www.donaldservice.se Open in urlscan Pro
109.235.174.19 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://micicoatings.com/indexx.php
Effective URL:
https://www.donaldservice.se/ch/CHFINAL/
Submission: On February 25 via automatic, source phishtank (February 25th 2024, 10:22:00 pm UTC) — Scanned from DE

Summary HTTP 30 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 8 IPs in 4 countries across 9 domains to perform 30 HTTP transactions. The main IP is 109.235.174.19, located in Sweden and belongs to LOOPIA3, SE. The main domain is www.donaldservice.se.
TLS certificate: Issued by R3 on February 1st 2024. Valid for: 3 months.

This is the only time www.donaldservice.se was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Schweizerische Bundesbahnen (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	162.240.147.94 162.240.147.94	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1 9	2606:4700::68... 2606:4700::6810:fc2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:e6:... 2606:4700:e6::ac40:ce26	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:3965	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 12	109.235.174.19 109.235.174.19	41528 (LOOPIA3) (LOOPIA3)
2	193.203.121.166 193.203.121.166	31004 (SBB-CFF-F...) (SBB-CFF-FFS Telecom SBB)
1	3.69.204.166 3.69.204.166	16509 (AMAZON-02) (AMAZON-02)
30	8

1 162.240.147.94 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 7136044.blindspot-advisors.com

micicoatings.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6810:fc2 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

psyyns0bcb96.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:e6::ac40:ce26 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3965 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 109.235.174.19 (Sweden) 1 redirects

ASN41528 (LOOPIA3, SE)
PTR: ing.r103.websupport.se

www.donaldservice.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.203.121.166 (Switzerland)

ASN31004 (SBB-CFF-FFS Telecom SBB, CH)

www.swisspass.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.69.204.166 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-69-204-166.eu-central-1.compute.amazonaws.com

cdn.app.sbb.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	donaldservice.se 1 redirects www.donaldservice.se	256 KB
9	clickfunnels.com 1 redirects psyyns0bcb96.clickfunnels.com app.clickfunnels.com — Cisco Umbrella Rank: 60788 images.clickfunnels.com — Cisco Umbrella Rank: 119071	754 KB
2	swisspass.ch www.swisspass.ch — Cisco Umbrella Rank: 716677	146 KB
2	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1047	17 KB
1	sbb.ch cdn.app.sbb.ch — Cisco Umbrella Rank: 367367	14 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 787	7 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 32	4 KB
1	micicoatings.com 1 redirects micicoatings.com	103 B
0	addevent.com Failed track.addevent.com Failed
30	9

	Domain	Requested by
12	www.donaldservice.se	1 redirects psyyns0bcb96.clickfunnels.com www.donaldservice.se
6	app.clickfunnels.com	psyyns0bcb96.clickfunnels.com app.clickfunnels.com
2	www.swisspass.ch	www.donaldservice.se
2	use.fontawesome.com	psyyns0bcb96.clickfunnels.com
2	psyyns0bcb96.clickfunnels.com	1 redirects static.cloudflareinsights.com
1	cdn.app.sbb.ch	www.donaldservice.se
1	static.cloudflareinsights.com	psyyns0bcb96.clickfunnels.com
1	images.clickfunnels.com	psyyns0bcb96.clickfunnels.com
1	fonts.googleapis.com	psyyns0bcb96.clickfunnels.com
1	micicoatings.com	1 redirects
0	track.addevent.com Failed	psyyns0bcb96.clickfunnels.com
30	11

This site contains links to these domains. Also see Links.

Domain
corporatedefenseetl.com
www.swisspass.ch

Subject Issuer	Validity	Valid
clickfunnels.com Cloudflare Inc ECC CA-3	`2024-01-29` - `2024-12-31`	a year	crt.sh
use.fontawesome.com Cloudflare Inc ECC CA-3	`2023-10-12` - `2024-10-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.donaldservice.se R3	`2024-02-01` - `2024-05-01`	3 months	crt.sh
www.swisspass.ch R3	`2024-01-07` - `2024-04-06`	3 months	crt.sh
*.app.sbb.ch Amazon RSA 2048 M02	`2023-08-16` - `2024-09-13`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.donaldservice.se/ch/CHFINAL/
Frame ID: 3CFDB5954C6F6C71A7790C5B6C7E1D58
Requests: 31 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login | SwissPass

Page URL History Show full URLs

https://micicoatings.com/indexx.php HTTP 302
https://psyyns0bcb96.clickfunnels.com/ch HTTP 302
https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562 Page URL
https://www.donaldservice.se/ch/CHFINAL HTTP 301
https://www.donaldservice.se/ch/CHFINAL/ Page URL

Detected technologies

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

30
Requests

87 %
HTTPS

50 %
IPv6

9
Domains

11
Subdomains

8
IPs

4
Countries

1197 kB
Transfer

3905 kB
Size

16
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://corporatedefenseetl.com/home

Search URL Search Domain Scan URL

URL: https://www.swisspass.ch//pw-reset?lang=de&provider=sbbkn&callback=oevlogin
Title: Passwort vergessen?

Search URL Search Domain Scan URL

URL: https://www.swisspass.ch//register?lang=de&provider=sbbkn&callback=oevlogin
Title: Für SwissPass registrieren.

Search URL Search Domain Scan URL

URL: https://corporatedefenseetl.com/wp-admin/widgs/204d505e4ce918334/pass/
Title: Zurück

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://micicoatings.com/indexx.php HTTP 302
https://psyyns0bcb96.clickfunnels.com/ch HTTP 302
https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562 Page URL
https://www.donaldservice.se/ch/CHFINAL HTTP 301
https://www.donaldservice.se/ch/CHFINAL/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://micicoatings.com/indexx.php HTTP 302
https://psyyns0bcb96.clickfunnels.com/ch HTTP 302
https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562

30 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

swiiiiiiiisepro1708873889562 Show response
psyyns0bcb96.clickfunnels.com/
Redirect Chain

https://micicoatings.com/indexx.php
https://psyyns0bcb96.clickfunnels.com/ch
https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562

37 KB
10 KB

93ms
93ms

Document
text/html

2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Phusion Passenger Enterprise 6.0.7
Resource Hash: 2f48ff528b4b1c6eb5bf7d04dc901598ef193482c795edb65392068b95e6cfd8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 205
cache-control: max-age=60, public, s-maxage=600, r-maxage=10
cf-cache-status: HIT
cf-ray: 85b3580f8b7c9193-FRA
content-encoding: br
content-security-policy-report-only: script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=X5OqnVhg4pC2.mIXg2qYXdgsMiEPrYq.J.v2fSaj0fI-1708899714-1.0-ATfoLNgnZES9-ZjAg1nendTRMsUDKI7cLfkRbqn1nbx_oJBIYhJDrPXW-8W1ujAzdAwAA0L0aJdN-1NzFhYwZcAUWTf1no949fxGwCdBMi7-HgTQhQi9maStECAgrUbyhHH8GVd-YBMcFxqW8oZAaHdb7gAfZ02J2G7knbnN1yXz; report-to cf-csp-endpoint
content-type: text/html; charset=utf-8
date: Sun, 25 Feb 2024 22:21:54 GMT
last-modified: Sun, 25 Feb 2024 15:43:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=X5OqnVhg4pC2.mIXg2qYXdgsMiEPrYq.J.v2fSaj0fI-1708899714-1.0-ATfoLNgnZES9-ZjAg1nendTRMsUDKI7cLfkRbqn1nbx_oJBIYhJDrPXW-8W1ujAzdAwAA0L0aJdN-1NzFhYwZcAUWTf1no949fxGwCdBMi7-HgTQhQi9maStECAgrUbyhHH8GVd-YBMcFxqW8oZAaHdb7gAfZ02J2G7knbnN1yXz"}],"group":"cf-csp-endpoint","max_age":86400}
server: cloudflare
status: 200 OK
vary: Accept-Encoding
x-content-digest: 94d611ba9d38461892fbc7cc5e337ba8fd3065fa
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: stale, valid, store
x-request-id: 860513361a053fc7c56e2f8a232c13c3
x-runtime: 0.140174

Redirect headers

cache-control: no-cache
cf-cache-status: EXPIRED
cf-ray: 85b3580daa1e9193-FRA
content-type: text/html; charset=utf-8
date: Sun, 25 Feb 2024 22:21:54 GMT
location: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562
server: cloudflare
status: 302 Found
vary: Accept-Encoding
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: b4e71aad22608ef2e433b2f3e03c87ec
x-runtime: 0.061231

GET
H2 200 lander.css
app.clickfunnels.com/assets/ 425 KB
70 KB 99ms
91ms Stylesheet
text/css 2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/assets/lander.css
Requested by: Host: psyyns0bcb96.clickfunnels.com
URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psyyns0bcb96.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Feb 2024 14:11:33 GMT
server: cloudflare
age: 952
etag: W/"65d60495-6a514"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=1200
cf-ray: 85b358103bec9193-FRA
expires: Sun, 25 Feb 2024 22:41:54 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.9.0/css/ 55 KB
12 KB 140ms
52ms Stylesheet
text/css 2606:4700:e6::ac40:ce26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.9.0/css/all.css
Requested by: Host: psyyns0bcb96.clickfunnels.com
URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ce26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psyyns0bcb96.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:46:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2225191
etag: W/"dbf9d822cefe851ba6f66e1ad57e8987"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ge5qhQgO3bHGU5njaPbVIoxwomEIBSuGRXdHO5oLfNQiiFGsDQAXdBI6hYHSFPo2YhEtPbJsEYg1eqjU0tDgiPTBQadADRkHHIV%2Fifc%2B3rdY3l4QjMNrqzBHew9LWrP8yvx5girMk%2BYUVkTV%2FyaMPSzU"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 85b35810b893b948-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 v4-shims.css
use.fontawesome.com/releases/v5.9.0/css/ 26 KB
4 KB 144ms
56ms Stylesheet
text/css 2606:4700:e6::ac40:ce26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.9.0/css/v4-shims.css
Requested by: Host: psyyns0bcb96.clickfunnels.com
URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ce26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psyyns0bcb96.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:46:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2386227
etag: W/"e140a7d32f343530f016095df3cc2ae4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ZVTsdwRXLlKQKkIGf%2Fe9JjVo4VIx60X9oNV0KtrJR%2Fcc5Os%2FAk%2FpDh7vxVVPqh%2B%2FbEGLM2f7jm47ANpd2xNQ1n0QnkiOwGI589bGyZ88HPbVXgMT2AQCGqniCfdW%2FbfH41FLJLDHxnxq5WBmm7Bniow"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 85b35810b894b948-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 54 KB
4 KB 136ms
49ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700

Requested by

Host: psyyns0bcb96.clickfunnels.com
URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f5358172b33d93b41591ef7f9b0c652d6eb4fa488c66c0f7286d5d8c43928be8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psyyns0bcb96.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 25 Feb 2024 22:21:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 25 Feb 2024 21:40:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 25 Feb 2024 22:21:54 GMT

GET
H2 200 application.js
app.clickfunnels.com/assets/userevents/ 5 KB
2 KB 72ms
71ms Script
application/x-javascript 2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/assets/userevents/application.js
Requested by: Host: psyyns0bcb96.clickfunnels.com
URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psyyns0bcb96.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Feb 2024 14:11:33 GMT
server: cloudflare
age: 1013
etag: W/"65d60495-147c"
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=1200
cf-ray: 85b358113c9b9193-FRA
expires: Sun, 25 Feb 2024 22:41:54 GMT

GET
H2 200 lander.js Show response
app.clickfunnels.com/assets/ 2 MB
659 KB 92ms
84ms Script
application/x-javascript 2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/assets/lander.js
Requested by: Host: psyyns0bcb96.clickfunnels.com
URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7030ba86e37b6d4510c4008e0fcf83306fa114ec6dd047ea6ca2f81c33b8fd53

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psyyns0bcb96.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Feb 2024 14:12:47 GMT
server: cloudflare
age: 722
etag: W/"65d604df-237565"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=1200
cf-ray: 85b358103bed9193-FRA
expires: Sun, 25 Feb 2024 22:41:54 GMT

GET
H2 200 ClickfunnelsTag.png
images.clickfunnels.com/3d/392630953c4119a324492bb1c05778/ 5 KB
6 KB 91ms
83ms Image
image/webp 2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.clickfunnels.com/3d/392630953c4119a324492bb1c05778/ClickfunnelsTag.png
Requested by: Host: psyyns0bcb96.clickfunnels.com
URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5dfa88a4dc8b6c0b834a62e45daee28a8dc37ed6ae7eb1545e4ed8b6382c0474

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psyyns0bcb96.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:54 GMT
cf-cache-status: HIT
x-amz-request-id: 0WJ3RGBNA6W7QD3M
age: 5719
cf-polished: origFmt=png, origSize=9030
content-disposition: inline; filename="ClickfunnelsTag.webp"
content-length: 5276
x-amz-id-2: Xj7V7VqLkLmiHMxQuIaMP4f95FtgWvSEiiNf+J30K6msje0Kr3zoMG2nzSFF4Bhw/lAkGtOygLE=
cf-bgj: imgq:85,h2pri
last-modified: Fri, 03 Jan 2020 17:41:49 GMT
server: cloudflare
etag: "a633777156a5ffeb58c92d3d59fa4e34"
vary: Accept
content-type: image/webp
cache-control: public, max-age=2073600
accept-ranges: bytes
cf-ray: 85b358103bee9193-FRA
expires: Wed, 20 Mar 2024 22:21:54 GMT

GET
H2 200 pushcrew.js
app.clickfunnels.com/assets/ 637 B
453 B 75ms
75ms Script
application/x-javascript 2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/assets/pushcrew.js
Requested by: Host: psyyns0bcb96.clickfunnels.com
URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psyyns0bcb96.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Feb 2024 14:11:32 GMT
server: cloudflare
age: 512
etag: W/"65d60494-27d"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=1200
cf-ray: 85b358115ca89193-FRA
expires: Sun, 25 Feb 2024 22:41:54 GMT

GET
H2 200 v84a3a4012de94ce1a686ba8c167c359c1696973893317
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 160ms
68ms Script
text/javascript 2606:4700::6810:3965
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by: Host: psyyns0bcb96.clickfunnels.com
URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://psyyns0bcb96.clickfunnels.com/
Origin: https://psyyns0bcb96.clickfunnels.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:54 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
server: cloudflare
etag: W/"2023.10.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 85b35811eefd1e5e-FRA

GET
DATA 200
OK truncated
/ 26 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 cf.js
app.clickfunnels.com/ 18 KB
5 KB 84ms
84ms Script
application/x-javascript 2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/cf.js
Requested by: Host: psyyns0bcb96.clickfunnels.com
URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psyyns0bcb96.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Feb 2024 14:11:33 GMT
server: cloudflare
age: 4643
etag: W/"65d60495-476a"
vary: Accept-Encoding
content-type: application/x-javascript
cf-ray: 85b358124d419193-FRA

GET /
track.addevent.com/atc/ 0
0

GET
H2

200

Primary Request / Show response
www.donaldservice.se/ch/CHFINAL/
Redirect Chain

https://www.donaldservice.se/ch/CHFINAL
https://www.donaldservice.se/ch/CHFINAL/

68 KB
11 KB

63ms
63ms

Document
text/html

109.235.174.19
LOOPIA3

General

Check archive.org

Show headers Download Go to

Full URL: https://www.donaldservice.se/ch/CHFINAL/
Requested by: Host: psyyns0bcb96.clickfunnels.com
URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 109.235.174.19 , Sweden, ASN41528 (LOOPIA3, SE),
Reverse DNS: ing.r103.websupport.se
Software: openresty / WP Rocket/3.14.4.2
Resource Hash: 0548e45d9284a76581821292f0056a781ca5e76261b265d51b46ddcbfa6868e1

Request headers

Referer: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=0, public
content-encoding: gzip
content-length: 11497
content-type: text/html; charset=UTF-8
date: Sun, 25 Feb 2024 22:21:55 GMT
expires: Sun, 25 Feb 2024 22:21:55 GMT
server: openresty
vary: Accept-Encoding Accept-Encoding
x-powered-by: WP Rocket/3.14.4.2

Redirect headers

cache-control: max-age=0
content-length: 248
content-type: text/html; charset=iso-8859-1
date: Sun, 25 Feb 2024 22:21:55 GMT
expires: Sun, 25 Feb 2024 22:21:55 GMT
location: https://www.donaldservice.se/ch/CHFINAL/
server: openresty

GET
H2 202 /
app.clickfunnels.com/userevents/ 0
627 B 329ms
245ms XHR
text/html 2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/userevents/?funnel_id=dCtqV24rc1RiM2VmK2RBaU0zaGQ3Zz09LS15eFhySnFNalZ1RS9FWFIwU2JzTG9BPT0%3D--ffe565d719a26109a0f179ed5e6a2f4f633572e5&page_id=ekhhY3Faalh0enFoOFUyYVhpdGV0Zz09LS1YQythbXZIZ3ZvNnRoSE1La29lNkd3PT0%3D--27caab5b4aefaad00f20bf69551aea7721b15e73&funnel_step_id=ZERnaGlZQWNVd1ZyWVhydGY5Wk1XQT09LS00ajdCRzRNZmNIZW9jWjdYN29kZnJ3PT0%3D--8327d21063c7f46b812f7be4d21012197433596a&user_id=MlhKc0NDLzM0cEZqSFQ0WVFlZVJFdz09LS02d0JFYmthT2l6MWNMMldSL2JMOFZnPT0%3D--5ac4e4d51f2bb86c8d0b4596348475df5ef70d34&account_id=UEtxY0Y1SHFwRExITnFMT0VRNWJ2Zz09LS1FODF3WGdBMVZMdkRYRkVZWmVLamFRPT0%3D--f63dbd96d8d9b043cc9a025f6d5c6234945372a7&page_code=NjE0ODUxNjY%3D&mode_id=1&time_zone=America%2FNew_York&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::PageviewsCreatedSummary&nonce=29d3e1ac-bbda-4e2a-ac28-fa8047c13fb7&url=https%3A%2F%2Fpsyyns0bcb96.clickfunnels.com%2Fswiiiiiiiisepro1708873889562
Requested by: Host: app.clickfunnels.com
URL: https://app.clickfunnels.com/assets/userevents/application.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Phusion Passenger Enterprise 6.0.7
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psyyns0bcb96.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Feb 2024 22:21:55 GMT
access-control-request-method: *
x-runtime: 0.030784
cf-cache-status: BYPASS
server: cloudflare
x-powered-by: Phusion Passenger Enterprise 6.0.7
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
status: 202 Accepted
cache-control: no-cache, no-store
cf-ray: 85b35812fbc39bdc-FRA
x-rack-cache: miss
x-request-id: 77a1693d3cc1345f324108517e21332a

GET /
app.clickfunnels.com/userevents/ 0
0

POST rum
psyyns0bcb96.clickfunnels.com/cdn-cgi/ 0
0

GET
H2 200 sso.min-20200819.css
www.donaldservice.se/ch/CHFINAL/css/ 180 KB
23 KB 56ms
56ms Stylesheet
text/css 109.235.174.19
LOOPIA3

General

Check archive.org

Show headers Download Go to

Full URL: https://www.donaldservice.se/ch/CHFINAL/css/sso.min-20200819.css
Requested by: Host: www.donaldservice.se
URL: https://www.donaldservice.se/ch/CHFINAL/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 109.235.174.19 , Sweden, ASN41528 (LOOPIA3, SE),
Reverse DNS: ing.r103.websupport.se
Software: openresty /
Resource Hash: fd23aeccc08239852a5ac678a7cc5b29c723987a0287674000b930cf606b115e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.donaldservice.se/ch/CHFINAL/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:55 GMT
content-encoding: gzip
last-modified: Fri, 03 Mar 2023 18:18:32 GMT
server: openresty
vary: Accept-Encoding, Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 23732
expires: Mon, 24 Feb 2025 16:57:09 GMT

GET
H/1.1 200
OK logo_text_de-20200819.svg
www.swisspass.ch//resources/img/ 137 KB
138 KB 177ms
60ms Image
image/svg+xml 193.203.121.166
SBB-CFF-FFS Telec...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.swisspass.ch//resources/img/logo_text_de-20200819.svg

Requested by

Host: www.donaldservice.se
URL: https://www.donaldservice.se/ch/CHFINAL/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.203.121.166 , Switzerland, ASN31004 (SBB-CFF-FFS Telecom SBB, CH),

Reverse DNS

Software

Apache /

Resource Hash

c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.donaldservice.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Sun, 25 Feb 2024 22:21:55 GMT
Strict-Transport-Security: max-age=16070400
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 139971
X-XSS-Protection: 1; mode=block
Referrer-Policy: same-origin
last-modified: Mon, 29 Jan 2024 14:19:21 GMT
Server: Apache
etag: "65b7b3e9-222c3"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
cache-control: max-age=31536000, private
Feature-Policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
accept-ranges: bytes
Keep-Alive: timeout=10, max=500
expires: Mon, 24 Feb 2025 22:21:55 GMT

GET
H/1.1 200
OK logo-20200819.svg
www.swisspass.ch//resources/img/ 7 KB
8 KB 168ms
51ms Image
image/svg+xml 193.203.121.166
SBB-CFF-FFS Telec...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.swisspass.ch//resources/img/logo-20200819.svg

Requested by

Host: www.donaldservice.se
URL: https://www.donaldservice.se/ch/CHFINAL/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.203.121.166 , Switzerland, ASN31004 (SBB-CFF-FFS Telecom SBB, CH),

Reverse DNS

Software

Apache /

Resource Hash

deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.donaldservice.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Sun, 25 Feb 2024 22:21:55 GMT
Strict-Transport-Security: max-age=16070400
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 7374
X-XSS-Protection: 1; mode=block
Referrer-Policy: same-origin
last-modified: Mon, 29 Jan 2024 14:19:21 GMT
Server: Apache
etag: "65b7b3e9-1cce"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
cache-control: max-age=31536000, private
Feature-Policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
accept-ranges: bytes
Keep-Alive: timeout=10, max=500
expires: Mon, 24 Feb 2025 22:21:55 GMT

GET
H2 404 loader-20200819.png
www.donaldservice.se/ch/CHFINAL/ 66 KB
66 KB 715ms
715ms Image
text/html 109.235.174.19
LOOPIA3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.donaldservice.se/ch/CHFINAL/loader-20200819.png
Requested by: Host: www.donaldservice.se
URL: https://www.donaldservice.se/ch/CHFINAL/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 109.235.174.19 , Sweden, ASN41528 (LOOPIA3, SE),
Reverse DNS: ing.r103.websupport.se
Software: openresty /
Resource Hash: eec9237c6e3d27432e598d711b52466f17cb366e51fe329ae5ef7d9b324d467e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.donaldservice.se/ch/CHFINAL/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:55 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding, Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.donaldservice.se/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 jquery-20200819.js.download Show response
www.donaldservice.se/ch/CHFINAL/js/ 95 KB
33 KB 154ms
153ms Script
application/javascript 109.235.174.19
LOOPIA3

General

Check archive.org

Show headers Download Go to

Full URL: https://www.donaldservice.se/ch/CHFINAL/js/jquery-20200819.js.download
Requested by: Host: www.donaldservice.se
URL: https://www.donaldservice.se/ch/CHFINAL/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 109.235.174.19 , Sweden, ASN41528 (LOOPIA3, SE),
Reverse DNS: ing.r103.websupport.se
Software: openresty /
Resource Hash: 24f31a4afb4d98c85b6cff4c9a953654a77986d6c4c9e9cae52cf57e59095e01

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.donaldservice.se/ch/CHFINAL/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:55 GMT
content-encoding: gzip
last-modified: Fri, 03 Mar 2023 18:18:32 GMT
server: openresty
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 33850
expires: Mon, 24 Feb 2025 22:21:55 GMT

GET
H2 200 vendor.min-20200819.js.download Show response
www.donaldservice.se/ch/CHFINAL/js/ 175 KB
53 KB 172ms
172ms Script
application/javascript 109.235.174.19
LOOPIA3

General

Check archive.org

Show headers Download Go to

Full URL: https://www.donaldservice.se/ch/CHFINAL/js/vendor.min-20200819.js.download
Requested by: Host: www.donaldservice.se
URL: https://www.donaldservice.se/ch/CHFINAL/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 109.235.174.19 , Sweden, ASN41528 (LOOPIA3, SE),
Reverse DNS: ing.r103.websupport.se
Software: openresty /
Resource Hash: be0223ae72bc8c610c7a5453d349964cbe78ff8646695a58bc13a4cf0a8d81d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.donaldservice.se/ch/CHFINAL/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:55 GMT
content-encoding: gzip
last-modified: Fri, 03 Mar 2023 18:18:32 GMT
server: openresty
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000
expires: Mon, 24 Feb 2025 22:21:55 GMT

GET
H2 200 swisspass.min-20200819.js.download Show response
www.donaldservice.se/ch/CHFINAL/js/ 97 KB
25 KB 129ms
129ms Script
application/javascript 109.235.174.19
LOOPIA3

General

Check archive.org

Show headers Download Go to

Full URL: https://www.donaldservice.se/ch/CHFINAL/js/swisspass.min-20200819.js.download
Requested by: Host: www.donaldservice.se
URL: https://www.donaldservice.se/ch/CHFINAL/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 109.235.174.19 , Sweden, ASN41528 (LOOPIA3, SE),
Reverse DNS: ing.r103.websupport.se
Software: openresty /
Resource Hash: 225e078f0432e7459d74e8d9245f1982570a3897d664ca2d219ccd09b244ab95

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.donaldservice.se/ch/CHFINAL/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:55 GMT
content-encoding: gzip
last-modified: Fri, 03 Mar 2023 18:18:32 GMT
server: openresty
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 25407
expires: Mon, 24 Feb 2025 22:21:55 GMT

GET
H2 200 jquery.min.js Show response
www.donaldservice.se/ch/CHFINAL/ 86 KB
30 KB 83ms
82ms Script
application/javascript 109.235.174.19
LOOPIA3

General

Check archive.org

Show headers Download Go to

Full URL: https://www.donaldservice.se/ch/CHFINAL/jquery.min.js
Requested by: Host: www.donaldservice.se
URL: https://www.donaldservice.se/ch/CHFINAL/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 109.235.174.19 , Sweden, ASN41528 (LOOPIA3, SE),
Reverse DNS: ing.r103.websupport.se
Software: openresty /
Resource Hash: 2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.donaldservice.se/ch/CHFINAL/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:55 GMT
content-encoding: gzip
last-modified: Fri, 29 Jan 2021 11:41:18 GMT
server: openresty
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 30679
expires: Mon, 24 Feb 2025 16:57:09 GMT

GET
H2 200 SBBWeb-Light.woff2
cdn.app.sbb.ch/fonts/v1_6_subset/ 14 KB
14 KB 168ms
79ms Font
application/font-woff2 3.69.204.166
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Light.woff2
Requested by: Host: www.donaldservice.se
URL: https://www.donaldservice.se/ch/CHFINAL/css/sso.min-20200819.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.69.204.166 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-69-204-166.eu-central-1.compute.amazonaws.com
Software: nginx/1.25.3 /
Resource Hash: 5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf

Request headers

Referer: https://www.donaldservice.se/
Origin: https://www.donaldservice.se
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:55 GMT
content-encoding: br
last-modified: Wed, 31 Jan 2024 10:14:44 GMT
server: nginx/1.25.3
etag: W/"65ba1d94-3784"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31536000, public, private
access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With
expires: Mon, 24 Feb 2025 22:21:55 GMT

GET
H2 404 icomoon.woff2
www.donaldservice.se/fonts/icomoon/ 0
0 494ms
494ms Font
text/html 109.235.174.19
LOOPIA3

General

Check archive.org

Show headers Download Go to

Full URL: https://www.donaldservice.se/fonts/icomoon/icomoon.woff2?7m5yri
Requested by: Host: www.donaldservice.se
URL: https://www.donaldservice.se/ch/CHFINAL/css/sso.min-20200819.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 109.235.174.19 , Sweden, ASN41528 (LOOPIA3, SE),
Reverse DNS: ing.r103.websupport.se
Software: openresty /
Resource Hash

Request headers

Referer: https://www.donaldservice.se/ch/CHFINAL/css/sso.min-20200819.css
Origin: https://www.donaldservice.se
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:55 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding, Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.donaldservice.se/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 404 co-branding Show response
www.donaldservice.se/idp/ 66 KB
14 KB 478ms
478ms XHR
text/html 109.235.174.19
LOOPIA3

General

Check archive.org

Show headers Download Go to

Full URL: https://www.donaldservice.se/idp/co-branding?resource=co-branding&lang=de&provider=sbbkn
Requested by: Host: www.donaldservice.se
URL: https://www.donaldservice.se/ch/CHFINAL/js/jquery-20200819.js.download
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 109.235.174.19 , Sweden, ASN41528 (LOOPIA3, SE),
Reverse DNS: ing.r103.websupport.se
Software: openresty /
Resource Hash: 96a04c140afcbd66e3d6b939aa1e5a5777b87fa3027e978f202f86678f29f663

Request headers

Accept: */*
Referer: https://www.donaldservice.se/ch/CHFINAL/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:55 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding, Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.donaldservice.se/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 404 icomoon.ttf
www.donaldservice.se/fonts/icomoon/ 0
0 487ms
487ms Font
text/html 109.235.174.19
LOOPIA3

General

Check archive.org

Show headers Download Go to

Full URL: https://www.donaldservice.se/fonts/icomoon/icomoon.ttf?7m5yri
Requested by: Host: www.donaldservice.se
URL: https://www.donaldservice.se/ch/CHFINAL/css/sso.min-20200819.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 109.235.174.19 , Sweden, ASN41528 (LOOPIA3, SE),
Reverse DNS: ing.r103.websupport.se
Software: openresty /
Resource Hash

Request headers

Referer: https://www.donaldservice.se/ch/CHFINAL/css/sso.min-20200819.css
Origin: https://www.donaldservice.se
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:56 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding, Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.donaldservice.se/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 404 icomoon.woff
www.donaldservice.se/fonts/icomoon/ 0
0 493ms
493ms Font
text/html 109.235.174.19
LOOPIA3

General

Check archive.org

Show headers Download Go to

Full URL: https://www.donaldservice.se/fonts/icomoon/icomoon.woff?7m5yri
Requested by: Host: www.donaldservice.se
URL: https://www.donaldservice.se/ch/CHFINAL/css/sso.min-20200819.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 109.235.174.19 , Sweden, ASN41528 (LOOPIA3, SE),
Reverse DNS: ing.r103.websupport.se
Software: openresty /
Resource Hash

Request headers

Referer: https://www.donaldservice.se/ch/CHFINAL/css/sso.min-20200819.css
Origin: https://www.donaldservice.se
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 22:21:56 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding, Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.donaldservice.se/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: track.addevent.com
URL: https://track.addevent.com/atc/?trktyp=jsinit&trkcal=&guid=f64c82cf-61b6-4bc9-1abe-73a774201741&url=https%3A%2F%2Fpsyyns0bcb96.clickfunnels.com%2Fswiiiiiiiisepro1708873889562&cache=1708899714910

Domain: app.clickfunnels.com
URL: https://app.clickfunnels.com/userevents/?funnel_id=dCtqV24rc1RiM2VmK2RBaU0zaGQ3Zz09LS15eFhySnFNalZ1RS9FWFIwU2JzTG9BPT0%3D--ffe565d719a26109a0f179ed5e6a2f4f633572e5&page_id=ekhhY3Faalh0enFoOFUyYVhpdGV0Zz09LS1YQythbXZIZ3ZvNnRoSE1La29lNkd3PT0%3D--27caab5b4aefaad00f20bf69551aea7721b15e73&funnel_step_id=ZERnaGlZQWNVd1ZyWVhydGY5Wk1XQT09LS00ajdCRzRNZmNIZW9jWjdYN29kZnJ3PT0%3D--8327d21063c7f46b812f7be4d21012197433596a&user_id=MlhKc0NDLzM0cEZqSFQ0WVFlZVJFdz09LS02d0JFYmthT2l6MWNMMldSL2JMOFZnPT0%3D--5ac4e4d51f2bb86c8d0b4596348475df5ef70d34&account_id=UEtxY0Y1SHFwRExITnFMT0VRNWJ2Zz09LS1FODF3WGdBMVZMdkRYRkVZWmVLamFRPT0%3D--f63dbd96d8d9b043cc9a025f6d5c6234945372a7&page_code=NjE0ODUxNjY%3D&mode_id=1&time_zone=America%2FNew_York&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniquePageviewsCreatedSummary&nonce=061c10ea-b03e-49ec-a862-13615ba2f293&url=https%3A%2F%2Fpsyyns0bcb96.clickfunnels.com%2Fswiiiiiiiisepro1708873889562

Domain: app.clickfunnels.com
URL: https://app.clickfunnels.com/userevents/?funnel_id=dCtqV24rc1RiM2VmK2RBaU0zaGQ3Zz09LS15eFhySnFNalZ1RS9FWFIwU2JzTG9BPT0%3D--ffe565d719a26109a0f179ed5e6a2f4f633572e5&page_id=ekhhY3Faalh0enFoOFUyYVhpdGV0Zz09LS1YQythbXZIZ3ZvNnRoSE1La29lNkd3PT0%3D--27caab5b4aefaad00f20bf69551aea7721b15e73&funnel_step_id=ZERnaGlZQWNVd1ZyWVhydGY5Wk1XQT09LS00ajdCRzRNZmNIZW9jWjdYN29kZnJ3PT0%3D--8327d21063c7f46b812f7be4d21012197433596a&user_id=MlhKc0NDLzM0cEZqSFQ0WVFlZVJFdz09LS02d0JFYmthT2l6MWNMMldSL2JMOFZnPT0%3D--5ac4e4d51f2bb86c8d0b4596348475df5ef70d34&account_id=UEtxY0Y1SHFwRExITnFMT0VRNWJ2Zz09LS1FODF3WGdBMVZMdkRYRkVZWmVLamFRPT0%3D--f63dbd96d8d9b043cc9a025f6d5c6234945372a7&page_code=NjE0ODUxNjY%3D&mode_id=1&time_zone=America%2FNew_York&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniqueVisitorsCreatedSummary&nonce=45500411-2048-4773-8316-6efc8cc9dc67&url=https%3A%2F%2Fpsyyns0bcb96.clickfunnels.com%2Fswiiiiiiiisepro1708873889562

Domain: psyyns0bcb96.clickfunnels.com
URL: https://psyyns0bcb96.clickfunnels.com/cdn-cgi/rum?

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Schweizerische Bundesbahnen (Transportation)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.clickfunnels.com/	1970-01-20 18:41:41	Name: __cf_bm Value: ntgD74eaKfiPr.hZCCjLMBfdlJL9GYWVoLHStr0N534-1708899714-1.0-AYcuB+ttG5A0Txpiq0s9vXt42Ee6+8hMfO49zJoKH2u5foObF4kh0tQ7glbHzX4AyM0JTb8DIRb9JeKJ0cOFje0O8jWp45W3sKeYolnSCodY
.clickfunnels.com/	1969-12-31 23:59:59	Name: _cfuvid Value: T9.2.WlpsMfby7IJwfcs6DRzyEMv3QYXFx00jW8rRJ4-1708899714447-0.0-604800000
psyyns0bcb96.clickfunnels.com/	1970-01-21 03:27:15	Name: addevent_track_cookie Value: f64c82cf-61b6-4bc9-1abe-73a774201741
psyyns0bcb96.clickfunnels.com/	1970-01-21 03:27:15	Name: cf:aff_sub2 Value:
psyyns0bcb96.clickfunnels.com/	1970-01-21 03:27:15	Name: cf:aff_sub3 Value:
psyyns0bcb96.clickfunnels.com/	1970-01-21 03:27:15	Name: cf:aff_sub Value:
psyyns0bcb96.clickfunnels.com/	1970-01-21 03:27:15	Name: cf:affiliate_id Value:
psyyns0bcb96.clickfunnels.com/	1970-01-21 03:27:15	Name: cf:cf_affiliate_id Value:
psyyns0bcb96.clickfunnels.com/	1970-01-21 03:27:15	Name: cf:content Value:
psyyns0bcb96.clickfunnels.com/	1970-01-21 03:27:15	Name: cf:medium Value:
psyyns0bcb96.clickfunnels.com/	1970-01-21 03:27:15	Name: cf:name Value:
psyyns0bcb96.clickfunnels.com/	1970-01-21 03:27:15	Name: cf:source Value:
psyyns0bcb96.clickfunnels.com/	1970-01-21 03:27:15	Name: cf:term Value:
psyyns0bcb96.clickfunnels.com/	1970-01-21 03:27:15	Name: cf:NjE0ODUxNjY Value: :visited=true
psyyns0bcb96.clickfunnels.com/	1970-01-21 03:27:15	Name: cf:visitor_id Value: 0f6f272a-68fb-48bd-a1ed-dc24ec1218e0
.swisspass.ch/	1969-12-31 23:59:59	Name: AL_SESS-S Value: Aan6x!2e6CEJTM!5Sxm5Ov5oEmQUYuy8dwJ3lwUi9j9!l5CVjx294H!DzZrmXhA9XDfg

29 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562 Message: [Report Only] Refused to load the script 'https://app.clickfunnels.com/assets/userevents/application.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562(Line 35) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-t6Vxo/K2XXcwNObVWf3p6pgMhkFKK0hciMusfARWud4='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562(Line 85) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-hfBDtdBZDxVKAs8p9Uk0BIXw5t14xwq4dGVVCS/J1JM='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562 Message: [Report Only] Refused to load the script 'https://app.clickfunnels.com/assets/lander.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://app.clickfunnels.com/assets/lander.js(Line 120) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security	error	Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security	error	URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562(Line 91) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-294J+eXMLs3v/jB1LqyHVspjfgxSS9vVscflcEquAE8='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562(Line 104) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-Tj1SICE8MRM3QQNipGVPXqIm5xcHqFIpOFzsbYccwFo='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562(Line 195) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-+Dx5dK+XpV8ayANKiPB/GrHEXMs0Bx3ili36bZaf4wM='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562(Line 205) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-aZ4RiOI9i+aW2Mo7RdfrqMHJf2zk6dpAUczmOQfqhEI='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562(Line 547) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-gLDvnfJxVMzZtN0hCQSyxcLlvz8tbwOvLklR8pEu18g='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562(Line 562) Message: [Report Only] Refused to load the script 'https://app.clickfunnels.com/cf.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562(Line 565) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-HTWwCBHCJLnINTfyNjTZ57B/dYQcPZnm3tPHWVcfRac='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562(Line 565) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-iFM7EWgTiZ1M8HUZYbdWh2NnepcDPPs1GA1SPizyz9E='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562 Message: [Report Only] Refused to load the script 'https://app.clickfunnels.com/assets/pushcrew.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://psyyns0bcb96.clickfunnels.com/swiiiiiiiisepro1708873889562 Message: [Report Only] Refused to load the script 'https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://app.clickfunnels.com/assets/lander.js(Line 2) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security	error	URL: https://app.clickfunnels.com/assets/userevents/application.js Message: [Report Only] Refused to connect to 'https://app.clickfunnels.com/userevents/?funnel_id=dCtqV24rc1RiM2VmK2RBaU0zaGQ3Zz09LS15eFhySnFNalZ1RS9FWFIwU2JzTG9BPT0%3D--ffe565d719a26109a0f179ed5e6a2f4f633572e5&page_id=ekhhY3Faalh0enFoOFUyYVhpdGV0Zz09LS1YQythbXZIZ3ZvNnRoSE1La29lNkd3PT0%3D--27caab5b4aefaad00f20bf69551aea7721b15e73&funnel_step_id=ZERnaGlZQWNVd1ZyWVhydGY5Wk1XQT09LS00ajdCRzRNZmNIZW9jWjdYN29kZnJ3PT0%3D--8327d21063c7f46b812f7be4d21012197433596a&user_id=MlhKc0NDLzM0cEZqSFQ0WVFlZVJFdz09LS02d0JFYmthT2l6MWNMMldSL2JMOFZnPT0%3D--5ac4e4d51f2bb86c8d...75df5ef70d34&account_id=UEtxY0Y1SHFwRExITnFMT0VRNWJ2Zz09LS1FODF3WGdBMVZMdkRYRkVZWmVLamFRPT0%3D--f63dbd96d8d9b043cc9a025f6d5c6234945372a7&page_code=NjE0ODUxNjY%3D&mode_id=1&time_zone=America%2FNew_York&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::PageviewsCreatedSummary&nonce=29d3e1ac-bbda-4e2a-ac28-fa8047c13fb7&url=https%3A%2F%2Fpsyyns0bcb96.clickfunnels.com%2Fswiiiiiiiisepro1708873889562' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://app.clickfunnels.com/assets/userevents/application.js Message: [Report Only] Refused to connect to 'https://app.clickfunnels.com/userevents/?funnel_id=dCtqV24rc1RiM2VmK2RBaU0zaGQ3Zz09LS15eFhySnFNalZ1RS9FWFIwU2JzTG9BPT0%3D--ffe565d719a26109a0f179ed5e6a2f4f633572e5&page_id=ekhhY3Faalh0enFoOFUyYVhpdGV0Zz09LS1YQythbXZIZ3ZvNnRoSE1La29lNkd3PT0%3D--27caab5b4aefaad00f20bf69551aea7721b15e73&funnel_step_id=ZERnaGlZQWNVd1ZyWVhydGY5Wk1XQT09LS00ajdCRzRNZmNIZW9jWjdYN29kZnJ3PT0%3D--8327d21063c7f46b812f7be4d21012197433596a&user_id=MlhKc0NDLzM0cEZqSFQ0WVFlZVJFdz09LS02d0JFYmthT2l6MWNMMldSL2JMOFZnPT0%3D--5ac4e4d51f2bb86c8d...f70d34&account_id=UEtxY0Y1SHFwRExITnFMT0VRNWJ2Zz09LS1FODF3WGdBMVZMdkRYRkVZWmVLamFRPT0%3D--f63dbd96d8d9b043cc9a025f6d5c6234945372a7&page_code=NjE0ODUxNjY%3D&mode_id=1&time_zone=America%2FNew_York&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniquePageviewsCreatedSummary&nonce=061c10ea-b03e-49ec-a862-13615ba2f293&url=https%3A%2F%2Fpsyyns0bcb96.clickfunnels.com%2Fswiiiiiiiisepro1708873889562' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://app.clickfunnels.com/assets/userevents/application.js Message: [Report Only] Refused to connect to 'https://app.clickfunnels.com/userevents/?funnel_id=dCtqV24rc1RiM2VmK2RBaU0zaGQ3Zz09LS15eFhySnFNalZ1RS9FWFIwU2JzTG9BPT0%3D--ffe565d719a26109a0f179ed5e6a2f4f633572e5&page_id=ekhhY3Faalh0enFoOFUyYVhpdGV0Zz09LS1YQythbXZIZ3ZvNnRoSE1La29lNkd3PT0%3D--27caab5b4aefaad00f20bf69551aea7721b15e73&funnel_step_id=ZERnaGlZQWNVd1ZyWVhydGY5Wk1XQT09LS00ajdCRzRNZmNIZW9jWjdYN29kZnJ3PT0%3D--8327d21063c7f46b812f7be4d21012197433596a&user_id=MlhKc0NDLzM0cEZqSFQ0WVFlZVJFdz09LS02d0JFYmthT2l6MWNMMldSL2JMOFZnPT0%3D--5ac4e4d51f2bb86c8d...ef70d34&account_id=UEtxY0Y1SHFwRExITnFMT0VRNWJ2Zz09LS1FODF3WGdBMVZMdkRYRkVZWmVLamFRPT0%3D--f63dbd96d8d9b043cc9a025f6d5c6234945372a7&page_code=NjE0ODUxNjY%3D&mode_id=1&time_zone=America%2FNew_York&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniqueVisitorsCreatedSummary&nonce=45500411-2048-4773-8316-6efc8cc9dc67&url=https%3A%2F%2Fpsyyns0bcb96.clickfunnels.com%2Fswiiiiiiiisepro1708873889562' because it violates the following Content Security Policy directive: "connect-src 'none'".
network	error	URL: https://track.addevent.com/atc/?trktyp=jsinit&trkcal=&guid=f64c82cf-61b6-4bc9-1abe-73a774201741&url=https%3A%2F%2Fpsyyns0bcb96.clickfunnels.com%2Fswiiiiiiiisepro1708873889562&cache=1708899714910 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
security	error	URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 Message: [Report Only] Refused to connect to 'https://psyyns0bcb96.clickfunnels.com/cdn-cgi/rum?' because it violates the following Content Security Policy directive: "connect-src 'none'".
other	warning	URL: https://www.donaldservice.se/ch/CHFINAL/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.donaldservice.se/ch/CHFINAL/(Line 1070) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://www.donaldservice.se/fonts/icomoon/icomoon.woff2?7m5yri Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.donaldservice.se/idp/co-branding?resource=co-branding&lang=de&provider=sbbkn Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.donaldservice.se/ch/CHFINAL/loader-20200819.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.donaldservice.se/fonts/icomoon/icomoon.ttf?7m5yri Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.donaldservice.se/fonts/icomoon/icomoon.woff?7m5yri Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.clickfunnels.com
cdn.app.sbb.ch
fonts.googleapis.com
images.clickfunnels.com
micicoatings.com
psyyns0bcb96.clickfunnels.com
static.cloudflareinsights.com
track.addevent.com
use.fontawesome.com
www.donaldservice.se
www.swisspass.ch
app.clickfunnels.com
psyyns0bcb96.clickfunnels.com
track.addevent.com
109.235.174.19
162.240.147.94
193.203.121.166
2606:4700::6810:3965
2606:4700::6810:fc2
2606:4700:e6::ac40:ce26
2a00:1450:4001:82f::200a
3.69.204.166
0548e45d9284a76581821292f0056a781ca5e76261b265d51b46ddcbfa6868e1
0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f
225e078f0432e7459d74e8d9245f1982570a3897d664ca2d219ccd09b244ab95
24f31a4afb4d98c85b6cff4c9a953654a77986d6c4c9e9cae52cf57e59095e01
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
2f48ff528b4b1c6eb5bf7d04dc901598ef193482c795edb65392068b95e6cfd8
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf
5dfa88a4dc8b6c0b834a62e45daee28a8dc37ed6ae7eb1545e4ed8b6382c0474
7030ba86e37b6d4510c4008e0fcf83306fa114ec6dd047ea6ca2f81c33b8fd53
96a04c140afcbd66e3d6b939aa1e5a5777b87fa3027e978f202f86678f29f663
be0223ae72bc8c610c7a5453d349964cbe78ff8646695a58bc13a4cf0a8d81d6
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909
eec9237c6e3d27432e598d711b52466f17cb366e51fe329ae5ef7d9b324d467e
f5358172b33d93b41591ef7f9b0c652d6eb4fa488c66c0f7286d5d8c43928be8
fd23aeccc08239852a5ac678a7cc5b29c723987a0287674000b930cf606b115e

www.donaldservice.se Open in urlscan Pro 109.235.174.19 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

30 Requests

87 %HTTPS

50 %IPv6

9 Domains

11 Subdomains

8 IPs

4 Countries

1197 kBTransfer

3905 kBSize

16 Cookies

4 Outgoing links

Page URL History

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

www.donaldservice.se Open in urlscan Pro
109.235.174.19 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

87 %
HTTPS

50 %
IPv6

9
Domains

11
Subdomains

8
IPs

4
Countries

1197 kB
Transfer

3905 kB
Size

16
Cookies

30 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!