1 KB 2 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
SBBWeb-Light.3f0cdd23274e17f7.woff2
passswichweiz.sviluppo.host/no/cf/userapp_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.ico
login.swisspass.ch/v3/oevlogin/ui/assets/custom/img/ |
1 KB 365 B |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Schweizerische Bundesbahnen (Transportation)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| OneTrustStub1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .swisspass.ch/ | Name: __cf_bm Value: n2RjGmXxD5z1seNiYpRJtWF4rplqT532SywVRJutmEo-1724537988-1.0.1.1-kJy0rRY2iG6JQA.A6pVbCIExhV7rI5_rpUlxmZVnF1g67TEOCkz9i3LcO_zPAgsTg0eUu0rDs9OuXUzSHUku0w |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.swisspass.ch
passswichweiz.sviluppo.host
resources.swisspass.ch
141.101.90.106
141.101.90.107
185.201.65.73
15de250a16ce58a10f84bebab59b9005ce36df4ec8e87c3bb1acc92726cfa971
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896
58a037c0bde953b48561826f3df16031f7ddfce33c4018619d3f39c6af6eec1b
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
729063f305e6efcd4a5eac69b799c96da4403fc5f082219d68f824b66213402d
7a036d721a3bbb21568fa68822dfb58ab04cc78a274c6608590440becb307ec9
7c1925da382279a72f94990d0a1456f78918619f35780ea0905e4ae0db684677
8e12bf257a56e15f5cb4fcc36e706ae4615dc43b497e24933a52886fc15587a1
92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909
e42fe383c86ab1185425bf334a44f9a311dd06d8ccf9e409d05b45dbe0bc48c6
f2f0d94a5141a75ef227f2699b6a43588741ede3edd2fe2d075a65b3d413b2f8