erlijo.com
Open in
urlscan Pro
46.163.76.228
Malicious Activity!
Public Scan
Effective URL: https://erlijo.com/login-swissid0877211/
Submission: On October 11 via api from IE — Scanned from FR
Summary
TLS certificate: Issued by Starfield Secure Certificate Authorit... on June 19th 2024. Valid for: a year.
This is the only time erlijo.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Schweizerische Bundesbahnen (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 5 | 46.163.76.228 46.163.76.228 | 8972 (GD-EMEA-D...) (GD-EMEA-DC-SXB1) | |
3 | 2 |
ASN8972 (GD-EMEA-DC-SXB1, DE)
PTR: lvps46-163-76-228.dedicated.hosteurope.de
www.biowein.be | |
erlijo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
biowein.be
1 redirects
www.biowein.be |
2 KB |
2 |
erlijo.com
1 redirects
erlijo.com |
269 KB |
3 | 2 |
Domain | Requested by | |
---|---|---|
3 | www.biowein.be | 1 redirects |
2 | erlijo.com | 1 redirects |
3 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.biowein.be Starfield Secure Certificate Authority - G2 |
2024-04-04 - 2025-04-04 |
a year | crt.sh |
www.erlijo.com Starfield Secure Certificate Authority - G2 |
2024-06-19 - 2025-06-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://erlijo.com/login-swissid0877211/
Frame ID: 587FC62FCC6B069A0734EC6B6EE5F9AF
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
SwissPassPage URL History Show full URLs
-
https://www.biowein.be/appsweb
HTTP 301
https://www.biowein.be/appsweb/ Page URL
-
https://erlijo.com/login-swissid0877211
HTTP 301
https://erlijo.com/login-swissid0877211/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.biowein.be/appsweb
HTTP 301
https://www.biowein.be/appsweb/ Page URL
-
https://erlijo.com/login-swissid0877211
HTTP 301
https://erlijo.com/login-swissid0877211/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://www.biowein.be/appsweb HTTP 301
- https://www.biowein.be/appsweb/
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
www.biowein.be/appsweb/ Redirect Chain
|
312 B 437 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
www.biowein.be/ |
1 KB 1 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
erlijo.com/login-swissid0877211/ Redirect Chain
|
555 KB 268 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 14 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 14 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
196 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
137 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 7 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Schweizerische Bundesbahnen (Transportation)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
erlijo.com
www.biowein.be
46.163.76.228
58a037c0bde953b48561826f3df16031f7ddfce33c4018619d3f39c6af6eec1b
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf
668d4c9261416f5aad9df5a52d3af64365fd041369bda1200bf37f901ac126d1
78a4a776506b173ae79fd021d0e9003c7d653ca204ea1d69bea4d553f92f787d
8cc5ca17a60b4cf54cacc06181d3ff0e5d25278ffb24dd47bb8b483b030d27a4
966a89b8080879ba41c6b9f15c5efb58182c33a0d2d1e08748beb554b28b4997
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
fcbc4c7714260781db7885beece181037d5a3ee132c37a865a9611b71e7687db