Report - loom.ly/qrqEtGo

Report Overview

Submitted URL
loom.ly/qrqEtGo
IP
3.231.89.48
ASN
#14618 AMAZON-AES
Submitted
2024-05-10 05:46:17
Access
public
Website Title
Cembra Money Bank
Final URL
kontocembrabanking.sviluppo.host/pass/
Tags
swosspass phishing transport
urlquery detections
Phishing - SwissPass

Detections

urlquery
6
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.app.sbb.ch	610967	unknown	2018-04-04	2024-05-08	541 B	15 kB	52.58.100.26
ocsp.swisssign.ch	unknown	unknown	2023-01-12	2024-05-08	748 B	14 kB	23.36.79.11
www.swisspass.ch	501260	unknown	2015-03-10	2024-04-29	485 B	5.2 kB	193.203.121.166
eservice.cembra.ch	unknown	unknown	2014-04-03	2024-03-12	508 B	5.7 kB	193.222.93.232
www.ictjournal.ch	unknown	unknown	2012-12-28	2024-03-11	492 B	500 B	193.93.20.99
loom.ly	528318	2017-07-09	2017-10-25	2024-03-04	469 B	375 B	52.70.63.93
kontocembrabanking.sviluppo.host	unknown	unknown	No data	No data	8.4 kB	297 kB	149.62.187.89
cdn.shopify.com	2327	2005-03-11	2012-06-22	2024-05-09	474 B	2.8 kB	23.227.60.200

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	kontocembrabanking.sviluppo.host/pass/	115 B	2023-03-09	2024-05-16
Pretty URL kontocembrabanking.sviluppo.host/pass/ IP 149.62.187.89 ASN #47242 Host SpA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 08:10:14 Last Seen2024-05-16 07:03:23 Times Seen56 Hash 364646cdd97c4ce9ca1bca4908e549f9 d85e8c4c1edcec0a941c277e9c764a37a997e14b 6bf02a4dde6f6b5cda3674b9f9985f14b8a5e4ee6a066a2e4d04f0d6af88c080 Loading...

	kontocembrabanking.sviluppo.host/pass/	1.2 kB	2023-03-10	2024-05-16
Pretty URL kontocembrabanking.sviluppo.host/pass/ IP 149.62.187.89 ASN #47242 Host SpA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 03:55:08 Last Seen2024-05-16 07:03:23 Times Seen22 Hash 81543866c10b0464b258f43cf734c792 ddd07dc2779565916dc2563d331f4f325468fa2c ec94b06d8cb50f57859e6ade58c93363c3b235416ad038c4336029f439436230 Loading...

	kontocembrabanking.sviluppo.host/pass/modernizr-20200819.js	7.8 kB	2023-03-09	2024-05-18
Pretty URL kontocembrabanking.sviluppo.host/pass/modernizr-20200819.js IP 149.62.187.89 ASN #47242 Host SpA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:10:14 Last Seen2024-05-18 19:59:02 Times Seen866 Hash 4d11af9e90e621d0f067d464959ebd7b e256d0de8ac8b68019ee29d65894cbe58f513a52 4a3d4cf982535aaf485c6e3af9ad1498df5c065adf94eed056f0aa13c31e92ed Loading...

	kontocembrabanking.sviluppo.host/pass/launch-6cc731e967aa.min.js	142 kB	2023-03-09	2024-05-16
Pretty URL kontocembrabanking.sviluppo.host/pass/launch-6cc731e967aa.min.js IP 149.62.187.89 ASN #47242 Host SpA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:10:14 Last Seen2024-05-16 07:03:23 Times Seen40 Hash 189167e53066c0526a1465b03aaa8a84 6d89be6a4e4c456788603c680582eba01699451c 811e8df757d166dce4bda35c81d2f639eed22055abd034720214c7125b21b737 Loading...

	kontocembrabanking.sviluppo.host/pass/otBannerSdk.js	332 kB	2023-04-08	2024-05-17
Pretty URL kontocembrabanking.sviluppo.host/pass/otBannerSdk.js IP 149.62.187.89 ASN #47242 Host SpA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-08 08:07:21 Last Seen2024-05-17 22:50:29 Times Seen228 Hash dc343b8c597e8100f947cbed60380235 376fb7e9439fc1791a4b60ccc06835b2d801da0f 204a3299ddc67db6fd1836653ece6696c46f1b2d7fb7abcb4fe9132abe2b6612 Loading...

	kontocembrabanking.sviluppo.host/pass/	785 B	2023-03-09	2024-05-16
Pretty URL kontocembrabanking.sviluppo.host/pass/ IP 149.62.187.89 ASN #47242 Host SpA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 08:10:14 Last Seen2024-05-16 07:03:23 Times Seen72 Hash 182bbb9892f10ed7c341257d871ba83e d8d5cc1b908018acb6d30172848f1f232d5f0c5e 37f82ee4cbbb5828ceec4f45e428bc2155fd0f2267fd5f25f64d6ccdf8352cbc Loading...

	kontocembrabanking.sviluppo.host/pass/	70 B	2023-03-09	2024-05-16
Pretty URL kontocembrabanking.sviluppo.host/pass/ IP 149.62.187.89 ASN #47242 Host SpA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 08:10:14 Last Seen2024-05-16 07:03:23 Times Seen65 Hash 547d9d78c6cf77c2a677ede114a6c19b 2d58318864b6a206536ed822c58e590c4e761d94 e3a1362c8be1ee3bf890aff4c6e03ec4ed3eb9378ef9cdbf99b1c6e4073c2529 Loading...

	kontocembrabanking.sviluppo.host/pass/jquery-20200819.js	97 kB	2023-03-10	2024-05-20
Pretty URL kontocembrabanking.sviluppo.host/pass/jquery-20200819.js IP 149.62.187.89 ASN #47242 Host SpA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 03:55:08 Last Seen2024-05-20 12:02:55 Times Seen1759 Hash 43327285f22db304e1bc08eae9c9522e aff0883be1487a752a7431783bf2e5eb2c39353f 24f31a4afb4d98c85b6cff4c9a953654a77986d6c4c9e9cae52cf57e59095e01 Loading...

	kontocembrabanking.sviluppo.host/pass/swisspass.min-20200819.js	99 kB	2023-03-09	2024-05-20
Pretty URL kontocembrabanking.sviluppo.host/pass/swisspass.min-20200819.js IP 149.62.187.89 ASN #47242 Host SpA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:10:14 Last Seen2024-05-20 12:02:55 Times Seen1467 Hash e37fe394cc3945b173b27bcd3b2b9779 1e2fd6607c9dfe3a1c5beebbe89dd1d7e8b657ce 225e078f0432e7459d74e8d9245f1982570a3897d664ca2d219ccd09b244ab95 Loading...

	kontocembrabanking.sviluppo.host/pass/	3.6 kB	2023-03-09	2024-05-16
Pretty URL kontocembrabanking.sviluppo.host/pass/ IP 149.62.187.89 ASN #47242 Host SpA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 08:10:14 Last Seen2024-05-16 07:03:23 Times Seen72 Hash 02ba0a9d134244036b8951d367ec6d6c b146ad1516359bfffe0063747bd5367791ebb622 410cda206cf20ef72a7e732f47593297883071110e707a520b739b9ffeee7bee Loading...

	kontocembrabanking.sviluppo.host/pass/	988 B	2023-03-10	2024-05-16
Pretty URL kontocembrabanking.sviluppo.host/pass/ IP 149.62.187.89 ASN #47242 Host SpA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 03:55:08 Last Seen2024-05-16 07:03:23 Times Seen22 Hash b4494c4df296722104357102762df5d8 6a505a2a8de0e71dd414d292f1fc8783981896e4 fbe0069b8be6335c0fdfd3e9418cc2ed30f7e8819a3520563fbe9c0a66f41879 Loading...

	kontocembrabanking.sviluppo.host/pass/otSDKStub.js	21 kB	2023-03-10	2024-05-16
Pretty URL kontocembrabanking.sviluppo.host/pass/otSDKStub.js IP 149.62.187.89 ASN #47242 Host SpA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 03:55:08 Last Seen2024-05-16 07:03:23 Times Seen48 Hash 678a1687fffc899db43342585415766f 169e453809a50d5fedb340a611d0c074d3819fb3 7aaad78d13ba343554d09043d46b9f563fb3c06d4789f7faf5e45a7247458894 Loading...

	kontocembrabanking.sviluppo.host/pass/vendor.min-20200819.js	179 kB	2023-03-09	2024-05-20
Pretty URL kontocembrabanking.sviluppo.host/pass/vendor.min-20200819.js IP 149.62.187.89 ASN #47242 Host SpA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:10:15 Last Seen2024-05-20 12:02:55 Times Seen1486 Hash ccfc9b3b004cfb4f51ae7853af5f78d9 2c52cec1f06c406c4d5d2cf34e870ef15a85dad7 be0223ae72bc8c610c7a5453d349964cbe78ff8646695a58bc13a4cf0a8d81d6 Loading...

HTTP Transactions (24)

URL IP Response Size

loom.ly/qrqEtGo

52.70.63.93

301 Moved Permanently

9 B

URL User Request GET HTTP/2
loom.ly/qrqEtGo
IP
52.70.63.93:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subject*.loomly.com
Fingerprint52:9F:04:68:4F:88:29:70:ED:EE:4A:04:3C:3A:8A:5D:13:FC:6E:3F
ValidityThu, 25 Jan 2024 00:00:00 GMT - Sat, 22 Feb 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
e4060000e887f9dc86f313f2be6c0266
8c8f9d30b07f22fd0ab0dffb1017ffc6148eb436
7f56dc725fdf6ce6c1cec3683db2189821ffb1f4ca9935381e7fb4f4e9d8ddb6

HTTP Headers

GET /qrqEtGo HTTP/1.1
Host: loom.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Fri, 10 May 2024 05:45:52 GMT
content-type: text/plain
content-length: 9
location: https://kontocembrabanking.sviluppo.host/pass
server: nginx
cache-control: no-cache
x-request-id: 2dac6a98-bbf7-4dbc-a79c-0828db9ab700
x-runtime: 0.022669
strict-transport-security: max-age=63072000; includeSubDomains
X-Firefox-Spdy: h2

kontocembrabanking.sviluppo.host/pass

149.62.187.89

301 Moved Permanently

795 B

URL User Request GET HTTP/2
kontocembrabanking.sviluppo.host/pass
IP
149.62.187.89:443
ASN
#47242 Host SpA

Certificate
IssuerLet's Encrypt
Subjectkontocembrabanking.sviluppo.host
Fingerprint0C:60:06:42:B4:3E:C8:42:9C:FC:1E:E3:AF:3F:BD:40:8C:39:86:FC
ValidityMon, 06 May 2024 16:06:42 GMT - Sun, 04 Aug 2024 16:06:41 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
795 B (795 bytes)
Hash
5d8d79c3cb9af023240b1be6f5057aaa
df22980677b134e83d878893f7c7984e0d78a240
e8b101a7c7f64aad528cc734513cbeb02243c0af37930dc0f3239749cff184b6

HTTP Headers

GET /pass HTTP/1.1
Host: kontocembrabanking.sviluppo.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 10 May 2024 05:45:45 GMT
content-type: text/html
content-length: 795
location: https://kontocembrabanking.sviluppo.host/pass/
vary: User-Agent
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

kontocembrabanking.sviluppo.host/pass/

149.62.187.89

200 OK

11 kB

URL User Request GET HTTP/2
kontocembrabanking.sviluppo.host/pass/
IP
149.62.187.89:443
ASN
#47242 Host SpA

Certificate
IssuerLet's Encrypt
Subjectkontocembrabanking.sviluppo.host
Fingerprint0C:60:06:42:B4:3E:C8:42:9C:FC:1E:E3:AF:3F:BD:40:8C:39:86:FC
ValidityMon, 06 May 2024 16:06:42 GMT - Sun, 04 Aug 2024 16:06:41 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (11123)
Size
11 kB (10643 bytes)
Hash
0bef1dc20997f751f494df533327d788
21b4b2645e2a2e6f8eb52a7bcbe37ae983fdcffc
5d3de061c97739caa00263b72eb4e4ba07b0a71b805d3533c891ead9fa250624

HTTP Headers

GET /pass/ HTTP/1.1
Host: kontocembrabanking.sviluppo.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 05:45:45 GMT
content-type: text/html
content-length: 10643
last-modified: Wed, 08 May 2024 23:39:05 GMT
etag: "c3e6-663c0d19-aab04188708ceedb;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

kontocembrabanking.sviluppo.host/pass/sso.min-20200819.css

149.62.187.89

200 OK

22 kB

URL GET HTTP/3
kontocembrabanking.sviluppo.host/pass/sso.min-20200819.css
IP
149.62.187.89:443
ASN
#47242 Host SpA

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerLet's Encrypt
Subjectkontocembrabanking.sviluppo.host
Fingerprint0C:60:06:42:B4:3E:C8:42:9C:FC:1E:E3:AF:3F:BD:40:8C:39:86:FC
ValidityMon, 06 May 2024 16:06:42 GMT - Sun, 04 Aug 2024 16:06:41 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
22 kB (22265 bytes)
Hash
aebdc331fc575b7b7e0e674ccb2eee83
ea0cb1d97a58940e68ad9bde7b743c8b1bac5954
3b2fc4c1063abfb006b1c2c9cdf8ffbafe3a2bf09e3fc1c18cf25d862ced1012

HTTP Headers

GET /pass/sso.min-20200819.css HTTP/1.1
Host: kontocembrabanking.sviluppo.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/pass/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 05:45:45 GMT
content-type: text/css
last-modified: Thu, 17 Nov 2022 11:40:43 GMT
etag: "2cf00-63761dbb-f1def081acfc558;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 22265
date: Fri, 10 May 2024 05:45:45 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

kontocembrabanking.sviluppo.host/pass/modernizr-20200819.js

149.62.187.89

200 OK

3.2 kB

URL GET HTTP/3
kontocembrabanking.sviluppo.host/pass/modernizr-20200819.js
IP
149.62.187.89:443
ASN
#47242 Host SpA

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerLet's Encrypt
Subjectkontocembrabanking.sviluppo.host
Fingerprint0C:60:06:42:B4:3E:C8:42:9C:FC:1E:E3:AF:3F:BD:40:8C:39:86:FC
ValidityMon, 06 May 2024 16:06:42 GMT - Sun, 04 Aug 2024 16:06:41 GMT

File type
JavaScript source, ASCII text, with very long lines (7466)
Size
3.2 kB (3217 bytes)
Hash
4d11af9e90e621d0f067d464959ebd7b
e256d0de8ac8b68019ee29d65894cbe58f513a52
4a3d4cf982535aaf485c6e3af9ad1498df5c065adf94eed056f0aa13c31e92ed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass

HTTP Headers

GET /pass/modernizr-20200819.js HTTP/1.1
Host: kontocembrabanking.sviluppo.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/pass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 05:45:45 GMT
content-type: application/javascript
last-modified: Sun, 17 Jul 2022 18:28:37 GMT
etag: "1e59-62d454d5-b184664adba6692b;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3217
date: Fri, 10 May 2024 05:45:45 GMT
server: LiteSpeed

kontocembrabanking.sviluppo.host/pass/otSDKStub.js

149.62.187.89

200 OK

6.7 kB

URL GET HTTP/3
kontocembrabanking.sviluppo.host/pass/otSDKStub.js
IP
149.62.187.89:443
ASN
#47242 Host SpA

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerLet's Encrypt
Subjectkontocembrabanking.sviluppo.host
Fingerprint0C:60:06:42:B4:3E:C8:42:9C:FC:1E:E3:AF:3F:BD:40:8C:39:86:FC
ValidityMon, 06 May 2024 16:06:42 GMT - Sun, 04 Aug 2024 16:06:41 GMT

File type
JavaScript source, ASCII text, with very long lines (20894)
Size
6.7 kB (6670 bytes)
Hash
678a1687fffc899db43342585415766f
169e453809a50d5fedb340a611d0c074d3819fb3
7aaad78d13ba343554d09043d46b9f563fb3c06d4789f7faf5e45a7247458894

HTTP Headers

GET /pass/otSDKStub.js HTTP/1.1
Host: kontocembrabanking.sviluppo.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/pass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 05:45:45 GMT
content-type: application/javascript
last-modified: Sun, 17 Jul 2022 18:28:38 GMT
etag: "519f-62d454d6-d71f8c8b7026a0f;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 6670
date: Fri, 10 May 2024 05:45:45 GMT
server: LiteSpeed

cdn.shopify.com/s/files/1/0872/4466/9204/files/svgexport-1.svg

23.227.60.200

200 OK

1.3 kB

URL GET HTTP/2
cdn.shopify.com/s/files/1/0872/4466/9204/files/svgexport-1.svg
IP
23.227.60.200:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerLet's Encrypt
Subjectcdn.shopify.com
Fingerprint2B:A2:F3:9C:C3:04:65:C7:59:64:A7:09:BE:6E:D7:BD:30:DF:F7:4A
ValidityFri, 03 May 2024 13:01:26 GMT - Thu, 01 Aug 2024 13:01:25 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1291 bytes)
Hash
9868b0e943141a7c0e5c0bc728a09ebf
c41d71b42985a160c8f12735075e512e0c50ce53
c3efcb621868bffb9626f500531c20cb938c005c96a7dcd646e294a26eac9723

HTTP Headers

GET /s/files/1/0872/4466/9204/files/svgexport-1.svg HTTP/1.1
Host: cdn.shopify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:45:52 GMT
content-type: image/svg+xml
content-length: 1291
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31557600
content-encoding: br
content-security-policy: sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
link: <https://cdn.shopify.com/s/files/1/0872/4466/9204/files/svgexport-1.svg>; rel="canonical"
source-length: 3009
source-type: image/svg+xml
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-request-id: 6ea0ba8c-8eab-4a88-ac2f-df967487e031-1714763273
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-dc: gcp-us-central1,gcp-us-central1
last-modified: Wed, 10 Apr 2024 10:09:15 GMT
cf-cache-status: HIT
age: 186643
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RXzT%2BMCaWHJP86bf1gZSs2v6LNzmVv9euLDkrAGwoj%2BKgXssDGOtJhfdQD%2F2sJ2mZFbeA1r0gQJAK%2BmyJT72inXl%2B%2B%2FckZoCA8E9i4qW1UdcDR7N9pbvQ3ObQo7hOpZiAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server-timing: imagery;dur=124.481, imageryFetch;dur=89.603, imageryProcess;dur=0.060;desc="image", cfRequestDuration;dur=17.999887
server: cloudflare
cf-ray: 8817a028b99cb4ff-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

kontocembrabanking.sviluppo.host/pass/launch-6cc731e967aa.min.js

149.62.187.89

200 OK

40 kB

URL GET HTTP/3
kontocembrabanking.sviluppo.host/pass/launch-6cc731e967aa.min.js
IP
149.62.187.89:443
ASN
#47242 Host SpA

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerLet's Encrypt
Subjectkontocembrabanking.sviluppo.host
Fingerprint0C:60:06:42:B4:3E:C8:42:9C:FC:1E:E3:AF:3F:BD:40:8C:39:86:FC
ValidityMon, 06 May 2024 16:06:42 GMT - Sun, 04 Aug 2024 16:06:41 GMT

File type
JavaScript source, ASCII text, with very long lines (32755)
Size
40 kB (39869 bytes)
Hash
189167e53066c0526a1465b03aaa8a84
6d89be6a4e4c456788603c680582eba01699451c
811e8df757d166dce4bda35c81d2f639eed22055abd034720214c7125b21b737

HTTP Headers

GET /pass/launch-6cc731e967aa.min.js HTTP/1.1
Host: kontocembrabanking.sviluppo.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/pass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 05:45:45 GMT
content-type: application/javascript
last-modified: Sun, 17 Jul 2022 18:28:38 GMT
etag: "22aa8-62d454d6-a4e0aec1dbd41b6;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 39869
date: Fri, 10 May 2024 05:45:45 GMT
server: LiteSpeed

kontocembrabanking.sviluppo.host/pass/otBannerSdk.js

149.62.187.89

200 OK

74 kB

URL GET HTTP/3
kontocembrabanking.sviluppo.host/pass/otBannerSdk.js
IP
149.62.187.89:443
ASN
#47242 Host SpA

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerLet's Encrypt
Subjectkontocembrabanking.sviluppo.host
Fingerprint0C:60:06:42:B4:3E:C8:42:9C:FC:1E:E3:AF:3F:BD:40:8C:39:86:FC
ValidityMon, 06 May 2024 16:06:42 GMT - Sun, 04 Aug 2024 16:06:41 GMT

File type
JavaScript source, ASCII text, with very long lines (65455)
Size
74 kB (74209 bytes)
Hash
dc343b8c597e8100f947cbed60380235
376fb7e9439fc1791a4b60ccc06835b2d801da0f
204a3299ddc67db6fd1836653ece6696c46f1b2d7fb7abcb4fe9132abe2b6612

HTTP Headers

GET /pass/otBannerSdk.js HTTP/1.1
Host: kontocembrabanking.sviluppo.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/pass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 05:45:45 GMT
content-type: application/javascript
last-modified: Sun, 17 Jul 2022 18:28:38 GMT
etag: "50f06-62d454d6-4dc75f51d1f443d5;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 74209
date: Fri, 10 May 2024 05:45:45 GMT
server: LiteSpeed

kontocembrabanking.sviluppo.host/pass/jquery-20200819.js

149.62.187.89

200 OK

33 kB

URL GET HTTP/3
kontocembrabanking.sviluppo.host/pass/jquery-20200819.js
IP
149.62.187.89:443
ASN
#47242 Host SpA

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerLet's Encrypt
Subjectkontocembrabanking.sviluppo.host
Fingerprint0C:60:06:42:B4:3E:C8:42:9C:FC:1E:E3:AF:3F:BD:40:8C:39:86:FC
ValidityMon, 06 May 2024 16:06:42 GMT - Sun, 04 Aug 2024 16:06:41 GMT

File type
JavaScript source, ASCII text, with very long lines (32060)
Size
33 kB (32935 bytes)
Hash
43327285f22db304e1bc08eae9c9522e
aff0883be1487a752a7431783bf2e5eb2c39353f
24f31a4afb4d98c85b6cff4c9a953654a77986d6c4c9e9cae52cf57e59095e01

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass

HTTP Headers

GET /pass/jquery-20200819.js HTTP/1.1
Host: kontocembrabanking.sviluppo.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/pass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 05:45:45 GMT
content-type: application/javascript
last-modified: Sun, 17 Jul 2022 18:28:38 GMT
etag: "17c54-62d454d6-a5c9179c8eab498d;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 32935
date: Fri, 10 May 2024 05:45:45 GMT
server: LiteSpeed

kontocembrabanking.sviluppo.host/pass/otSDKStub.js/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json

149.62.187.89

404 Not Found

1.3 kB

URL GET HTTP/3
kontocembrabanking.sviluppo.host/pass/otSDKStub.js/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json
IP
149.62.187.89:443
ASN
#47242 Host SpA

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerLet's Encrypt
Subjectkontocembrabanking.sviluppo.host
Fingerprint0C:60:06:42:B4:3E:C8:42:9C:FC:1E:E3:AF:3F:BD:40:8C:39:86:FC
ValidityMon, 06 May 2024 16:06:42 GMT - Sun, 04 Aug 2024 16:06:41 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
1.3 kB (1251 bytes)
Hash
8150f458ed6fb9b1db4e5cfa57a1a281
6e5726854d28687b560d7fdcb5c782c425c7dfb9
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

HTTP Headers

GET /pass/otSDKStub.js/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json HTTP/1.1
Host: kontocembrabanking.sviluppo.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/pass/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1251
date: Fri, 10 May 2024 05:45:45 GMT
server: LiteSpeed
vary: User-Agent

kontocembrabanking.sviluppo.host/pass/vendor.min-20200819.js

149.62.187.89

200 OK

52 kB

URL GET HTTP/3
kontocembrabanking.sviluppo.host/pass/vendor.min-20200819.js
IP
149.62.187.89:443
ASN
#47242 Host SpA

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerLet's Encrypt
Subjectkontocembrabanking.sviluppo.host
Fingerprint0C:60:06:42:B4:3E:C8:42:9C:FC:1E:E3:AF:3F:BD:40:8C:39:86:FC
ValidityMon, 06 May 2024 16:06:42 GMT - Sun, 04 Aug 2024 16:06:41 GMT

File type
JavaScript source, ASCII text, with very long lines (663)
Size
52 kB (51659 bytes)
Hash
ccfc9b3b004cfb4f51ae7853af5f78d9
2c52cec1f06c406c4d5d2cf34e870ef15a85dad7
be0223ae72bc8c610c7a5453d349964cbe78ff8646695a58bc13a4cf0a8d81d6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass

HTTP Headers

GET /pass/vendor.min-20200819.js HTTP/1.1
Host: kontocembrabanking.sviluppo.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/pass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 05:45:45 GMT
content-type: application/javascript
last-modified: Sun, 17 Jul 2022 18:28:38 GMT
etag: "2bc0a-62d454d6-5695714f30e97c20;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 51659
date: Fri, 10 May 2024 05:45:45 GMT
server: LiteSpeed

kontocembrabanking.sviluppo.host/pass/swisspass.min-20200819.js

149.62.187.89

200 OK

24 kB

URL GET HTTP/3
kontocembrabanking.sviluppo.host/pass/swisspass.min-20200819.js
IP
149.62.187.89:443
ASN
#47242 Host SpA

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerLet's Encrypt
Subjectkontocembrabanking.sviluppo.host
Fingerprint0C:60:06:42:B4:3E:C8:42:9C:FC:1E:E3:AF:3F:BD:40:8C:39:86:FC
ValidityMon, 06 May 2024 16:06:42 GMT - Sun, 04 Aug 2024 16:06:41 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (24158 bytes)
Hash
e37fe394cc3945b173b27bcd3b2b9779
1e2fd6607c9dfe3a1c5beebbe89dd1d7e8b657ce
225e078f0432e7459d74e8d9245f1982570a3897d664ca2d219ccd09b244ab95

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass

HTTP Headers

GET /pass/swisspass.min-20200819.js HTTP/1.1
Host: kontocembrabanking.sviluppo.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/pass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 05:45:45 GMT
content-type: application/javascript
last-modified: Sun, 17 Jul 2022 18:28:38 GMT
etag: "183fc-62d454d6-5a605ed39b171a10;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 24158
date: Fri, 10 May 2024 05:45:45 GMT
server: LiteSpeed

kontocembrabanking.sviluppo.host/pass/logopass.png

149.62.187.89

200 OK

19 kB

URL GET HTTP/3
kontocembrabanking.sviluppo.host/pass/logopass.png
IP
149.62.187.89:443
ASN
#47242 Host SpA

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerLet's Encrypt
Subjectkontocembrabanking.sviluppo.host
Fingerprint0C:60:06:42:B4:3E:C8:42:9C:FC:1E:E3:AF:3F:BD:40:8C:39:86:FC
ValidityMon, 06 May 2024 16:06:42 GMT - Sun, 04 Aug 2024 16:06:41 GMT

File type
PNG image data, 864 x 292, 8-bit/color RGBA, non-interlaced
Size
19 kB (19128 bytes)
Hash
fcdc7454523c6b1ac3cf3bd2530ae6ae
41623bd2b8b5cdc308a23eda815c8682f12b9d46
6dc2b32636e09159a8f25d527d944aae49e84e45936c5850bb96fafc85f86ade

HTTP Headers

GET /pass/logopass.png HTTP/1.1
Host: kontocembrabanking.sviluppo.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/pass/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 05:45:45 GMT
content-type: image/png
last-modified: Sun, 17 Jul 2022 19:01:47 GMT
etag: "4ab8-62d45c9b-a968555dfc2f23e4;;;"
accept-ranges: bytes
content-length: 19128
date: Fri, 10 May 2024 05:45:45 GMT
server: LiteSpeed
vary: User-Agent

kontocembrabanking.sviluppo.host/fonts/icomoon/icomoon.woff2?7m5yri

149.62.187.89

404 Not Found

1.3 kB

URL GET HTTP/3
kontocembrabanking.sviluppo.host/fonts/icomoon/icomoon.woff2?7m5yri
IP
149.62.187.89:443
ASN
#47242 Host SpA

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerLet's Encrypt
Subjectkontocembrabanking.sviluppo.host
Fingerprint0C:60:06:42:B4:3E:C8:42:9C:FC:1E:E3:AF:3F:BD:40:8C:39:86:FC
ValidityMon, 06 May 2024 16:06:42 GMT - Sun, 04 Aug 2024 16:06:41 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
1.3 kB (1251 bytes)
Hash
8150f458ed6fb9b1db4e5cfa57a1a281
6e5726854d28687b560d7fdcb5c782c425c7dfb9
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

HTTP Headers

GET /fonts/icomoon/icomoon.woff2?7m5yri HTTP/1.1
Host: kontocembrabanking.sviluppo.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/pass/sso.min-20200819.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1251
date: Fri, 10 May 2024 05:45:45 GMT
server: LiteSpeed
vary: User-Agent

cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Light.woff2

52.58.100.26

200 OK

14 kB

URL GET HTTP/2
cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Light.woff2
IP
52.58.100.26:443
ASN
#16509 AMAZON-02

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerAmazon
Subject*.app.sbb.ch
Fingerprint91:97:68:15:9B:1D:9F:0F:5B:C1:DB:F4:EE:DC:A6:EC:4A:2A:09:71
ValidityWed, 16 Aug 2023 00:00:00 GMT - Fri, 13 Sep 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14212, version 1.0
Size
14 kB (14212 bytes)
Hash
8b70a44a98a0ac5d721df7d8f5136f7b
10e10c01e732f3d35a78e1051bfcc9fe2589ddda
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass

HTTP Headers

GET /fonts/v1_6_subset/SBBWeb-Light.woff2 HTTP/1.1
Host: cdn.app.sbb.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://kontocembrabanking.sviluppo.host
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:45:52 GMT
content-type: application/font-woff2
content-length: 14212
server: nginx/1.25.5
last-modified: Wed, 31 Jan 2024 10:14:44 GMT
vary: Accept-Encoding
etag: "65ba1d94-3784"
expires: Sat, 10 May 2025 05:45:52 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With
cache-control: max-age=31536000, public, private
accept-ranges: bytes
set-cookie: 9527f1a32486d650b0687919ffd41c2b=487a97c435cc3104f9dcb1be970c96fa; path=/; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2

kontocembrabanking.sviluppo.host/fonts/icomoon/icomoon.ttf?7m5yri

149.62.187.89

404 Not Found

1.3 kB

URL GET HTTP/3
kontocembrabanking.sviluppo.host/fonts/icomoon/icomoon.ttf?7m5yri
IP
149.62.187.89:443
ASN
#47242 Host SpA

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerLet's Encrypt
Subjectkontocembrabanking.sviluppo.host
Fingerprint0C:60:06:42:B4:3E:C8:42:9C:FC:1E:E3:AF:3F:BD:40:8C:39:86:FC
ValidityMon, 06 May 2024 16:06:42 GMT - Sun, 04 Aug 2024 16:06:41 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
1.3 kB (1251 bytes)
Hash
8150f458ed6fb9b1db4e5cfa57a1a281
6e5726854d28687b560d7fdcb5c782c425c7dfb9
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

HTTP Headers

GET /fonts/icomoon/icomoon.ttf?7m5yri HTTP/1.1
Host: kontocembrabanking.sviluppo.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/pass/sso.min-20200819.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1251
date: Fri, 10 May 2024 05:45:45 GMT
server: LiteSpeed
vary: User-Agent

kontocembrabanking.sviluppo.host/idp/co-branding?resource=co-branding&lang=fr&provider=sbbkn

149.62.187.89

404 Not Found

1.3 kB

URL GET HTTP/3
kontocembrabanking.sviluppo.host/idp/co-branding?resource=co-branding&lang=fr&provider=sbbkn
IP
149.62.187.89:443
ASN
#47242 Host SpA

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerLet's Encrypt
Subjectkontocembrabanking.sviluppo.host
Fingerprint0C:60:06:42:B4:3E:C8:42:9C:FC:1E:E3:AF:3F:BD:40:8C:39:86:FC
ValidityMon, 06 May 2024 16:06:42 GMT - Sun, 04 Aug 2024 16:06:41 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
1.3 kB (1251 bytes)
Hash
8150f458ed6fb9b1db4e5cfa57a1a281
6e5726854d28687b560d7fdcb5c782c425c7dfb9
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

HTTP Headers

GET /idp/co-branding?resource=co-branding&lang=fr&provider=sbbkn HTTP/1.1
Host: kontocembrabanking.sviluppo.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/pass/
Cookie: atuserid=%7B%22name%22%3A%22atuserid%22%2C%22val%22%3A%22f8fbfe98-67c5-4888-9618-a5bfb6e5df4f%22%2C%22options%22%3A%7B%22end%22%3A%222025-06-11T05%3A45%3A53.033Z%22%2C%22path%22%3A%22%2F%22%7D%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1251
date: Fri, 10 May 2024 05:45:45 GMT
server: LiteSpeed
vary: User-Agent

kontocembrabanking.sviluppo.host/fonts/icomoon/icomoon.woff?7m5yri

149.62.187.89

404 Not Found

1.3 kB

URL GET HTTP/3
kontocembrabanking.sviluppo.host/fonts/icomoon/icomoon.woff?7m5yri
IP
149.62.187.89:443
ASN
#47242 Host SpA

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerLet's Encrypt
Subjectkontocembrabanking.sviluppo.host
Fingerprint0C:60:06:42:B4:3E:C8:42:9C:FC:1E:E3:AF:3F:BD:40:8C:39:86:FC
ValidityMon, 06 May 2024 16:06:42 GMT - Sun, 04 Aug 2024 16:06:41 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
1.3 kB (1251 bytes)
Hash
8150f458ed6fb9b1db4e5cfa57a1a281
6e5726854d28687b560d7fdcb5c782c425c7dfb9
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

HTTP Headers

GET /fonts/icomoon/icomoon.woff?7m5yri HTTP/1.1
Host: kontocembrabanking.sviluppo.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/pass/sso.min-20200819.css
Cookie: atuserid=%7B%22name%22%3A%22atuserid%22%2C%22val%22%3A%22f8fbfe98-67c5-4888-9618-a5bfb6e5df4f%22%2C%22options%22%3A%7B%22end%22%3A%222025-06-11T05%3A45%3A53.033Z%22%2C%22path%22%3A%22%2F%22%7D%7D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1251
date: Fri, 10 May 2024 05:45:45 GMT
server: LiteSpeed
vary: User-Agent

ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec

23.36.79.11

6.9 kB

URL
ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
data
Size
6.9 kB (6897 bytes)
Hash
74d2458af1aebcd52796acc7ac052c7c
51f4af3c563937bcbb3e45b7f8ed881c1553b7ca
4586bb48bf265829e1009d54ab93461174865e71e8de758aaa9f2c62fa04b110

HTTP Headers

POST /sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec HTTP/1.1
Host: ocsp.swisssign.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 87
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 6897
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=3600
Expires: Fri, 10 May 2024 06:45:53 GMT
Date: Fri, 10 May 2024 05:45:53 GMT
Connection: keep-alive

www.swisspass.ch//resources/ico/apple-touch-icon-precomposed-20200819.png

193.203.121.166

200 OK

4.2 kB

URL GET HTTP/1.1
www.swisspass.ch//resources/ico/apple-touch-icon-precomposed-20200819.png
IP
193.203.121.166:443
ASN
#31004 Schweizerische Bundesbahnen SBB

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerSwissSign AG
Subjectswisspass.ch
Fingerprint0F:CC:F3:F9:E7:22:13:51:BD:03:15:EE:A8:31:BE:24:0B:CA:37:16
ValidityThu, 14 Mar 2024 05:50:58 GMT - Fri, 14 Mar 2025 05:50:58 GMT

File type
HTML document, ASCII text, with very long lines (448)
Size
4.2 kB (4183 bytes)
Hash
5c3978a1debad2f10a814a23f98389d3
fd7808fc04f9b09a597f13e0fc64a68531693206
9b266b6df60132a017c8caad7692b4a749aec6bcf8541bdd4468a7244e66cd88

HTTP Headers

GET //resources/ico/apple-touch-icon-precomposed-20200819.png HTTP/1.1
Host: www.swisspass.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 05:45:53 GMT
Server: Apache
Content-Length: 4183
last-modified: Thu, 09 May 2024 23:05:05 GMT
etag: "663d56a1-1057"
expires: Fri, 10 May 2024 05:45:52 GMT
pragma: no-cache
cache-control: no-cache, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
accept-ranges: bytes
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Feature-Policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Set-Cookie: AL_SESS-S=AVuQCrJtwksPYo_mizOyW5P58MXuZ8ekakZH58UKlUiI4198SZVSxB4gsZJYbVf0LonD; Path=/; Domain=.swisspass.ch; Secure; HttpOnly; SameSite=None
Keep-Alive: timeout=10, max=500
Connection: Keep-Alive
Content-Type: text/html

ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec

23.36.79.11

6.9 kB

URL
ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
data
Size
6.9 kB (6896 bytes)
Hash
6e6d61055d5ce925a96e92f4858c25f0
f846eebaf92736d3c42acb012d1c0bdab81e17b0
9f226ea5cbe58d059341f702cc47c70dbd47e99c2ab27e86f0e16ab6a2afc304

HTTP Headers

POST /sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec HTTP/1.1
Host: ocsp.swisssign.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 87
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 6896
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=3600
Expires: Fri, 10 May 2024 06:45:53 GMT
Date: Fri, 10 May 2024 05:45:53 GMT
Connection: keep-alive

eservice.cembra.ch/login/resources/nevislogrend/applications/EService/webdata/images/favicon.ico

193.222.93.232

200 OK

5.4 kB

URL GET HTTP/1.1
eservice.cembra.ch/login/resources/nevislogrend/applications/EService/webdata/images/favicon.ico
IP
193.222.93.232:443
ASN
#3303 Bluewin

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerSwissSign AG
Subjecteservice.cembra.ch
Fingerprint25:41:B2:9C:E0:D2:79:28:C7:49:FE:9D:D4:85:45:99:63:67:E5:9C
ValidityTue, 24 Oct 2023 10:54:11 GMT - Thu, 24 Oct 2024 10:54:11 GMT

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
5.4 kB (5430 bytes)
Hash
52b0d9f237436768b9d5dc2f00b60f2c
9f3f68f30640d3322dbe14d6107dcbdf98e0eb32
a89caa09adcc0273e55e2a32f5a515412764eb2165a2df370bbb93317391cab6

HTTP Headers

GET /login/resources/nevislogrend/applications/EService/webdata/images/favicon.ico HTTP/1.1
Host: eservice.cembra.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 05:45:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: must-revalidate
Expires: Fri, 10 May 2024 05:59:54 GMT
Content-Type: "image/x-icon"
Content-Length: 5430
Keep-Alive: timeout=5, max=10
Connection: Keep-Alive

www.ictjournal.ch/sites/default/files/media/2020/03/05/people-2564955_1920.jpg

193.93.20.99

404 Not Found

0 B

URL GET HTTP/2
www.ictjournal.ch/sites/default/files/media/2020/03/05/people-2564955_1920.jpg
IP
193.93.20.99:443
ASN
#31052 Exigo AG

Requested by
https://kontocembrabanking.sviluppo.host/pass/
Certificate
IssuerLet's Encrypt
Subjectwww.ictjournal.ch
FingerprintFA:86:5F:62:76:C8:6A:FF:2D:5B:37:D9:4C:66:51:BE:32:F9:23:E8
ValidityWed, 10 Apr 2024 02:31:27 GMT - Tue, 09 Jul 2024 02:31:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sites/default/files/media/2020/03/05/people-2564955_1920.jpg HTTP/1.1
Host: www.ictjournal.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kontocembrabanking.sviluppo.host/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Fri, 10 May 2024 05:23:51 GMT
server: Apache
cache-control: max-age=900, public
x-ua-compatible: IE=edge
content-language: fr
x-content-type-options: nosniff
expires: Sun, 19 Nov 1978 05:00:00 GMT
vary: Cookie
x-generator: Drupal 9 (https://www.drupal.org)
x-drupal-cache: HIT
strict-transport-security: max-age=0; includeSubDomains
last-modified: Fri, 10 May 2024 05:23:51 GMT
etag: "1715318631"
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML