www.swiss-postch-tracking3.gobibarta.com Open in urlscan Pro
173.212.223.158 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.swiss-postch-tracking3.gobibarta.com/
Submission: On September 01 via automatic, source certstream-suspicious (September 1st 2021, 8:00:40 pm UTC)

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 173.212.223.158, located in Nuremberg, Germany and belongs to CONTABO, DE. The main domain is www.swiss-postch-tracking3.gobibarta.com.
TLS certificate: Issued by R3 on September 1st 2021. Valid for: 3 months.

This is the only time www.swiss-postch-tracking3.gobibarta.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Swiss Post (Transportation)

Domain & IP information

	IP Address		AS Autonomous System
16	173.212.223.158 173.212.223.158		51167 (CONTABO) (CONTABO)
16	2

16 173.212.223.158 (Nuremberg, Germany)

ASN51167 (CONTABO, DE)
PTR: cloudcp21.swiftlyserver.com

www.swiss-postch-tracking3.gobibarta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	gobibarta.com www.swiss-postch-tracking3.gobibarta.com	153 KB
16	1

	Domain	Requested by
16	www.swiss-postch-tracking3.gobibarta.com	www.swiss-postch-tracking3.gobibarta.com
16	1

This site contains no links.

Subject Issuer	Validity	Valid
swiss-postch-tracking3.gobibarta.com R3	`2021-09-01` - `2021-11-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.swiss-postch-tracking3.gobibarta.com/
Frame ID: EA03F2076240E45AECB5BA5FD3E7F84C
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BillingOnline

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

153 kB
Transfer

510 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.swiss-postch-tracking3.gobibarta.com/	51 KB 8 KB	3352ms 79ms	Document text/html	173.212.223.158 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.swiss-postch-tracking3.gobibarta.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.212.223.158 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS cloudcp21.swiftlyserver.com Software / Express Resource Hash `e41b11dd3503f899e6b3b82fa77646e1d309b8d16303f1eabb0e7239582ddf1b` Request headers :method GET :authority www.swiss-postch-tracking3.gobibarta.com :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers x-powered-by Express access-control-allow-origin * content-type text/html; charset=utf-8 etag W/"cccc-R0346+qPEPX28A/gtkefGsL8+Yo" content-length 7491 content-encoding br vary Accept-Encoding date Wed, 01 Sep 2021 20:00:21 GMT alt-svc quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
GET H2	200	style6.css www.swiss-postch-tracking3.gobibarta.com/site%20files/	28 KB 5 KB	336ms 34ms	Stylesheet text/css	173.212.223.158 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.swiss-postch-tracking3.gobibarta.com/site%20files/style6.css Requested by Host: www.swiss-postch-tracking3.gobibarta.com URL: https://www.swiss-postch-tracking3.gobibarta.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.212.223.158 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS cloudcp21.swiftlyserver.com Software / Resource Hash `4a90f42e1dc66529f16ea3d51850b99e0211c80581a39679a8a2a4a6d7c15842` Request headers :path /site%20files/style6.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority www.swiss-postch-tracking3.gobibarta.com referer https://www.swiss-postch-tracking3.gobibarta.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.swiss-postch-tracking3.gobibarta.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 01 Sep 2021 20:00:21 GMT content-encoding br last-modified Tue, 31 Aug 2021 16:04:22 GMT accept-ranges bytes content-length 4622 vary Accept-Encoding content-type text/css
GET H2	200	Style5.css www.swiss-postch-tracking3.gobibarta.com/site%20files/	38 KB 20 KB	369ms 68ms	Stylesheet text/css	173.212.223.158 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.swiss-postch-tracking3.gobibarta.com/site%20files/Style5.css Requested by Host: www.swiss-postch-tracking3.gobibarta.com URL: https://www.swiss-postch-tracking3.gobibarta.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.212.223.158 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS cloudcp21.swiftlyserver.com Software / Resource Hash `91722c99b0a321ff949869559748732e39b89e6b188232dd3f186212ca85f86d` Request headers :path /site%20files/Style5.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority www.swiss-postch-tracking3.gobibarta.com referer https://www.swiss-postch-tracking3.gobibarta.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.swiss-postch-tracking3.gobibarta.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 01 Sep 2021 20:00:21 GMT content-encoding br last-modified Tue, 31 Aug 2021 14:22:50 GMT accept-ranges bytes content-length 20212 vary Accept-Encoding content-type text/css
GET H2	200	jquery.js Show response www.swiss-postch-tracking3.gobibarta.com/site%20files/scripts/	332 KB 71 KB	370ms 69ms	Script application/javascript	173.212.223.158 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.swiss-postch-tracking3.gobibarta.com/site%20files/scripts/jquery.js Requested by Host: www.swiss-postch-tracking3.gobibarta.com URL: https://www.swiss-postch-tracking3.gobibarta.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.212.223.158 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS cloudcp21.swiftlyserver.com Software / Resource Hash `32d7368d77d6aaebf3b737b0e0a951f862a13f0bb56119d7fc62e41ade4453e7` Request headers :path /site%20files/scripts/jquery.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority www.swiss-postch-tracking3.gobibarta.com referer https://www.swiss-postch-tracking3.gobibarta.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.swiss-postch-tracking3.gobibarta.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 01 Sep 2021 20:00:21 GMT content-encoding br last-modified Tue, 31 Aug 2021 14:24:46 GMT accept-ranges bytes content-length 72604 vary Accept-Encoding content-type application/javascript
GET H2	200	DiePost.svg www.swiss-postch-tracking3.gobibarta.com/site%20files/	2 KB 1 KB	35ms 34ms	Image image/svg+xml	173.212.223.158 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://www.swiss-postch-tracking3.gobibarta.com/site%20files/DiePost.svg Requested by Host: www.swiss-postch-tracking3.gobibarta.com URL: https://www.swiss-postch-tracking3.gobibarta.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.212.223.158 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS cloudcp21.swiftlyserver.com Software / Resource Hash `99caecb8475a08fc86c812cf804ddc904f6e6d3fd1591848a09f2413952f2a97` Request headers :path /site%20files/DiePost.svg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority www.swiss-postch-tracking3.gobibarta.com referer https://www.swiss-postch-tracking3.gobibarta.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.swiss-postch-tracking3.gobibarta.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 01 Sep 2021 20:00:21 GMT content-encoding br last-modified Tue, 24 Aug 2021 15:36:58 GMT accept-ranges bytes content-length 1004 vary Accept-Encoding content-type image/svg+xml
GET H2	200	close.svg www.swiss-postch-tracking3.gobibarta.com/site%20files/	334 B 271 B	37ms 34ms	Image image/svg+xml	173.212.223.158 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://www.swiss-postch-tracking3.gobibarta.com/site%20files/close.svg Requested by Host: www.swiss-postch-tracking3.gobibarta.com URL: https://www.swiss-postch-tracking3.gobibarta.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.212.223.158 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS cloudcp21.swiftlyserver.com Software / Resource Hash `b0719a06c211dfe1de9ca6ca2d2ca62b9556bf5503b1c135a193be47aad1762a` Request headers :path /site%20files/close.svg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority www.swiss-postch-tracking3.gobibarta.com referer https://www.swiss-postch-tracking3.gobibarta.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.swiss-postch-tracking3.gobibarta.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 01 Sep 2021 20:00:21 GMT content-encoding br last-modified Sat, 21 Aug 2021 17:08:00 GMT accept-ranges bytes content-length 205 vary Accept-Encoding content-type image/svg+xml
GET H2	200	lock.svg www.swiss-postch-tracking3.gobibarta.com/site%20files/	391 B 299 B	37ms 35ms	Image image/svg+xml	173.212.223.158 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://www.swiss-postch-tracking3.gobibarta.com/site%20files/lock.svg Requested by Host: www.swiss-postch-tracking3.gobibarta.com URL: https://www.swiss-postch-tracking3.gobibarta.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.212.223.158 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS cloudcp21.swiftlyserver.com Software / Resource Hash `b4952a322e6d0b3434556c8eaa9ec95fdcb02874fb007e1d30ad5a1c8a74f82c` Request headers :path /site%20files/lock.svg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority www.swiss-postch-tracking3.gobibarta.com referer https://www.swiss-postch-tracking3.gobibarta.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.swiss-postch-tracking3.gobibarta.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 01 Sep 2021 20:00:21 GMT content-encoding br last-modified Sat, 21 Aug 2021 17:08:46 GMT accept-ranges bytes content-length 244 vary Accept-Encoding content-type image/svg+xml
GET H2	200	DiePost2.svg www.swiss-postch-tracking3.gobibarta.com/site%20files/	6 KB 2 KB	37ms 35ms	Image image/svg+xml	173.212.223.158 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://www.swiss-postch-tracking3.gobibarta.com/site%20files/DiePost2.svg Requested by Host: www.swiss-postch-tracking3.gobibarta.com URL: https://www.swiss-postch-tracking3.gobibarta.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.212.223.158 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS cloudcp21.swiftlyserver.com Software / Resource Hash `92d58a39bf682e0d5dc82c89addbedf47f65f7d4cbca61e67880e5ed3e743500` Request headers :path /site%20files/DiePost2.svg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority www.swiss-postch-tracking3.gobibarta.com referer https://www.swiss-postch-tracking3.gobibarta.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.swiss-postch-tracking3.gobibarta.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 01 Sep 2021 20:00:21 GMT content-encoding br last-modified Tue, 24 Aug 2021 15:38:06 GMT accept-ranges bytes content-length 2253 vary Accept-Encoding content-type image/svg+xml
GET H2	200	back.svg www.swiss-postch-tracking3.gobibarta.com/site%20files/	552 B 313 B	37ms 35ms	Image image/svg+xml	173.212.223.158 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://www.swiss-postch-tracking3.gobibarta.com/site%20files/back.svg Requested by Host: www.swiss-postch-tracking3.gobibarta.com URL: https://www.swiss-postch-tracking3.gobibarta.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.212.223.158 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS cloudcp21.swiftlyserver.com Software / Resource Hash `aa438ab313d374bb009c7e0163721e55c55962202ec3720f4e79a7a4b33a96e3` Request headers :path /site%20files/back.svg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority www.swiss-postch-tracking3.gobibarta.com referer https://www.swiss-postch-tracking3.gobibarta.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.swiss-postch-tracking3.gobibarta.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 01 Sep 2021 20:00:21 GMT content-encoding br last-modified Sat, 21 Aug 2021 17:26:32 GMT accept-ranges bytes content-length 258 vary Accept-Encoding content-type image/svg+xml
GET H2	200	post-finance.jpg www.swiss-postch-tracking3.gobibarta.com/site%20files/	10 KB 10 KB	37ms 36ms	Image image/jpeg	173.212.223.158 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://www.swiss-postch-tracking3.gobibarta.com/site%20files/post-finance.jpg Requested by Host: www.swiss-postch-tracking3.gobibarta.com URL: https://www.swiss-postch-tracking3.gobibarta.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.212.223.158 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS cloudcp21.swiftlyserver.com Software / Resource Hash `14664ed874a6df38f9cf15b38990bb042e2c414213f93fbbaa874d7386e566e8` Request headers :path /site%20files/post-finance.jpg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority www.swiss-postch-tracking3.gobibarta.com referer https://www.swiss-postch-tracking3.gobibarta.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.swiss-postch-tracking3.gobibarta.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 01 Sep 2021 20:00:21 GMT last-modified Tue, 24 Aug 2021 16:10:42 GMT accept-ranges bytes content-length 10626 content-type image/jpeg
GET H2	200	e-finance.jpg www.swiss-postch-tracking3.gobibarta.com/site%20files/	9 KB 9 KB	38ms 34ms	Image image/jpeg	173.212.223.158 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://www.swiss-postch-tracking3.gobibarta.com/site%20files/e-finance.jpg Requested by Host: www.swiss-postch-tracking3.gobibarta.com URL: https://www.swiss-postch-tracking3.gobibarta.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.212.223.158 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS cloudcp21.swiftlyserver.com Software / Resource Hash `f3fb4e45f99008e0194f4f4596fd4991d7627003180073129c2483bdae927226` Request headers :path /site%20files/e-finance.jpg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority www.swiss-postch-tracking3.gobibarta.com referer https://www.swiss-postch-tracking3.gobibarta.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.swiss-postch-tracking3.gobibarta.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 01 Sep 2021 20:00:21 GMT last-modified Tue, 24 Aug 2021 16:10:34 GMT accept-ranges bytes content-length 9329 content-type image/jpeg
GET H2	200	visa.jpg www.swiss-postch-tracking3.gobibarta.com/site%20files/	7 KB 7 KB	35ms 34ms	Image image/jpeg	173.212.223.158 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://www.swiss-postch-tracking3.gobibarta.com/site%20files/visa.jpg Requested by Host: www.swiss-postch-tracking3.gobibarta.com URL: https://www.swiss-postch-tracking3.gobibarta.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.212.223.158 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS cloudcp21.swiftlyserver.com Software / Resource Hash `039e93999d13621999cfbe41f3f186c06e64f58a3dab02bb949fc58e4f51ea83` Request headers :path /site%20files/visa.jpg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority www.swiss-postch-tracking3.gobibarta.com referer https://www.swiss-postch-tracking3.gobibarta.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.swiss-postch-tracking3.gobibarta.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 01 Sep 2021 20:00:21 GMT last-modified Tue, 24 Aug 2021 16:10:28 GMT accept-ranges bytes content-length 6758 content-type image/jpeg
GET H2	200	master.jpg www.swiss-postch-tracking3.gobibarta.com/site%20files/	6 KB 6 KB	36ms 35ms	Image image/jpeg	173.212.223.158 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://www.swiss-postch-tracking3.gobibarta.com/site%20files/master.jpg Requested by Host: www.swiss-postch-tracking3.gobibarta.com URL: https://www.swiss-postch-tracking3.gobibarta.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.212.223.158 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS cloudcp21.swiftlyserver.com Software / Resource Hash `c247244d64e0bfdac85a6c58e79cb456d21871e39edfdacc0f88cd2367a52cd2` Request headers :path /site%20files/master.jpg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority www.swiss-postch-tracking3.gobibarta.com referer https://www.swiss-postch-tracking3.gobibarta.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.swiss-postch-tracking3.gobibarta.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 01 Sep 2021 20:00:21 GMT last-modified Tue, 24 Aug 2021 16:10:22 GMT accept-ranges bytes content-length 6555 content-type image/jpeg
GET H2	200	amex.jpg www.swiss-postch-tracking3.gobibarta.com/site%20files/	10 KB 10 KB	36ms 35ms	Image image/jpeg	173.212.223.158 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://www.swiss-postch-tracking3.gobibarta.com/site%20files/amex.jpg Requested by Host: www.swiss-postch-tracking3.gobibarta.com URL: https://www.swiss-postch-tracking3.gobibarta.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.212.223.158 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS cloudcp21.swiftlyserver.com Software / Resource Hash `deac5b3e888402f96ecf5670155174991929385d8221a1f05fcaa60207707b95` Request headers :path /site%20files/amex.jpg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority www.swiss-postch-tracking3.gobibarta.com referer https://www.swiss-postch-tracking3.gobibarta.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.swiss-postch-tracking3.gobibarta.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 01 Sep 2021 20:00:21 GMT last-modified Tue, 24 Aug 2021 16:10:14 GMT accept-ranges bytes content-length 10486 content-type image/jpeg
GET H2	200	swissPost-logo2.svg www.swiss-postch-tracking3.gobibarta.com/site%20files/	7 KB 3 KB	36ms 35ms	Image image/svg+xml	173.212.223.158 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://www.swiss-postch-tracking3.gobibarta.com/site%20files/swissPost-logo2.svg Requested by Host: www.swiss-postch-tracking3.gobibarta.com URL: https://www.swiss-postch-tracking3.gobibarta.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.212.223.158 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS cloudcp21.swiftlyserver.com Software / Resource Hash `7eaca74cac111e6d0a0bb5b704bd6870a7c16d3993cf5baf756d45bed4bc035c` Request headers :path /site%20files/swissPost-logo2.svg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority www.swiss-postch-tracking3.gobibarta.com referer https://www.swiss-postch-tracking3.gobibarta.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.swiss-postch-tracking3.gobibarta.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 01 Sep 2021 20:00:21 GMT content-encoding br last-modified Sat, 21 Aug 2021 17:09:30 GMT accept-ranges bytes content-length 2526 vary Accept-Encoding content-type image/svg+xml
GET H2	200	secret.js Show response www.swiss-postch-tracking3.gobibarta.com/site%20files/scripts/	177 B 228 B	99ms 98ms	Script application/javascript	173.212.223.158 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.swiss-postch-tracking3.gobibarta.com/site%20files/scripts/secret.js Requested by Host: www.swiss-postch-tracking3.gobibarta.com URL: https://www.swiss-postch-tracking3.gobibarta.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.212.223.158 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS cloudcp21.swiftlyserver.com Software / Resource Hash `3b7be93cfe27dbcfffd09177ff1f6d805fe475e7bb582d536e14471fa31feac7` Request headers :path /site%20files/scripts/secret.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority www.swiss-postch-tracking3.gobibarta.com referer https://www.swiss-postch-tracking3.gobibarta.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.swiss-postch-tracking3.gobibarta.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 01 Sep 2021 20:00:21 GMT last-modified Wed, 01 Sep 2021 19:54:38 GMT accept-ranges bytes content-length 177 content-type application/javascript
GET DATA	200 OK	truncated /	336 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c2715b7a8874e30b344f44bbcb0a5c018e52b732d4d5d1702a0e8edd496ffc0f` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	554 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `13f126f12be557fca1aadbfabee491673e85bf1cca9704266dd3dd20d0e31d17` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Content-Type image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Swiss Post (Transportation)

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.swiss-postch-tracking3.gobibarta.com
173.212.223.158
039e93999d13621999cfbe41f3f186c06e64f58a3dab02bb949fc58e4f51ea83
13f126f12be557fca1aadbfabee491673e85bf1cca9704266dd3dd20d0e31d17
14664ed874a6df38f9cf15b38990bb042e2c414213f93fbbaa874d7386e566e8
32d7368d77d6aaebf3b737b0e0a951f862a13f0bb56119d7fc62e41ade4453e7
3b7be93cfe27dbcfffd09177ff1f6d805fe475e7bb582d536e14471fa31feac7
4a90f42e1dc66529f16ea3d51850b99e0211c80581a39679a8a2a4a6d7c15842
7eaca74cac111e6d0a0bb5b704bd6870a7c16d3993cf5baf756d45bed4bc035c
91722c99b0a321ff949869559748732e39b89e6b188232dd3f186212ca85f86d
92d58a39bf682e0d5dc82c89addbedf47f65f7d4cbca61e67880e5ed3e743500
99caecb8475a08fc86c812cf804ddc904f6e6d3fd1591848a09f2413952f2a97
aa438ab313d374bb009c7e0163721e55c55962202ec3720f4e79a7a4b33a96e3
b0719a06c211dfe1de9ca6ca2d2ca62b9556bf5503b1c135a193be47aad1762a
b4952a322e6d0b3434556c8eaa9ec95fdcb02874fb007e1d30ad5a1c8a74f82c
c247244d64e0bfdac85a6c58e79cb456d21871e39edfdacc0f88cd2367a52cd2
c2715b7a8874e30b344f44bbcb0a5c018e52b732d4d5d1702a0e8edd496ffc0f
deac5b3e888402f96ecf5670155174991929385d8221a1f05fcaa60207707b95
e41b11dd3503f899e6b3b82fa77646e1d309b8d16303f1eabb0e7239582ddf1b
f3fb4e45f99008e0194f4f4596fd4991d7627003180073129c2483bdae927226

www.swiss-postch-tracking3.gobibarta.com Open in urlscan Pro 173.212.223.158 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

153 kBTransfer

510 kBSize

0 Cookies

0 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

29 JavaScript Global Variables

0 Cookies

Indicators

www.swiss-postch-tracking3.gobibarta.com Open in urlscan Pro
173.212.223.158 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

153 kB
Transfer

510 kB
Size

0
Cookies

16 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!