www.promoswiss.ch Open in urlscan Pro
63.33.19.148 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://promoswiss.ch/
Effective URL:
https://www.promoswiss.ch/
Submission: On February 15 via automatic, source certstream-suspicious (February 15th 2021, 3:57:43 pm UTC)

Summary HTTP 5 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 63.33.19.148, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is www.promoswiss.ch.
TLS certificate: Issued by R3 on February 15th 2021. Valid for: 3 months.

This is the only time www.promoswiss.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1 1	99.83.190.102 99.83.190.102		16509 (AMAZON-02) (AMAZON-02)
1	63.33.19.148 63.33.19.148		16509 (AMAZON-02) (AMAZON-02)
3	65.9.94.84 65.9.94.84		16509 (AMAZON-02) (AMAZON-02)
1	65.9.91.32 65.9.91.32		16509 (AMAZON-02) (AMAZON-02)
5	3

1 99.83.190.102 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: aacb0a264e514dd48.awsglobalaccelerator.com

promoswiss.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.33.19.148 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-19-148.eu-west-1.compute.amazonaws.com

www.promoswiss.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.94.84 (United States)

ASN16509 (AMAZON-02, US)

uploads-ssl.webflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.91.32 (United States)

ASN16509 (AMAZON-02, US)

d3e54v103j8qbb.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	webflow.com uploads-ssl.webflow.com	46 KB
2	promoswiss.ch 1 redirects promoswiss.ch www.promoswiss.ch	1 KB
1	cloudfront.net d3e54v103j8qbb.cloudfront.net	31 KB
5	3

	Domain	Requested by
3	uploads-ssl.webflow.com	www.promoswiss.ch
1	d3e54v103j8qbb.cloudfront.net	www.promoswiss.ch
1	www.promoswiss.ch
1	promoswiss.ch	1 redirects
5	4

This site contains no links.

Subject Issuer	Validity	Valid
www.promoswiss.ch R3	`2021-02-15` - `2021-05-16`	3 months	crt.sh
uploads-ssl.webflow.com Amazon	`2020-10-26` - `2021-11-25`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.promoswiss.ch/
Frame ID: E08275724D6C069E458395A87409D1D3
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://promoswiss.ch/ HTTP 301
https://www.promoswiss.ch/ Page URL

Detected technologies

Lua (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

OpenResty (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Webflow () Expand

Overall confidence: 100%
Detected patterns

meta generator /Webflow/i

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

78 kB
Transfer

181 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://promoswiss.ch/ HTTP 301
https://www.promoswiss.ch/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.promoswiss.ch/ Redirect Chain https://promoswiss.ch/ https://www.promoswiss.ch/	3 KB 1 KB	168ms 50ms	Document text/html	63.33.19.148 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.promoswiss.ch/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 63.33.19.148 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-63-33-19-148.eu-west-1.compute.amazonaws.com Software openresty / Resource Hash `8fe8347db3262f368affc9164900222a9bd0674738705c1576c539de008de9d0` Request headers :method GET :authority www.promoswiss.ch :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers server openresty date Mon, 15 Feb 2021 15:57:26 GMT content-type text/html content-length 1159 content-encoding gzip via 1.1 varnish, 1.1 varnish accept-ranges bytes age 373 x-served-by cache-dca17743-DCA, cache-dub4329-DUB x-cache MISS, HIT x-cache-hits 0, 1 x-timer S1613404647.726154,VS0,VE0 vary Accept-Encoding x-cluster-name eu-west-1-prod-eks-15 Redirect headers server openresty date Mon, 15 Feb 2021 15:57:26 GMT content-type text/html content-length 166 location https://www.promoswiss.ch/
GET H2	200	promoswiss.webflow.b478e8e60.css uploads-ssl.webflow.com/6025a118fc5d531d6a290c42/css/	34 KB 9 KB	174ms 68ms	Stylesheet text/css	65.9.94.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://uploads-ssl.webflow.com/6025a118fc5d531d6a290c42/css/promoswiss.webflow.b478e8e60.css Requested by Host: www.promoswiss.ch URL: https://www.promoswiss.ch/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 65.9.94.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `adcdb0513478161e8512224ee09dc05a40a100d01f6453978820f5b024c51212` Request headers Referer https://www.promoswiss.ch/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 15 Feb 2021 15:51:15 GMT content-encoding gzip age 372 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 8761 last-modified Mon, 15 Feb 2021 15:51:12 GMT server AmazonS3 etag "8a98f6a6d5bde6d69503006fc9a48c5f" x-amz-version-id 2ZpeKi7.4fXwb.chHtXsOwkMn7_baJPy via 1.1 f3303a5632dc925c26253530523fa328.cloudfront.net (CloudFront) cache-control max-age=84600, must-revalidate x-amz-cf-pop PRG50-C1 accept-ranges bytes content-type text/css x-amz-cf-id 4jSAfl5yoUIqc0m9nga-8dt9IIg-gQfz5zH0YKSAvVl2QZP4MdPNCw==
GET H2	200	602a9664239abef3668c2e55_promoswiss-logo-01-p-500.png uploads-ssl.webflow.com/6025a118fc5d531d6a290c42/	24 KB 25 KB	173ms 68ms	Image image/png	65.9.94.84 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://uploads-ssl.webflow.com/6025a118fc5d531d6a290c42/602a9664239abef3668c2e55_promoswiss-logo-01-p-500.png Requested by Host: www.promoswiss.ch URL: https://www.promoswiss.ch/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 65.9.94.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `fd5ab77c7c5bb3d114c3ee440736e20486d5cb4eb87766c24b36d964f8a910c8` Request headers Referer https://www.promoswiss.ch/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-amz-server-side-encryption AES256 date Mon, 15 Feb 2021 15:50:13 GMT via 1.1 f3303a5632dc925c26253530523fa328.cloudfront.net (CloudFront) last-modified Mon, 15 Feb 2021 15:42:32 GMT server AmazonS3 age 434 etag "b1863418ad41c816e61609d2e3b5f104" x-cache Hit from cloudfront x-amz-version-id pfDCgavmu5y18wkz9nGAgbMzAlXvpV2n cache-control max-age=31536000, must-revalidate x-amz-cf-pop PRG50-C1 accept-ranges bytes content-type image/png content-length 24738 x-amz-cf-id x8dZ5vE0SlSQRUPrcTwO9tz9h6cKeGtnQ9yyGnWCkwgykclyhK29NQ==
GET H2	200	jquery-3.5.1.min.dc5e7f18c8.js Show response d3e54v103j8qbb.cloudfront.net/js/	87 KB 31 KB	173ms 80ms	Script application/javascript	65.9.91.32 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6025a118fc5d531d6a290c42 Requested by Host: www.promoswiss.ch URL: https://www.promoswiss.ch/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 65.9.91.32 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d` Request headers Origin https://www.promoswiss.ch Referer https://www.promoswiss.ch/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 15 Feb 2021 15:50:13 GMT content-encoding gzip vary Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method age 435 x-cache Hit from cloudfront access-control-allow-origin * last-modified Mon, 20 Jul 2020 17:53:02 GMT server AmazonS3 etag W/"dc5e7f18c8d36ac1d3d4753a87c98d0a" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript via 1.1 93fcd07b66eaf26b036f14e2ec9d73eb.cloudfront.net (CloudFront) cache-control max-age=84600, must-revalidate x-amz-cf-pop PRG50-C1 x-amz-cf-id 0Vk__LGcCUYK0Lwl1Qr11OO9Of09U55m6FyZnhmM6RF3emyEUOM9TA==
GET H2	200	webflow.2e498dd5f.js Show response uploads-ssl.webflow.com/6025a118fc5d531d6a290c42/js/	33 KB 12 KB	63ms 62ms	Script text/javascript	65.9.94.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://uploads-ssl.webflow.com/6025a118fc5d531d6a290c42/js/webflow.2e498dd5f.js Requested by Host: www.promoswiss.ch URL: https://www.promoswiss.ch/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 65.9.94.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `ff8bb9bc42d64c75548a918571ee961e8476c1d20619dbe480d207ab4015dce5` Request headers Referer https://www.promoswiss.ch/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 15 Feb 2021 15:50:13 GMT content-encoding gzip age 434 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 12000 last-modified Mon, 15 Feb 2021 15:50:08 GMT server AmazonS3 etag "3f4660037cf306c8114676ab959ba75b" x-amz-version-id y9saXKe0idJANCqEklmfJfYfKmLxJQyl via 1.1 f3303a5632dc925c26253530523fa328.cloudfront.net (CloudFront) cache-control max-age=84600, must-revalidate x-amz-cf-pop PRG50-C1 accept-ranges bytes content-type text/javascript x-amz-cf-id 7hHDH4bdWVfd8-lsHca0159qd7tZ6F82OJopah5A_tGmtAadn5xNdw==

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| tram object| Webflow

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d3e54v103j8qbb.cloudfront.net
promoswiss.ch
uploads-ssl.webflow.com
www.promoswiss.ch
63.33.19.148
65.9.91.32
65.9.94.84
99.83.190.102
8fe8347db3262f368affc9164900222a9bd0674738705c1576c539de008de9d0
adcdb0513478161e8512224ee09dc05a40a100d01f6453978820f5b024c51212
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fd5ab77c7c5bb3d114c3ee440736e20486d5cb4eb87766c24b36d964f8a910c8
ff8bb9bc42d64c75548a918571ee961e8476c1d20619dbe480d207ab4015dce5