urlscan.io logo urlscan.io
SecurityTrails logo

gp.spaceworm.ch Open in urlscan Pro
77.239.42.245  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://gp.spaceworm.ch/
Effective URL: https://gp.spaceworm.ch/
Submission: On December 15 via api from US — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 77.239.42.245, located in Gerlafingen, Switzerland and belongs to QUICKLINE Quickline AG, CH. The main domain is gp.spaceworm.ch.
TLS certificate: Issued by R11 on September 14th 2024. Valid for: 3 months.
This is the only time gp.spaceworm.ch was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Schweizerische Bundesbahnen (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 77.239.42.245 15600 (QUICKLINE...)
1 2
Apex Domain
Subdomains		 Transfer
1 spaceworm.ch
gp.spaceworm.ch
83 KB
1 1
Domain Requested by
1 gp.spaceworm.ch
1 1

This site contains links to these domains. Also see Links.

Domain
login.swisspass.ch
Subject Issuer Validity Valid
gp.spaceworm.ch
R11		 2024-09-14 -
2024-12-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://gp.spaceworm.ch/
Frame ID: 9223830F34948E172E7EEBFD0FC3675D
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login | SwissPass

Page URL History Show full URLs

  1. http://gp.spaceworm.ch/ HTTP 307
    https://gp.spaceworm.ch/ Page URL

Page Statistics

1
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

117 kB
Transfer

452 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://gp.spaceworm.ch/ HTTP 307
    https://gp.spaceworm.ch/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
gp.spaceworm.ch/
Redirect Chain
  • http://gp.spaceworm.ch/
  • https://gp.spaceworm.ch/
281 KB
83 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gp.spaceworm.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
77.239.42.245 Gerlafingen, Switzerland, ASN15600 (QUICKLINE Quickline AG, CH),
Reverse DNS
245-42-239-77.dyn.cable.qlnet.ch
Software
nginx /
Resource Hash
dfa799bd7743b344a5c7ee21e37b62907dfe4a12cbeeb56b8ef1dedc1fe29146
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Sun, 15 Dec 2024 13:56:29 GMT
ETag
"46342-6252569a80663-gzip"
Last-Modified
Wed, 23 Oct 2024 14:07:56 GMT
Server
nginx
Strict-Transport-Security
max-age=63072000
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

Location
https://gp.spaceworm.ch/
Non-Authoritative-Reason
HttpsUpgrades
truncated
/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://gp.spaceworm.ch
Referer

Response headers

Content-Type
application/font-woff2
truncated
/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
966a89b8080879ba41c6b9f15c5efb58182c33a0d2d1e08748beb554b28b4997

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://gp.spaceworm.ch
Referer

Response headers

Content-Type
application/font-woff2
truncated
/ 		137 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ceb27bfba35e08b536d59228ace4ff893bdc1d78d5c05ca437193192b60b53eb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		7 KB
7 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
78a4a776506b173ae79fd021d0e9003c7d653ca204ea1d69bea4d553f92f787d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://gp.spaceworm.ch
Referer

Response headers

Content-Type
font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Schweizerische Bundesbahnen (Transportation)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://gp.spaceworm.ch/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000