urlscan.io logo urlscan.io
SecurityTrails logo

preetikumar.com Open in urlscan Pro
2606:4700:3033::6815:438b  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://preetikumar.com/wp-content/uploads/ds/swiss
Effective URL: https://preetikumar.com/wp-content/uploads/ds/swiss/sws-log.php?token=TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZV...
Submission: On October 03 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 2 HTTP transactions. The main IP is 2606:4700:3033::6815:438b, located in United States and belongs to CLOUDFLARENET, US. The main domain is preetikumar.com.
TLS certificate: Issued by WE1 on August 31st 2024. Valid for: 3 months.
This is the only time preetikumar.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Swisscom (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
2 4 2606:4700:303... 13335 (CLOUDFLAR...)
2 2
Apex Domain
Subdomains		 Transfer
4 preetikumar.com
preetikumar.com
318 KB
2 1
Domain Requested by
4 preetikumar.com 2 redirects
2 1

This site contains no links.

Subject Issuer Validity Valid
preetikumar.com
WE1		 2024-08-31 -
2024-11-29		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://preetikumar.com/wp-content/uploads/ds/swiss/sws-log.php?token=TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTI5LjAuMC4wIFNhZmFyaS81MzcuMzYyMDAxOmFjODoyMDoyNzE6OjFlMjAyNDpPY3Q6VGh1
Frame ID: E6AE13228A2B6C7466CA20A4A4FEB4D2
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Swisscom Login

Page URL History Show full URLs

  1. http://preetikumar.com/wp-content/uploads/ds/swiss HTTP 307
    https://preetikumar.com/wp-content/uploads/ds/swiss HTTP 301
    https://preetikumar.com/wp-content/uploads/ds/swiss/ HTTP 302
    https://preetikumar.com/wp-content/uploads/ds/swiss/sws-log.php?token=TW96aWxsYS81LjAgKFgxMTsgTGludX... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

2
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

443 kB
Transfer

656 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://preetikumar.com/wp-content/uploads/ds/swiss HTTP 307
    https://preetikumar.com/wp-content/uploads/ds/swiss HTTP 301
    https://preetikumar.com/wp-content/uploads/ds/swiss/ HTTP 302
    https://preetikumar.com/wp-content/uploads/ds/swiss/sws-log.php?token=TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTI5LjAuMC4wIFNhZmFyaS81MzcuMzYyMDAxOmFjODoyMDoyNzE6OjFlMjAyNDpPY3Q6VGh1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request sws-log.php
preetikumar.com/wp-content/uploads/ds/swiss/
Redirect Chain
  • http://preetikumar.com/wp-content/uploads/ds/swiss
  • https://preetikumar.com/wp-content/uploads/ds/swiss
  • https://preetikumar.com/wp-content/uploads/ds/swiss/
  • https://preetikumar.com/wp-content/uploads/ds/swiss/sws-log.php?token=TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTI5LjAuMC4wIFNhZmFyaS8...
453 KB
315 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://preetikumar.com/wp-content/uploads/ds/swiss/sws-log.php?token=TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTI5LjAuMC4wIFNhZmFyaS81MzcuMzYyMDAxOmFjODoyMDoyNzE6OjFlMjAyNDpPY3Q6VGh1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:438b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
4d063cdf5eac128bc6528f04151a632cee06a47ced8d3adb5c0f5571c0be280d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8ccd98a50e079043-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Thu, 03 Oct 2024 14:24:32 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
panel
hpanel
platform
hostinger
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JkQKj11bxxnAydAdacKtXCeGk6bLywYwrl2G2RAyyUIVQrXMjJTe7oImOp0v7l3HOqGukFQXAV2qXitz%2B7k2J9h1NiaciKMSG6vXACIr9RxwXofzitjfHb9qEC6rvl3AgVz%2F4Vh2xAoXuO%2BI2B0%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
speculation-rules
"/cdn-cgi/speculation"
vary
Accept-Encoding
x-powered-by
PHP/7.4.33
x-turbo-charged-by
LiteSpeed

Redirect headers

cache-control
no-cache, no-store, must-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-ray
8ccd989dbefc9043-FRA
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Thu, 03 Oct 2024 14:24:31 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
sws-log.php?token=TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTI5LjAuMC4wIFNhZmFyaS81MzcuMzYyMDAxOmFjODoyMDoyNzE6OjFlMjAyNDpPY3Q6VGh1
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
panel
hpanel
platform
hostinger
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BdMb6zb5QlisxLJBCU3bAtCzYtKq1PYyvY%2Bzl74cGIgoH4cRNNOydX%2F9DsnvXm0t%2BMfjWRzL2z%2BpzZHK9VcE8Z9NZZ74jvrKrwKUQ%2F3iIG2zctgUi7eYz4j8x0c9DwIiEBCSEELuthlrD0afXDk%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
speculation-rules
"/cdn-cgi/speculation"
x-powered-by
PHP/7.4.33
x-turbo-charged-by
LiteSpeed
speculation
preetikumar.com/cdn-cgi/ 		128 B
469 B 		Other
General
Check archive.org
Download Go to
Full URL
https://preetikumar.com/cdn-cgi/speculation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:438b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://preetikumar.com
Referer
https://preetikumar.com/wp-content/uploads/ds/swiss/sws-log.php?token=TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTI5LjAuMC4wIFNhZmFyaS81MzcuMzYyMDAxOmFjODoyMDoyNzE6OjFlMjAyNDpPY3Q6VGh1

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g0K7gOYbH8f8P8HnrCNO%2Fzy2omcUBGxPboM2D5idTEhPHiMYXnRoqtO5eAygGBLKj6zMQJD%2BNT8jDW%2FrxXPSXKpBUcDCre1pK1JfLODc2fG90qiCmypCWxZWTuK33aLzIlt41EOa4mepQM3evAk%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ccd98a848ff9043-FRA
access-control-allow-origin
https://preetikumar.com
content-length
128
date
Thu, 03 Oct 2024 14:24:32 GMT
content-type
application/speculationrules+json
vary
Origin, Accept-Encoding
server
cloudflare
truncated
/ 		51 KB
51 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6010e95e45ae8c7c0064724e1ea3ac9495ae55a6241633446db052364c06f5f3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://preetikumar.com
Referer

Response headers

Content-Type
font/woff2
truncated
/ 		32 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3be04ee1bf48b034c04036d2da2385df74f5000a85eba05c6bcbe9fe7568b545

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
330fddfd254cb42deebdac50ccbc6d9988d365378457fae29dc10b3c2edb43e4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		705 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
94b36448d5192670b5e6b6e7a0498c9f0a92b825cf98fd2e62ddd791fc42d616

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		38 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f9adb57dca9cbd2514ed249714b613d65e78a81cadda2882679a9672c812d25e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		76 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
883aaf522a475a6736d4c994c177bd19d21ddabe5ee3e4292097579760ce9c89

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://preetikumar.com
Referer

Response headers

Content-Type
font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Swisscom (Telecommunication)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
preetikumar.com/ Name: PHPSESSID
Value: ee5bf27b0165d6d19cab0b2ef70afb5e

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://preetikumar.com/wp-content/uploads/ds/swiss/sws-log.php?token=TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTI5LjAuMC4wIFNhZmFyaS81MzcuMzYyMDAxOmFjODoyMDoyNzE6OjFlMjAyNDpPY3Q6VGh1
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests