| dysonus.com/wp/CHFINAL/90448/js/jquery-20200819.js.download |  104.21.80.23 | 200 OK | 97 kB |
URL GET HTTP/3dysonus.com/wp/CHFINAL/90448/js/jquery-20200819.js.download IP104.21.80.23:443
Requested byhttps://dysonus.com/wp/CHFINAL/90448/ CertificateIssuerLet's Encrypt Subjectdysonus.com Fingerprint5E:93:99:B5:B9:C4:DF:57:A3:E2:0F:58:05:88:BE:F0:83:5B:0D:20 ValiditySun, 28 Apr 2024 11:38:52 GMT - Sat, 27 Jul 2024 11:38:51 GMT
File typeJavaScript source, ASCII text, with very long lines (32060) Hash43327285f22db304e1bc08eae9c9522e aff0883be1487a752a7431783bf2e5eb2c39353f 24f31a4afb4d98c85b6cff4c9a953654a77986d6c4c9e9cae52cf57e59095e01
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - SwissPass | | Quad9 DNS | malicious | Sinkholed |
GET /wp/CHFINAL/90448/js/jquery-20200819.js.download HTTP/1.1
Host: dysonus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dysonus.com/wp/CHFINAL/90448/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 16:57:16 GMT
content-type: application/octet-stream
content-length: 97364
last-modified: Sat, 27 Apr 2024 14:32:40 GMT
etag: "662d0c88-17c54"
strict-transport-security: max-age=31536000
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eA4FOGiQsvWrErBkKiIC2FmM2oAQltrvkIf962QNM6%2Fe20LJtfRoii7joJiz1TLgMn%2FM8fXl4VL8%2Bdx2i3MX7y1LaZle4HbOunQiMigB9z0h7CL4wvW2eQXGpv42pQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880afce8096a56af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec |  23.36.79.32 | | 6.9 kB |
URL ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec IP23.36.79.32:0 ASN#20940 Akamai International B.V.
Hash6209f365cabfcca75743bb4382cc8b42 ca5355af7c474333252c83d9d9028cb51e7b4cce eba35532939dd431d6223b3245ca69522052a18936d22f2c3726cfc777eae88d
POST /sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec HTTP/1.1
Host: ocsp.swisssign.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 87
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 6897
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 17:57:17 GMT
Date: Wed, 08 May 2024 16:57:17 GMT
Connection: keep-alive
|
|
| ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec | 23.36.79.32 | | 6.9 kB |
URL ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec IP23.36.79.32:0 ASN#20940 Akamai International B.V.
Hash6209f365cabfcca75743bb4382cc8b42 ca5355af7c474333252c83d9d9028cb51e7b4cce eba35532939dd431d6223b3245ca69522052a18936d22f2c3726cfc777eae88d
POST /sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec HTTP/1.1
Host: ocsp.swisssign.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 87
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 6897
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 17:57:17 GMT
Date: Wed, 08 May 2024 16:57:17 GMT
Connection: keep-alive
|
|
| www.swisspass.ch//resources/img/logo-20200819.svg |  193.203.121.166 | 200 OK | 7.4 kB |
URL GET HTTP/1.1www.swisspass.ch//resources/img/logo-20200819.svg IP193.203.121.166:443 ASN#31004 Schweizerische Bundesbahnen SBB
Requested byhttps://dysonus.com/wp/CHFINAL/90448/ CertificateIssuerSwissSign AG Subjectswisspass.ch Fingerprint0F:CC:F3:F9:E7:22:13:51:BD:03:15:EE:A8:31:BE:24:0B:CA:37:16 ValidityThu, 14 Mar 2024 05:50:58 GMT - Fri, 14 Mar 2025 05:50:58 GMT
File typeSVG Scalable Vector Graphics image Hash795242580bfa3135028bd0750fdc1654 2c344b6662e62ddbdba49f635e1c33a827fe75d4 deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - SwissPass |
GET //resources/img/logo-20200819.svg HTTP/1.1
Host: www.swisspass.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dysonus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 16:57:17 GMT
Server: Apache
Content-Length: 7374
last-modified: Fri, 26 Apr 2024 10:42:00 GMT
etag: "662b84f8-1cce"
expires: Thu, 08 May 2025 16:57:17 GMT
accept-ranges: bytes
cache-control: max-age=31536000, private
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Feature-Policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Set-Cookie: AL_SESS-S=AeOWZqwPZfWuI90L5QihXbUF9szxdWM0RkIBEy1F_usRFBGmswVKLozF86i2iC1ijPZe; Path=/; Domain=.swisspass.ch; Secure; HttpOnly; SameSite=None
Keep-Alive: timeout=10, max=500
Connection: Keep-Alive
Content-Type: image/svg+xml
|
|
| www.swisspass.ch//resources/img/logo_text_de-20200819.svg | 193.203.121.166 | 200 OK | 140 kB |
URL GET HTTP/1.1www.swisspass.ch//resources/img/logo_text_de-20200819.svg IP193.203.121.166:443 ASN#31004 Schweizerische Bundesbahnen SBB
Requested byhttps://dysonus.com/wp/CHFINAL/90448/ CertificateIssuerSwissSign AG Subjectswisspass.ch Fingerprint0F:CC:F3:F9:E7:22:13:51:BD:03:15:EE:A8:31:BE:24:0B:CA:37:16 ValidityThu, 14 Mar 2024 05:50:58 GMT - Fri, 14 Mar 2025 05:50:58 GMT
File typeSVG Scalable Vector Graphics image Size140 kB (139971 bytes) Hash512410d9227bb0c2481e175dce0eda72 1deb5d9f09592101e632a8351865d54b1d6a27f7 c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - SwissPass |
GET //resources/img/logo_text_de-20200819.svg HTTP/1.1
Host: www.swisspass.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dysonus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 16:57:17 GMT
Server: Apache
Content-Length: 139971
last-modified: Fri, 26 Apr 2024 10:42:00 GMT
etag: "662b84f8-222c3"
expires: Thu, 08 May 2025 16:57:17 GMT
accept-ranges: bytes
cache-control: max-age=31536000, private
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Feature-Policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Set-Cookie: AL_SESS-S=AWvxtENSBV!GKdIN9_jHdUGy_3Pk2NijkVfxCSyMBSvWg2!uao!ik9QghCqBE8BscqaM; Path=/; Domain=.swisspass.ch; Secure; HttpOnly; SameSite=None
Keep-Alive: timeout=10, max=500
Connection: Keep-Alive
Content-Type: image/svg+xml
|
|
| dysonus.com/wp/CHFINAL/90448/ | 104.21.80.23 | 200 OK | 110 kB |
URL User Request GET HTTP/2dysonus.com/wp/CHFINAL/90448/ IP104.21.80.23:443
CertificateIssuerLet's Encrypt Subjectdysonus.com Fingerprint5E:93:99:B5:B9:C4:DF:57:A3:E2:0F:58:05:88:BE:F0:83:5B:0D:20 ValiditySun, 28 Apr 2024 11:38:52 GMT - Sat, 27 Jul 2024 11:38:51 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (2819), with CRLF line terminators Size110 kB (110469 bytes) Hash2c73b62984f35c4eeefaea5da4185585 404d3a6b83d2d86f8c1286bee618ec64ff2f602f 253cc6b9492d92ebefa081634dd02241b33c4bd83e17af332305f8e91cf39ace
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - SwissPass | | OpenPhish | phishing | SBB | | Quad9 DNS | malicious | Sinkholed |
GET /wp/CHFINAL/90448/ HTTP/1.1
Host: dysonus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:57:16 GMT
content-type: text/html
last-modified: Sat, 27 Apr 2024 14:32:40 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TaUDm74SRPRcoIFCzi1U3mAOhG2iLyAoMtvqZBGCeZYloO%2FQ54poj62fwUMW1ooA3%2BqFKzHh4LUJfLcivyJJOTL%2BD9QQjfMZzHAMJ%2BLW4qvfznP%2BjP3R9kk%2B66lAzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880afce45fca1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| dysonus.com/wp/CHFINAL/90448/js/vendor.min-20200819.js.download | 104.21.80.23 | 200 OK | 179 kB |
URL GET HTTP/3dysonus.com/wp/CHFINAL/90448/js/vendor.min-20200819.js.download IP104.21.80.23:443
Requested byhttps://dysonus.com/wp/CHFINAL/90448/ CertificateIssuerLet's Encrypt Subjectdysonus.com Fingerprint5E:93:99:B5:B9:C4:DF:57:A3:E2:0F:58:05:88:BE:F0:83:5B:0D:20 ValiditySun, 28 Apr 2024 11:38:52 GMT - Sat, 27 Jul 2024 11:38:51 GMT
File typeJavaScript source, ASCII text, with very long lines (663) Size179 kB (179210 bytes) Hashccfc9b3b004cfb4f51ae7853af5f78d9 2c52cec1f06c406c4d5d2cf34e870ef15a85dad7 be0223ae72bc8c610c7a5453d349964cbe78ff8646695a58bc13a4cf0a8d81d6
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - SwissPass | | Quad9 DNS | malicious | Sinkholed |
GET /wp/CHFINAL/90448/js/vendor.min-20200819.js.download HTTP/1.1
Host: dysonus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dysonus.com/wp/CHFINAL/90448/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 16:57:17 GMT
content-type: application/octet-stream
content-length: 179210
last-modified: Sat, 27 Apr 2024 14:32:40 GMT
etag: "662d0c88-2bc0a"
strict-transport-security: max-age=31536000
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k45QDDcMAr4OOf4LnwLPyPQ22nGEEqpPqPzLwNxOyaUU9fpdjRMojxz56tm3Qk7Yvim4fPffNv6whuX7NVxEsuKj0IJe0FJPX5kbny5oua8zHhu7VuurucpyToLxGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880afce8096f56af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Light.woff2 |  52.29.150.144 | 200 OK | 14 kB |
URL GET HTTP/2cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Light.woff2 IP52.29.150.144:443
Requested byhttps://dysonus.com/wp/CHFINAL/90448/ CertificateIssuerAmazon Subject*.app.sbb.ch Fingerprint91:97:68:15:9B:1D:9F:0F:5B:C1:DB:F4:EE:DC:A6:EC:4A:2A:09:71 ValidityWed, 16 Aug 2023 00:00:00 GMT - Fri, 13 Sep 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 14212, version 1.0 Hash8b70a44a98a0ac5d721df7d8f5136f7b 10e10c01e732f3d35a78e1051bfcc9fe2589ddda 5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - SwissPass |
GET /fonts/v1_6_subset/SBBWeb-Light.woff2 HTTP/1.1
Host: cdn.app.sbb.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dysonus.com
DNT: 1
Connection: keep-alive
Referer: https://dysonus.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:57:17 GMT
content-type: application/font-woff2
content-length: 14212
server: nginx/1.25.5
last-modified: Wed, 31 Jan 2024 10:14:44 GMT
vary: Accept-Encoding
etag: "65ba1d94-3784"
expires: Thu, 08 May 2025 16:57:17 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With
cache-control: max-age=31536000, public, private
accept-ranges: bytes
set-cookie: 9527f1a32486d650b0687919ffd41c2b=0580bfb6213fa824d8a60a35c6ca8ea3; path=/; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| dysonus.com/idp/co-branding?resource=co-branding&lang=de&provider=sbbkn | 104.21.80.23 | 404 Not Found | 53 kB |
URL GET HTTP/3dysonus.com/idp/co-branding?resource=co-branding&lang=de&provider=sbbkn IP104.21.80.23:443
Requested byhttps://dysonus.com/wp/CHFINAL/90448/ CertificateIssuerLet's Encrypt Subjectdysonus.com Fingerprint5E:93:99:B5:B9:C4:DF:57:A3:E2:0F:58:05:88:BE:F0:83:5B:0D:20 ValiditySun, 28 Apr 2024 11:38:52 GMT - Sat, 27 Jul 2024 11:38:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - SwissPass | | Quad9 DNS | malicious | Sinkholed |
GET /idp/co-branding?resource=co-branding&lang=de&provider=sbbkn HTTP/1.1
Host: dysonus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://dysonus.com/wp/CHFINAL/90448/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Wed, 08 May 2024 16:57:19 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://dysonus.com/index.php/wp-json/>; rel="https://api.w.org/"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DfDL0iabbUE%2FGSX6RGnxTbtR0qv5My7w3WL%2FOySil%2FsmFBr%2B9piHYkn8BbVVDeB%2BDp1YOWorwfeitOZIK2hCrozLul1wCm4nyFAm7uKFEhvMHY5cL9%2FFT0egK%2B2NZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880afced2a7956af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| dysonus.com/wp/fonts/icomoon/icomoon.ttf?7m5yri | 104.21.80.23 | 404 Not Found | 53 kB |
URL GET HTTP/3dysonus.com/wp/fonts/icomoon/icomoon.ttf?7m5yri IP104.21.80.23:443
Requested byhttps://dysonus.com/wp/CHFINAL/90448/ CertificateIssuerLet's Encrypt Subjectdysonus.com Fingerprint5E:93:99:B5:B9:C4:DF:57:A3:E2:0F:58:05:88:BE:F0:83:5B:0D:20 ValiditySun, 28 Apr 2024 11:38:52 GMT - Sat, 27 Jul 2024 11:38:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - SwissPass | | Quad9 DNS | malicious | Sinkholed |
GET /wp/fonts/icomoon/icomoon.ttf?7m5yri HTTP/1.1
Host: dysonus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dysonus.com/wp/CHFINAL/90448/css/sso.min-20200819.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Wed, 08 May 2024 16:57:20 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: max-age=14400, must-revalidate
link: <https://dysonus.com/index.php/wp-json/>; rel="https://api.w.org/"
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c7so9dZ4uz6iZP1wFemTRe1FILyrtTDZQ9GpjS8JMRfDq8UEPf%2FxctAxSSeXnuZRzSlUCzoIFa%2BBbkselI7CB1iRvNRCuy%2BwD2u3iWuIhvZm%2FqO6zGC7mVKcRacrVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880afcf77aef56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| dysonus.com/wp/CHFINAL/90448/css/sso.min-20200819.css | 104.21.80.23 | 200 OK | 184 kB |
URL GET HTTP/3dysonus.com/wp/CHFINAL/90448/css/sso.min-20200819.css IP104.21.80.23:443
Requested byhttps://dysonus.com/wp/CHFINAL/90448/ CertificateIssuerLet's Encrypt Subjectdysonus.com Fingerprint5E:93:99:B5:B9:C4:DF:57:A3:E2:0F:58:05:88:BE:F0:83:5B:0D:20 ValiditySun, 28 Apr 2024 11:38:52 GMT - Sat, 27 Jul 2024 11:38:51 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size184 kB (184065 bytes) Hash2bbf7f3318c47af5e7612c00944fad2e 3c1974c80924829ef60ad41f10e6c24e1299f2ec fd23aeccc08239852a5ac678a7cc5b29c723987a0287674000b930cf606b115e
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - SwissPass | | Quad9 DNS | malicious | Sinkholed |
GET /wp/CHFINAL/90448/css/sso.min-20200819.css HTTP/1.1
Host: dysonus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dysonus.com/wp/CHFINAL/90448/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 16:57:17 GMT
content-type: text/css
last-modified: Sat, 27 Apr 2024 14:32:40 GMT
vary: Accept-Encoding
etag: W/"662d0c88-2cf01"
expires: Thu, 09 May 2024 04:57:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TStVJtsBvBfA7Qmy3NfB8UnsIrbMmrLS5RTVB1UGPkr2pHSKOVYFVDO3PeGvf9njOG0tN2xntBLmRtiFcaGm%2BvsVwjzCYrcfB465x3oeHfncw6z4wOjhxzEvoW0%2BIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880afce7f95756af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| dysonus.com/wp/fonts/icomoon/icomoon.woff?7m5yri | 104.21.80.23 | 404 Not Found | 53 kB |
URL GET HTTP/3dysonus.com/wp/fonts/icomoon/icomoon.woff?7m5yri IP104.21.80.23:443
Requested byhttps://dysonus.com/wp/CHFINAL/90448/ CertificateIssuerLet's Encrypt Subjectdysonus.com Fingerprint5E:93:99:B5:B9:C4:DF:57:A3:E2:0F:58:05:88:BE:F0:83:5B:0D:20 ValiditySun, 28 Apr 2024 11:38:52 GMT - Sat, 27 Jul 2024 11:38:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - SwissPass | | Quad9 DNS | malicious | Sinkholed |
GET /wp/fonts/icomoon/icomoon.woff?7m5yri HTTP/1.1
Host: dysonus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://dysonus.com/wp/CHFINAL/90448/css/sso.min-20200819.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Wed, 08 May 2024 16:57:22 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: max-age=14400, must-revalidate
link: <https://dysonus.com/index.php/wp-json/>; rel="https://api.w.org/"
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BYHKQ30pMFnZa1U6K65zcu8wTB5c7FAAySm8tfxLwlCyqB2KlFn5glNnT6SJPAQmqcVm4p%2FcOeUD735y79zLR7kNQOHsWRfUTXW707ILPjQOLN8PWz9tMbE6uCNgZw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880afd022c2456af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| dysonus.com/wp/CHFINAL/90448/loader-20200819.png | 104.21.80.23 | 404 Not Found | 146 B |
URL GET HTTP/3dysonus.com/wp/CHFINAL/90448/loader-20200819.png IP104.21.80.23:443
Requested byhttps://dysonus.com/wp/CHFINAL/90448/ CertificateIssuerLet's Encrypt Subjectdysonus.com Fingerprint5E:93:99:B5:B9:C4:DF:57:A3:E2:0F:58:05:88:BE:F0:83:5B:0D:20 ValiditySun, 28 Apr 2024 11:38:52 GMT - Sat, 27 Jul 2024 11:38:51 GMT
File typeHTML document, ASCII text, with no line terminators Hash40b3fc14254227ec5012d996bf90c4e1 b0dd06eb5a779151151101337889ff09953f8ac0 740816c1b61e4a8443c26d30d3eecfea04815fca8cd605a142f9d8a35f86ceca
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - SwissPass | | Quad9 DNS | malicious | Sinkholed |
GET /wp/CHFINAL/90448/loader-20200819.png HTTP/1.1
Host: dysonus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dysonus.com/wp/CHFINAL/90448/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Wed, 08 May 2024 16:57:17 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GNa%2FLcypOgSkStqTuLR9pOB2SyFQwx3ZQWops3C8bd2k%2BD1k177iUwsiEGgziXKAyfxT1NG%2FHWFc8teVYriJZw1Dqt3nd8wqbTVdmbRTH9m6y8f%2BGvut%2Bo%2Fpw0pMxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880afce8096456af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| dysonus.com/wp/CHFINAL/90448/js/swisspass.min-20200819.js.download | 104.21.80.23 | 200 OK | 99 kB |
URL GET HTTP/3dysonus.com/wp/CHFINAL/90448/js/swisspass.min-20200819.js.download IP104.21.80.23:443
Requested byhttps://dysonus.com/wp/CHFINAL/90448/ CertificateIssuerLet's Encrypt Subjectdysonus.com Fingerprint5E:93:99:B5:B9:C4:DF:57:A3:E2:0F:58:05:88:BE:F0:83:5B:0D:20 ValiditySun, 28 Apr 2024 11:38:52 GMT - Sat, 27 Jul 2024 11:38:51 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashc508537c16d8571aa071a4e32719577f 5b094277e1b5d7902fb38966eaff2e4e46d6f889 60319fa5b825bca9e9419980f08b1843ffc398619e79c7111fabffb7959d2758
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - SwissPass | | Quad9 DNS | malicious | Sinkholed |
GET /wp/CHFINAL/90448/js/swisspass.min-20200819.js.download HTTP/1.1
Host: dysonus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dysonus.com/wp/CHFINAL/90448/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 16:57:17 GMT
content-type: application/octet-stream
content-length: 99324
last-modified: Sat, 27 Apr 2024 14:32:40 GMT
etag: "662d0c88-183fc"
strict-transport-security: max-age=31536000
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LdAPbvoMNezZKsSTRuD4BJ3EVtsLdAyNKrBQvPEawV%2FnTCw49wVwKMwH19YwpULNuO2yLajg5y0ZBNHQkuau6%2FLYngBHgEXfKdo60CH5F%2F8gJ%2FreoHqREHkjumSG9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880afce8097756af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| dysonus.com/wp/fonts/icomoon/icomoon.woff2?7m5yri | 104.21.80.23 | 404 Not Found | 53 kB |
URL GET HTTP/3dysonus.com/wp/fonts/icomoon/icomoon.woff2?7m5yri IP104.21.80.23:443
Requested byhttps://dysonus.com/wp/CHFINAL/90448/ CertificateIssuerLet's Encrypt Subjectdysonus.com Fingerprint5E:93:99:B5:B9:C4:DF:57:A3:E2:0F:58:05:88:BE:F0:83:5B:0D:20 ValiditySun, 28 Apr 2024 11:38:52 GMT - Sat, 27 Jul 2024 11:38:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - SwissPass | | Quad9 DNS | malicious | Sinkholed |
GET /wp/fonts/icomoon/icomoon.woff2?7m5yri HTTP/1.1
Host: dysonus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://dysonus.com/wp/CHFINAL/90448/css/sso.min-20200819.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Wed, 08 May 2024 16:57:19 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: max-age=14400, must-revalidate
link: <https://dysonus.com/index.php/wp-json/>; rel="https://api.w.org/"
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mq6B7M%2B5F5%2FNZMLgTnvNqUlXoFDOAhBK4LLWaaGrqoNHJvMSUU2xEJ4JgC6e7VGtGcMD9A78UjkpE3S1WIZ7oL5BEP6T7d8lOw9%2FUJ3Q6jXX%2BhB%2BcHVHupo2JGakhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880afcebbfb956af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| dysonus.com/wp/CHFINAL/90448/img/favicon.ico | 104.21.80.23 | 200 OK | 1.2 kB |
URL GET HTTP/3dysonus.com/wp/CHFINAL/90448/img/favicon.ico IP104.21.80.23:443
Requested byhttps://dysonus.com/wp/CHFINAL/90448/ CertificateIssuerLet's Encrypt Subjectdysonus.com Fingerprint5E:93:99:B5:B9:C4:DF:57:A3:E2:0F:58:05:88:BE:F0:83:5B:0D:20 ValiditySun, 28 Apr 2024 11:38:52 GMT - Sat, 27 Jul 2024 11:38:51 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash6d866d9c4568bf7fc03e597e74ce7e28 e1b3d9f0e9cdcb785a94b6c1e1fe651a4ff98dcb 7c1925da382279a72f94990d0a1456f78918619f35780ea0905e4ae0db684677
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - SwissPass | | Quad9 DNS | malicious | Sinkholed |
GET /wp/CHFINAL/90448/img/favicon.ico HTTP/1.1
Host: dysonus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dysonus.com/wp/CHFINAL/90448/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 16:57:18 GMT
content-type: image/x-icon
last-modified: Sat, 27 Apr 2024 14:32:40 GMT
etag: W/"662d0c88-47e"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ulQaM3AvxRW4g8Hwq7kkaiwZBgFj9fHs6KsuMxDTTkRGM72vnTHpuUPFswTCGSmQcbTmalfCptPDz66frDYdfK8nFBXXmx2GwRqx89gxlQJEo4UL6OaSzj6ivtcWWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880afcee6cbf56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
172.67.173.85