Report - scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php

Report Overview

Submitted URL
scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
IP
104.21.23.59
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-04 17:42:23
Access
public
Website Title
SwissPass
Final URL
scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Tags
swosspass phishing transport
urlquery detections
Phishing - SwissPass

Detections

urlquery
14
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
scorpion-lab.com	unknown	2022-03-05	2022-03-05	2024-04-10	3.9 kB	293 kB	104.21.23.59
ocsp.swisssign.ch	unknown	unknown	2023-01-12	2024-05-02	374 B	7.2 kB	95.101.10.144
resources.swisspass.ch	unknown	unknown	2017-02-16	2024-04-03	476 B	202 kB	193.203.121.145
cdn.app.sbb.ch	610967	unknown	2018-04-04	2024-04-26	511 B	15 kB	3.64.90.235

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-02	medium	scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php	SwissPass

PhishTank

Scan Date	Severity	Indicator	Alert
2024-05-02	medium	scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	scorpion-lab.com	Sinkholed
2024-05-04	medium	scorpion-lab.com	Sinkholed
2024-05-04	medium	scorpion-lab.com	Sinkholed
2024-05-04	medium	scorpion-lab.com	Sinkholed
2024-05-04	medium	scorpion-lab.com	Sinkholed
2024-05-04	medium	scorpion-lab.com	Sinkholed
2024-05-04	medium	scorpion-lab.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php	74 B	2023-07-12	2024-05-18
Pretty URL scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php IP 104.21.23.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-12 13:45:42 Last Seen2024-05-18 10:54:32 Times Seen105 Hash 756b017533184fa5b086c13126d3daae 3c6b1702815f56ba5731066828855703d4ac5d40 c77b776fef4c3c2fd7c50edf41496d1776ef31fae6a4531356e1a3fafaef10d5 Loading...

	scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php	1.0 kB	2023-11-14	2024-05-18
Pretty URL scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php IP 104.21.23.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-14 18:20:15 Last Seen2024-05-18 10:54:32 Times Seen100 Hash 802d8baafccce06b1981f26faa482e1e 72ff72c726c8801666e460bbf63c9e052d05efb5 1d1ad2a12eb21962181cdf7126b860a0b539b70bad88c2af3b4068aa929f2de8 Loading...

HTTP Transactions (10)

URL IP Response Size

scorpion-lab.com/wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/loader-20200819.png

104.21.23.59

200 OK

272 B

URL GET HTTP/3
scorpion-lab.com/wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/loader-20200819.png
IP
104.21.23.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Certificate
IssuerGoogle Trust Services LLC
Subjectscorpion-lab.com
Fingerprint65:02:B0:DC:0B:4C:30:E6:DB:4D:DE:84:0E:D8:E9:CD:D0:C9:B4:10
ValidityWed, 01 May 2024 06:15:28 GMT - Tue, 30 Jul 2024 06:15:27 GMT

File type
PNG image data, 24 x 24, 4-bit colormap, non-interlaced
Size
272 B (272 bytes)
Hash
1a7ca896940219da5393e26600e0ee7b
558e1d3bad16b2faa7527f1f3133e21bf89cd507
f766c7457c6ec463eaa85778aa47261344f1772e0b7cf1987ad212f889f472f5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/loader-20200819.png HTTP/1.1
Host: scorpion-lab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Cookie: PHPSESSID=5viga8sgdp01hb735skd3rfpok
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:41:58 GMT
content-type: image/png
content-length: 272
cache-control: public, max-age=43200
expires: Fri, 03 May 2024 04:50:55 GMT
etag: "110-6613dfc0-cd81b;;;"
last-modified: Mon, 08 Apr 2024 12:14:56 GMT
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ClFxcxmT1GuAzZqgK1JjPV7Pg1%2BSf2BxdS2sOqeilKP32zX0iiaOYokDab3OODVQNbcXrJv6h3E1atGv4fAaUeV%2FvTgU9T%2B1kdHzMWok5v0rRYewPDBFc%2Fef35e0nkpzoKIC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea48dd58d6b505-OSL
alt-svc: h3=":443"; ma=86400

scorpion-lab.com/wp-includes/blocks/sbb/fss/logo_text_de-20200819.svg

104.21.23.59

200 OK

30 kB

URL GET HTTP/3
scorpion-lab.com/wp-includes/blocks/sbb/fss/logo_text_de-20200819.svg
IP
104.21.23.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Certificate
IssuerGoogle Trust Services LLC
Subjectscorpion-lab.com
Fingerprint65:02:B0:DC:0B:4C:30:E6:DB:4D:DE:84:0E:D8:E9:CD:D0:C9:B4:10
ValidityWed, 01 May 2024 06:15:28 GMT - Tue, 30 Jul 2024 06:15:27 GMT

File type
SVG Scalable Vector Graphics image
Size
30 kB (30389 bytes)
Hash
512410d9227bb0c2481e175dce0eda72
1deb5d9f09592101e632a8351865d54b1d6a27f7
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/blocks/sbb/fss/logo_text_de-20200819.svg HTTP/1.1
Host: scorpion-lab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Cookie: PHPSESSID=5viga8sgdp01hb735skd3rfpok
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:41:58 GMT
content-type: image/svg+xml
cache-control: public, max-age=43200
expires: Fri, 03 May 2024 04:50:55 GMT
etag: W/"222c3-6613dfc0-cd83b;br"
last-modified: Mon, 08 Apr 2024 12:14:56 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8HGaUr2R8jYcnXieJgKXc7az7bkWT0HIKJbmMZsL7%2FM2ZcVBtfktkw8zOhQK42MBpz5trBgsTjoQVzgUkja%2BNrfkUODABgmDASZ2pkLqLnop5UzhabyreZtAq3LOpQr%2BexdV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea48dd58cfb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

scorpion-lab.com/wp-includes/blocks/sbb/fss/logo-20200819.svg

104.21.23.59

200 OK

9.3 kB

URL GET HTTP/3
scorpion-lab.com/wp-includes/blocks/sbb/fss/logo-20200819.svg
IP
104.21.23.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Certificate
IssuerGoogle Trust Services LLC
Subjectscorpion-lab.com
Fingerprint65:02:B0:DC:0B:4C:30:E6:DB:4D:DE:84:0E:D8:E9:CD:D0:C9:B4:10
ValidityWed, 01 May 2024 06:15:28 GMT - Tue, 30 Jul 2024 06:15:27 GMT

File type
SVG Scalable Vector Graphics image
Size
9.3 kB (9266 bytes)
Hash
795242580bfa3135028bd0750fdc1654
2c344b6662e62ddbdba49f635e1c33a827fe75d4
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/blocks/sbb/fss/logo-20200819.svg HTTP/1.1
Host: scorpion-lab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Cookie: PHPSESSID=5viga8sgdp01hb735skd3rfpok
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:41:58 GMT
content-type: image/svg+xml
cache-control: public, max-age=43200
expires: Fri, 03 May 2024 04:50:55 GMT
etag: W/"1cce-6613dfc0-cd83a;br"
last-modified: Mon, 08 Apr 2024 12:14:56 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gzAI4UMy1%2BQ1YraxmjCIINz1Y9t4CGpMo9GIfNyrpnRFzcaaRvVVDtKd4e5Vt%2FFmeZb8DLCc4leZnjwcPkNJcWy3zmkfj8Wyj4Qy5XtfwaIJzTehA%2Bqz5hE3QABM9dspQHNE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea48dd58d2b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec

95.101.10.144

6.9 kB

URL
ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec
IP
95.101.10.144:0
ASN
#20940 Akamai International B.V.

File type
data
Size
6.9 kB (6897 bytes)
Hash
b49a146062caf9f90adca8149c429c22
de051e74353d49291f3c8d5179e836d67ccd120e
079eced976ee6a61e872240017d405c76fd17d5e37438843437016c4a42d53bd

HTTP Headers

POST /sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec HTTP/1.1
Host: ocsp.swisssign.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 87
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 6897
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=3600
Expires: Sat, 04 May 2024 18:41:58 GMT
Date: Sat, 04 May 2024 17:41:58 GMT
Connection: keep-alive

scorpion-lab.com/wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/sso.min-20200819.css

104.21.23.59

200 OK

225 kB

URL GET HTTP/3
scorpion-lab.com/wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/sso.min-20200819.css
IP
104.21.23.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Certificate
IssuerGoogle Trust Services LLC
Subjectscorpion-lab.com
Fingerprint65:02:B0:DC:0B:4C:30:E6:DB:4D:DE:84:0E:D8:E9:CD:D0:C9:B4:10
ValidityWed, 01 May 2024 06:15:28 GMT - Tue, 30 Jul 2024 06:15:27 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
225 kB (225195 bytes)
Hash
c68df606d0b339bd62824228dff3bd55
4a3e0a38a44b8a5af95bdda13506dbcbc72809c9
64bc21d4c6fcbb8fe04cf459742a4821bce630a690429e6e05d3f7e5face351b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/sso.min-20200819.css HTTP/1.1
Host: scorpion-lab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Cookie: PHPSESSID=5viga8sgdp01hb735skd3rfpok
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:41:58 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=183898
cache-control: public, max-age=43200
etag: W/"2ce5a-6613dfc0-cd822;br"
expires: Fri, 03 May 2024 04:50:55 GMT
last-modified: Mon, 08 Apr 2024 12:14:56 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6OxmmFYhUD2z9%2BVgy6FiZSx9t0wCDTvyH6pq7IBRIw1mtMmJRF%2FPwUtGd%2Fk6i0s2eLqDzFKimfamQnx2AwI61U6BpOgo8ynd2gE3%2BzXOKFWETOVL9v3XxbH%2BljcnhX8VZCXE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea48dd58c8b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

scorpion-lab.com/wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/favicon.ico?v=20140709-1126

104.21.23.59

200 OK

1.2 kB

URL GET HTTP/3
scorpion-lab.com/wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/favicon.ico?v=20140709-1126
IP
104.21.23.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Certificate
IssuerGoogle Trust Services LLC
Subjectscorpion-lab.com
Fingerprint65:02:B0:DC:0B:4C:30:E6:DB:4D:DE:84:0E:D8:E9:CD:D0:C9:B4:10
ValidityWed, 01 May 2024 06:15:28 GMT - Tue, 30 Jul 2024 06:15:27 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
6d866d9c4568bf7fc03e597e74ce7e28
e1b3d9f0e9cdcb785a94b6c1e1fe651a4ff98dcb
7c1925da382279a72f94990d0a1456f78918619f35780ea0905e4ae0db684677

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/favicon.ico?v=20140709-1126 HTTP/1.1
Host: scorpion-lab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Cookie: PHPSESSID=5viga8sgdp01hb735skd3rfpok
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:41:58 GMT
content-type: image/x-icon
cache-control: public, max-age=43200
expires: Fri, 03 May 2024 04:50:56 GMT
etag: W/"47e-6613dfc0-cd817;br"
last-modified: Mon, 08 Apr 2024 12:14:56 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fJG%2FeZwr8GEOLFPiai8jOtkWLWXPHD7VyvEulaCpAI9pgRZ3cJcljx%2F0u22fqraIzXvdHAt69raPxefBNIBpaThaYNKx60h5yIKmVmxLCCMq%2FyCEjEYEGnbMiC%2BUQ%2FXTgkxk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea48e21fd4b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php

104.21.23.59

200 OK

15 kB

URL User Request GET HTTP/2
scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
IP
104.21.23.59:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectscorpion-lab.com
Fingerprint65:02:B0:DC:0B:4C:30:E6:DB:4D:DE:84:0E:D8:E9:CD:D0:C9:B4:10
ValidityWed, 01 May 2024 06:15:28 GMT - Tue, 30 Jul 2024 06:15:27 GMT

File type

Size
15 kB (14604 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
OpenPhish	phishing	SwissPass
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/blocks/sbb/fss/signin.php HTTP/1.1
Host: scorpion-lab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 17:41:57 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=5viga8sgdp01hb735skd3rfpok; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M5DU9G%2BaHOI34AOzLU6d6n1cHCNklU56Di0JDNH1xygiVJSe44bA4%2BX8F28Yx6t3HaxBTQ2zQg5iYcB1%2FQBuaVMc%2BIsBu%2FFmlbtCcOLMi0jS3t%2Fi%2FAbV2g5tIOuALCx1CjXz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea48da0e2f712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

resources.swisspass.ch/content/dam/swisspass/co-branding/swiss_ch/login_bg.jpg

193.203.121.145

200 OK

201 kB

URL GET HTTP/1.1
resources.swisspass.ch/content/dam/swisspass/co-branding/swiss_ch/login_bg.jpg
IP
193.203.121.145:443
ASN
#31004 Schweizerische Bundesbahnen SBB

Requested by
https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Certificate
IssuerSwissSign AG
Subjectswisspass.ch
Fingerprint0F:CC:F3:F9:E7:22:13:51:BD:03:15:EE:A8:31:BE:24:0B:CA:37:16
ValidityThu, 14 Mar 2024 05:50:58 GMT - Fri, 14 Mar 2025 05:50:58 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1563x1198, components 3
Size
201 kB (200933 bytes)
Hash
0f80ca4a78ce3af79ad01923484e0a5b
fac97c21d7965e9ac6950844123fd5f65b8f0a77
58a037c0bde953b48561826f3df16031f7ddfce33c4018619d3f39c6af6eec1b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass

HTTP Headers

GET /content/dam/swisspass/co-branding/swiss_ch/login_bg.jpg HTTP/1.1
Host: resources.swisspass.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scorpion-lab.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 17:41:58 GMT
Server: Apache
Content-Length: 200933
ETag: "310e5-617965d30e418"
Expires: Sat, 04 May 2024 23:41:57 GMT
Cache-Control: max-age=21600
Last-Modified: Sat, 04 May 2024 01:00:36 GMT
X-Plattform: cprod
x-url: /content/dam/swisspass/co-branding/swiss_ch/login_bg.jpg
X-Varnish: 28727832 27604080
X-Cache: HIT
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Keep-Alive: timeout=10, max=500
Connection: Keep-Alive
Content-Type: image/jpeg

cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Light.woff2

3.64.90.235

200 OK

14 kB

URL GET HTTP/2
cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Light.woff2
IP
3.64.90.235:443
ASN
#16509 AMAZON-02

Requested by
https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Certificate
IssuerAmazon
Subject*.app.sbb.ch
Fingerprint91:97:68:15:9B:1D:9F:0F:5B:C1:DB:F4:EE:DC:A6:EC:4A:2A:09:71
ValidityWed, 16 Aug 2023 00:00:00 GMT - Fri, 13 Sep 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14212, version 1.0
Size
14 kB (14212 bytes)
Hash
8b70a44a98a0ac5d721df7d8f5136f7b
10e10c01e732f3d35a78e1051bfcc9fe2589ddda
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass

HTTP Headers

GET /fonts/v1_6_subset/SBBWeb-Light.woff2 HTTP/1.1
Host: cdn.app.sbb.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://scorpion-lab.com
DNT: 1
Connection: keep-alive
Referer: https://scorpion-lab.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 17:41:58 GMT
content-type: application/font-woff2
content-length: 14212
server: nginx/1.25.5
last-modified: Wed, 31 Jan 2024 10:14:44 GMT
vary: Accept-Encoding
etag: "65ba1d94-3784"
expires: Sun, 04 May 2025 17:41:58 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With
cache-control: max-age=31536000, public, private
accept-ranges: bytes
set-cookie: 9527f1a32486d650b0687919ffd41c2b=a3ed87b2dc9abb853daf697c7a2ecf62; path=/; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2

scorpion-lab.com/wp-includes/blocks/sbb/fss/icomoon.woff2

104.21.23.59

200 OK

6.7 kB

URL GET HTTP/3
scorpion-lab.com/wp-includes/blocks/sbb/fss/icomoon.woff2
IP
104.21.23.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Certificate
IssuerGoogle Trust Services LLC
Subjectscorpion-lab.com
Fingerprint65:02:B0:DC:0B:4C:30:E6:DB:4D:DE:84:0E:D8:E9:CD:D0:C9:B4:10
ValidityWed, 01 May 2024 06:15:28 GMT - Tue, 30 Jul 2024 06:15:27 GMT

File type
Web Open Font Format (Version 2), TrueType, length 6676, version 1.0
Size
6.7 kB (6676 bytes)
Hash
76d0b40f597b59510e88eeec38c1add3
ef6ce2a484f4c6df2d23d0da6428f7a1ee2701a0
78a4a776506b173ae79fd021d0e9003c7d653ca204ea1d69bea4d553f92f787d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/blocks/sbb/fss/icomoon.woff2 HTTP/1.1
Host: scorpion-lab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Cookie: PHPSESSID=5viga8sgdp01hb735skd3rfpok
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:41:58 GMT
content-type: font/woff2
content-length: 6676
cache-control: public, max-age=43200
expires: Fri, 03 May 2024 04:50:56 GMT
etag: "1a14-6613dfc0-cd835;;;"
last-modified: Mon, 08 Apr 2024 12:14:56 GMT
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jz2GbNOCN9BdHvKYqFEKAyQ3rEv3A6dyxhoy%2B4AL1hwIrYqoIMxC8qm0YgyP%2Fx8xvAGK4CmQf1n%2BOQZEOSQNcOiw%2FHMLkZ3CdKVWqFF75%2Bvi%2BkuGEGXISrjBTYRxVovI1uxA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea48dfac20b505-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (10)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP