Report - sarafaa6666.blogspot.com/

Report Overview

Submitted URL
sarafaa6666.blogspot.com/
IP
216.58.207.193
ASN
#15169 GOOGLE
Submitted
2024-05-04 04:37:00
Access
public
Website Title
Anmeldung | SwissPass
Final URL
10e5972.wcomhost.com/
Tags
swosspass phishing transport
urlquery detections
Phishing - SwissPass

Detections

urlquery
29
Network Intrusion Detection
0
Threat Detection Systems
62

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-02	512 B	1.2 kB	35.244.181.201
cdn.cookielaw.org	502	2011-06-20	2013-12-28	2024-05-02	4.9 kB	183 kB	104.19.177.52
assets.adobedtm.com	512	2013-11-22	2014-01-28	2024-05-02	451 B	40 kB	23.38.200.237
geolocation.onetrust.com	802	2004-01-12	2018-02-07	2024-05-03	483 B	110 kB	104.18.32.137
resources.swisspass.ch	unknown	unknown	2017-02-16	2024-04-03	471 B	2.4 kB	193.203.121.145
cdn.app.sbb.ch	610967	unknown	2018-04-04	2024-04-26	1.0 kB	30 kB	18.195.200.224
sarafaa6666.blogspot.com	unknown	unknown	No data	No data	479 B	16 kB	216.58.207.193
10e5972.wcomhost.com	unknown	unknown	No data	No data	6.5 kB	592 kB	206.188.192.3
ocsp.swisssign.ch	unknown	unknown	2023-01-12	2024-05-02	374 B	7.2 kB	23.36.79.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-03	medium	sarafaa6666.blogspot.com/	SwissPass
2024-04-27	medium	10e5972.wcomhost.com/	SwissPass
2024-04-27	medium	10e5972.wcomhost.com/	SwissPass
2024-04-27	medium	10e5972.wcomhost.com/	SwissPass
2024-04-27	medium	10e5972.wcomhost.com/	SwissPass
2024-04-27	medium	10e5972.wcomhost.com/	SwissPass
2024-04-27	medium	10e5972.wcomhost.com/	SwissPass
2024-04-27	medium	10e5972.wcomhost.com/	SwissPass
2024-04-27	medium	10e5972.wcomhost.com/	SwissPass
2024-04-27	medium	10e5972.wcomhost.com/	SwissPass
2024-04-27	medium	10e5972.wcomhost.com/	SwissPass
2024-04-27	medium	10e5972.wcomhost.com/	SwissPass
2024-04-27	medium	10e5972.wcomhost.com/	SwissPass
2024-04-27	medium	10e5972.wcomhost.com/	SwissPass
2024-04-27	medium	10e5972.wcomhost.com/	SwissPass

PhishTank

Scan Date	Severity	Indicator	Alert
2024-05-03	medium	sarafaa6666.blogspot.com/	Other
2024-04-27	medium	10e5972.wcomhost.com/	Other
2024-04-27	medium	10e5972.wcomhost.com/resources/css/normal/app/sso.min-20200819.css	Other
2024-04-27	medium	10e5972.wcomhost.com/resources/js/vendor/head/modernizr/modernizr-20200819.js	Other
2024-04-27	medium	10e5972.wcomhost.com/resources/img/logo_text_de-20200819.svg	Other
2024-04-27	medium	10e5972.wcomhost.com/resources/fonts/icomoon/icomoon.woff2?7m5yri	Other
2024-04-27	medium	10e5972.wcomhost.com/resources/js/swisspass.min-20200819.js	Other
2024-04-27	medium	10e5972.wcomhost.com/resources/primefaces/jquery/jquery-20200819.js	Other
2024-04-27	medium	10e5972.wcomhost.com/resources/img/loader-20200819.png	Other
2024-04-27	medium	10e5972.wcomhost.com/resources/js/vendor/vendor.min-20200819.js	Other
2024-04-27	medium	10e5972.wcomhost.com/resources/img/login_bg.jpg	Other
2024-04-27	medium	10e5972.wcomhost.com/resources/img/logo-20200819.svg	Other
2024-04-27	medium	10e5972.wcomhost.com/idp/co-branding?resource=co-branding&lang=de&provider=	Other
2024-04-27	medium	10e5972.wcomhost.com/resources/ico/apple-touch-icon-precomposed-20200819.png	Other
2024-04-27	medium	10e5972.wcomhost.com/resources/img/favicon.ico?v=20140709-1126	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	sarafaa6666.blogspot.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (15)

	URL	Size	First Seen	Last Seen
	cdn.cookielaw.org/scripttemplates/otSDKStub.js	21 kB	2024-04-16	2024-05-22
Pretty URL cdn.cookielaw.org/scripttemplates/otSDKStub.js IP 104.19.177.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 08:31:16 Last Seen2024-05-22 05:00:24 Times Seen5270 Hash 0cd317a7b9c520801230e944f7d50e41 e3985ff0c2e8b1eaacb617c7c5af5bebfcbceda6 6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544 Loading...

	10e5972.wcomhost.com/	122 B	2023-04-01	2024-05-22
Pretty URL 10e5972.wcomhost.com/ IP 206.188.192.3 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-01 10:47:26 Last Seen2024-05-22 09:21:43 Times Seen695 Hash 713aeea58cd01d7b9ac09bfcea2367e1 0edb9d4d94e7eaec5ece698656d35f26913eb570 cebaedab49b32eba60e39fd9412496c01d842a714005e33c90a1a6bdfc60a558 Loading...

	cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js	413 kB	2023-05-26	2024-05-22
Pretty URL cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js IP 104.19.177.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-26 16:19:00 Last Seen2024-05-22 10:45:11 Times Seen2442 Hash 53e75bd25e32c985e8459eba598e5e64 9765a64b1e9c9dea4ed7c93d619e59ce7ea2d1e0 ed3a69e3267f056582ed012f7252319adb227fed203a4781eb820ea732aa4594 Loading...

	10e5972.wcomhost.com/resources/primefaces/jquery/jquery-20200819.js	97 kB	2023-03-10	2024-05-22
Pretty URL 10e5972.wcomhost.com/resources/primefaces/jquery/jquery-20200819.js IP 206.188.192.3 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 03:55:08 Last Seen2024-05-22 06:05:37 Times Seen1769 Hash 43327285f22db304e1bc08eae9c9522e aff0883be1487a752a7431783bf2e5eb2c39353f 24f31a4afb4d98c85b6cff4c9a953654a77986d6c4c9e9cae52cf57e59095e01 Loading...

	10e5972.wcomhost.com/	1.2 kB	2023-04-01	2024-05-20
Pretty URL 10e5972.wcomhost.com/ IP 206.188.192.3 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-01 10:47:26 Last Seen2024-05-20 19:00:59 Times Seen636 Hash af6e188f8e8a8e651edb9c2b3bc92a96 a1359d735cb1e4547ee57b0f364c3c389f000562 9136713a058843bd63557e0aeef78012991e62e02802cb972d6b37f79a3642e5 Loading...

	cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js	453 kB	2024-03-18	2024-05-22
Pretty URL cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-18 22:57:18 Last Seen2024-05-22 15:00:24 Times Seen872 Hash 3ab7906a4d12b7d35c62bac882d39d74 5d034541d6a9a05b0719c3605880fcfc9229e4b4 15de250a16ce58a10f84bebab59b9005ce36df4ec8e87c3bb1acc92726cfa971 Loading...

	10e5972.wcomhost.com/	1.3 kB	2023-04-01	2024-05-22
Pretty URL 10e5972.wcomhost.com/ IP 206.188.192.3 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-01 10:47:26 Last Seen2024-05-22 09:21:43 Times Seen695 Hash 801a46fa9aeeaf954acd83bf806928d9 1f04f3395a9267b3b49f05e332faaf526083d8f8 bb0e4a47c01bfbef3dfe6bab3fa0c8b411b201a287702a2722d155bd1a1b6298 Loading...

	10e5972.wcomhost.com/	78 B	2023-04-01	2024-05-22
Pretty URL 10e5972.wcomhost.com/ IP 206.188.192.3 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-01 10:47:26 Last Seen2024-05-22 09:21:43 Times Seen695 Hash d4f26d1da47678006e67e5fd79a88ad9 fe725245d62d62b88207e35da5fceb09e43aac50 d7d7889cb348f7e9cf13d05d8eeea3a489b72e8ab58bb74d2cf729a3ab1d0377 Loading...

	10e5972.wcomhost.com/resources/js/vendor/head/modernizr/modernizr-20200819.js	7.8 kB	2023-03-09	2024-05-18
Pretty URL 10e5972.wcomhost.com/resources/js/vendor/head/modernizr/modernizr-20200819.js IP 206.188.192.3 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:10:14 Last Seen2024-05-18 19:59:02 Times Seen866 Hash 4d11af9e90e621d0f067d464959ebd7b e256d0de8ac8b68019ee29d65894cbe58f513a52 4a3d4cf982535aaf485c6e3af9ad1498df5c065adf94eed056f0aa13c31e92ed Loading...

	assets.adobedtm.com/15ff638fdec4/7a0c4d63ddff/launch-6cc731e967aa.min.js	127 kB	2023-11-23	2024-05-22
Pretty URL assets.adobedtm.com/15ff638fdec4/7a0c4d63ddff/launch-6cc731e967aa.min.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 03:47:24 Last Seen2024-05-22 09:21:43 Times Seen1203 Hash d5bf712a6ebd7590bb155ad6e1290f49 7161acdca9b24c3189fe2d8e9807faee2cccd345 f053f049a78c3afbce0d34f57d0bea4a24f7964d0e1e45197a35c06124b5e357 Loading...

	10e5972.wcomhost.com/resources/js/vendor/vendor.min-20200819.js	179 kB	2023-03-09	2024-05-22
Pretty URL 10e5972.wcomhost.com/resources/js/vendor/vendor.min-20200819.js IP 206.188.192.3 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:10:15 Last Seen2024-05-22 06:05:37 Times Seen1494 Hash ccfc9b3b004cfb4f51ae7853af5f78d9 2c52cec1f06c406c4d5d2cf34e870ef15a85dad7 be0223ae72bc8c610c7a5453d349964cbe78ff8646695a58bc13a4cf0a8d81d6 Loading...

	10e5972.wcomhost.com/resources/js/swisspass.min-20200819.js	99 kB	2023-03-09	2024-05-22
Pretty URL 10e5972.wcomhost.com/resources/js/swisspass.min-20200819.js IP 206.188.192.3 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:10:14 Last Seen2024-05-22 06:05:37 Times Seen1475 Hash e37fe394cc3945b173b27bcd3b2b9779 1e2fd6607c9dfe3a1c5beebbe89dd1d7e8b657ce 225e078f0432e7459d74e8d9245f1982570a3897d664ca2d219ccd09b244ab95 Loading...

	10e5972.wcomhost.com/	3.6 kB	2023-04-01	2024-05-22
Pretty URL 10e5972.wcomhost.com/ IP 206.188.192.3 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-01 10:47:26 Last Seen2024-05-22 09:21:43 Times Seen694 Hash 399145ad4b661f389b189a7859447fca 8f84097c65c1ae82fa7c9f44af016277d44f5489 d79ff28f0b8b29873e29747e25953c44056b945cfd7d66bc16442950676deed1 Loading...

	10e5972.wcomhost.com/	874 B	2023-04-01	2024-05-22
Pretty URL 10e5972.wcomhost.com/ IP 206.188.192.3 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-01 10:47:26 Last Seen2024-05-22 09:21:43 Times Seen694 Hash 1f11ff1516de147edbc859172b88b90f ff41ecad197c7a41e95c051691f24f7c4809ecce ec11e1250a7ae1b1b398c4c87c7faff45940cebf586c6ace0a61bc0cfbffce47 Loading...

	10e5972.wcomhost.com/	0 B	2023-03-07	2024-05-22
Pretty URL 10e5972.wcomhost.com/ IP 206.188.192.3 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-22 15:17:56 Times Seen37974173 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (32)

URL IP Response Size

sarafaa6666.blogspot.com/

216.58.207.193

15 kB

URL
sarafaa6666.blogspot.com/
IP
216.58.207.193:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with very long lines (7139)
Size
15 kB (15003 bytes)
Hash
f54c7fdd9b2ff9349e913774636802c1
27d043c8a8b61af501a9513f7b4b4e3d2dc3b50e
6dd1bf71a43ac031835f39258d28619e3fe34b9fccf874cd7f6c20de610db352

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	SwissPass
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: sarafaa6666.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Sat, 04 May 2024 04:36:34 GMT
date: Sat, 04 May 2024 04:36:34 GMT
cache-control: private, max-age=0
last-modified: Fri, 03 May 2024 16:09:44 GMT
etag: W/"e6d24ec4fe138496b9b1cb039e9f56f25e8f9b463141e546b2b8ea03847e4eab"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 15003
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

10e5972.wcomhost.com/

206.188.192.3

200 OK

34 kB

URL User Request GET HTTP/1.1
10e5972.wcomhost.com/
IP
206.188.192.3:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Certificate
IssuerSectigo Limited
Subject*.wcomhost.com
Fingerprint51:AB:0A:BC:9C:FF:EB:AA:DF:DD:1E:D8:D0:CE:A2:F8:FC:5F:B9:3A
ValidityThu, 14 Sep 2023 00:00:00 GMT - Mon, 19 Aug 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (32972)
Size
34 kB (33545 bytes)
Hash
b6da6f483ce87d550c7a7d5646d68293
f1773e23d5524b3d1c26252b29fc1b3c1c35a45e
78373a14b32261f3affac4ee47b1e1460b7615d80621ff4b41150155050c7392

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
OpenPhish	phishing	SwissPass
PhishTank	phishing	Other

HTTP Headers

GET / HTTP/1.1
Host: 10e5972.wcomhost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sarafaa6666.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.25.3.1
Date: Sat, 04 May 2024 04:36:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 27 Apr 2024 15:55:51 GMT
ETag: W/"23d07-617160df5e745"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: "1; mode=block"
Referrer-Policy: no-referrer-when-downgrade
X-Webcom-Cache-Status: BYPASS
Content-Encoding: gzip

cdn.cookielaw.org/logos/d8f340ef-178f-4257-9ea8-01744cfc5459/182f96bb-6fd6-41f6-bfd2-2807f1757dae/039a2007-c2e0-4340-8d2c-4e6f23342858/OneTrust_SwissPass_logo_mobile.png

104.19.177.52

2.0 kB

URL
cdn.cookielaw.org/logos/d8f340ef-178f-4257-9ea8-01744cfc5459/182f96bb-6fd6-41f6-bfd2-2807f1757dae/039a2007-c2e0-4340-8d2c-4e6f23342858/OneTrust_SwissPass_logo_mobile.png
IP
104.19.177.52:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 100 x 50, 8-bit colormap, non-interlaced
Size
2.0 kB (1962 bytes)
Hash
cd5e1b7e01b85b2716c593d706f3e6f2
d9e647da2b1c1f440f2513fd699159f74b5bf6d5
e42fe383c86ab1185425bf334a44f9a311dd06d8ccf9e409d05b45dbe0bc48c6

HTTP Headers

GET /logos/d8f340ef-178f-4257-9ea8-01744cfc5459/182f96bb-6fd6-41f6-bfd2-2807f1757dae/039a2007-c2e0-4340-8d2c-4e6f23342858/OneTrust_SwissPass_logo_mobile.png HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://10e5972.wcomhost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 04:36:35 GMT
content-type: image/png
content-length: 1962
content-md5: zV4bfgG4WycWxZPXBvPm8g==
last-modified: Wed, 03 Mar 2021 11:26:34 GMT
etag: 0x8D8DE3733F257B1
x-ms-request-id: 9ef6e1b1-401e-0011-5c2d-7fa337000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 25612
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e5ca6c787f56a9-OSL
X-Firefox-Spdy: h2

cdn.cookielaw.org/scripttemplates/otSDKStub.js

104.19.177.52

6.9 kB

URL
cdn.cookielaw.org/scripttemplates/otSDKStub.js
IP
104.19.177.52:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (21229)
Size
6.9 kB (6882 bytes)
Hash
0cd317a7b9c520801230e944f7d50e41
e3985ff0c2e8b1eaacb617c7c5af5bebfcbceda6
6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544

HTTP Headers

GET /scripttemplates/otSDKStub.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://10e5972.wcomhost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 04:36:35 GMT
content-type: application/javascript
content-length: 6882
content-encoding: gzip
content-md5: cfMMgqnnnYda745QhUdJrw==
last-modified: Thu, 02 May 2024 18:04:40 GMT
etag: 0x8DC6AD2569D1DB7
x-ms-request-id: 81aa8688-601e-0010-3e74-9d778f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 44341
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e5ca6c787e56a9-OSL
X-Firefox-Spdy: h2

cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js

104.19.177.52

200 OK

99 kB

URL GET HTTP/2
cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js
IP
104.19.177.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://10e5972.wcomhost.com/
Certificate
IssuerCloudflare, Inc.
Subjectcookielaw.org
FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
99 kB (99428 bytes)
Hash
53e75bd25e32c985e8459eba598e5e64
9765a64b1e9c9dea4ed7c93d619e59ce7ea2d1e0
ed3a69e3267f056582ed012f7252319adb227fed203a4781eb820ea732aa4594

HTTP Headers

GET /scripttemplates/202305.1.0/otBannerSdk.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://10e5972.wcomhost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 04:36:35 GMT
content-type: application/javascript
content-length: 99428
content-encoding: gzip
content-md5: fuN6EZWNAh2xn3yE+0HSRQ==
last-modified: Tue, 11 Jul 2023 02:35:48 GMT
etag: 0x8DB81B7897E828A
x-ms-request-id: bb61c14c-801e-006c-0ac6-0bd214000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 40194
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e5ca6c888256a9-OSL
X-Firefox-Spdy: h2

assets.adobedtm.com/15ff638fdec4/7a0c4d63ddff/launch-6cc731e967aa.min.js

23.38.200.237

39 kB

URL
assets.adobedtm.com/15ff638fdec4/7a0c4d63ddff/launch-6cc731e967aa.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
JavaScript source, ASCII text, with very long lines (32765)
Size
39 kB (39144 bytes)
Hash
d5bf712a6ebd7590bb155ad6e1290f49
7161acdca9b24c3189fe2d8e9807faee2cccd345
f053f049a78c3afbce0d34f57d0bea4a24f7964d0e1e45197a35c06124b5e357

HTTP Headers

GET /15ff638fdec4/7a0c4d63ddff/launch-6cc731e967aa.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://10e5972.wcomhost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d5bf712a6ebd7590bb155ad6e1290f49:1700654894.794356"
last-modified: Wed, 22 Nov 2023 12:08:14 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 39144
cache-control: max-age=3600
expires: Sat, 04 May 2024 05:36:35 GMT
date: Sat, 04 May 2024 04:36:35 GMT
access-control-allow-origin: https://10e5972.wcomhost.com
timing-allow-origin: *
X-Firefox-Spdy: h2

10e5972.wcomhost.com/resources/css/normal/app/sso.min-20200819.css

206.188.192.3

31 kB

URL
10e5972.wcomhost.com/resources/css/normal/app/sso.min-20200819.css
IP
206.188.192.3:0
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Certificate
IssuerSectigo Limited
Subject*.wcomhost.com
Fingerprint51:AB:0A:BC:9C:FF:EB:AA:DF:DD:1E:D8:D0:CE:A2:F8:FC:5F:B9:3A
ValidityThu, 14 Sep 2023 00:00:00 GMT - Mon, 19 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (31046 bytes)
Hash
d842e9d9dcb61c04b743e144d73184f3
6e48afc9ec0812c5e1a68bd2cc61cc862816354a
c350b4b555a2d3118e64d364024b724f38bb595d56366f2d7cfe9b0dd4c77843

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
OpenPhish	phishing	SwissPass
PhishTank	phishing	Other

HTTP Headers

GET /resources/css/normal/app/sso.min-20200819.css HTTP/1.1
Host: 10e5972.wcomhost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://10e5972.wcomhost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.25.3.1
Date: Sat, 04 May 2024 04:36:35 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 27 Apr 2024 15:57:18 GMT
ETag: W/"2cee0-61716132c1202"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: "1; mode=block"
Referrer-Policy: no-referrer-when-downgrade
X-Webcom-Cache-Status: BYPASS
Content-Encoding: gzip

10e5972.wcomhost.com/resources/js/vendor/head/modernizr/modernizr-20200819.js

206.188.192.3

200 OK

3.7 kB

URL GET HTTP/1.1
10e5972.wcomhost.com/resources/js/vendor/head/modernizr/modernizr-20200819.js
IP
206.188.192.3:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://10e5972.wcomhost.com/
Certificate
IssuerSectigo Limited
Subject*.wcomhost.com
Fingerprint51:AB:0A:BC:9C:FF:EB:AA:DF:DD:1E:D8:D0:CE:A2:F8:FC:5F:B9:3A
ValidityThu, 14 Sep 2023 00:00:00 GMT - Mon, 19 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7466)
Size
3.7 kB (3654 bytes)
Hash
4d11af9e90e621d0f067d464959ebd7b
e256d0de8ac8b68019ee29d65894cbe58f513a52
4a3d4cf982535aaf485c6e3af9ad1498df5c065adf94eed056f0aa13c31e92ed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
OpenPhish	phishing	SwissPass
PhishTank	phishing	Other

HTTP Headers

GET /resources/js/vendor/head/modernizr/modernizr-20200819.js HTTP/1.1
Host: 10e5972.wcomhost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://10e5972.wcomhost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.25.3.1
Date: Sat, 04 May 2024 04:36:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 27 Apr 2024 15:57:15 GMT
ETag: W/"1e59-6171613026224"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: "1; mode=block"
Referrer-Policy: no-referrer-when-downgrade
X-Webcom-Cache-Status: BYPASS
Content-Encoding: gzip

cdn.cookielaw.org/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json

104.19.177.52

1.6 kB

URL
cdn.cookielaw.org/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json
IP
104.19.177.52:0
ASN
#13335 CLOUDFLARENET

File type
JSON text data
Size
1.6 kB (1593 bytes)
Hash
ceb89a4bb6d2556104d5390d9c40c4e8
ed82c2c6d5927f4d16b1c2ed579b235116c2cffb
4edef10152ecacb7f62929c0496ed48941bfe8bea02e6449cf720ff030addfc2

HTTP Headers

GET /consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://10e5972.wcomhost.com
DNT: 1
Connection: keep-alive
Referer: https://10e5972.wcomhost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 04:36:36 GMT
content-type: application/x-javascript
content-length: 1593
cf-ray: 87e5ca6ea9b456a9-OSL
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=86400
content-encoding: gzip
etag: 0x8DC4F059623FCE9
last-modified: Thu, 28 Mar 2024 09:00:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-md5: iwIpyq7vAuKwpHzHQHFt4g==
x-content-type-options: nosniff
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: c26d3eb1-701e-0087-7ddc-9d1446000000
x-ms-version: 2009-09-19
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec

23.36.79.32

6.9 kB

URL
ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec
IP
23.36.79.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
6.9 kB (6897 bytes)
Hash
e0f6dccb9d7bc104a855a38f09b67d9d
ec64a27f370788e800b167fe66a927b827a0dde3
61e4c4eae6ef50dd1b0308ac5192918cf4552a7a5f03f1b1030096a12f2f464a

HTTP Headers

POST /sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec HTTP/1.1
Host: ocsp.swisssign.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 87
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 6897
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=3600
Expires: Sat, 04 May 2024 05:36:36 GMT
Date: Sat, 04 May 2024 04:36:36 GMT
Connection: keep-alive

resources.swisspass.ch/content/dam/swisspass/co-branding/sbbkn/logo.png

193.203.121.145

200 OK

1.8 kB

URL GET HTTP/1.1
resources.swisspass.ch/content/dam/swisspass/co-branding/sbbkn/logo.png
IP
193.203.121.145:443
ASN
#31004 Schweizerische Bundesbahnen SBB

Requested by
https://10e5972.wcomhost.com/
Certificate
IssuerSwissSign AG
Subjectswisspass.ch
Fingerprint0F:CC:F3:F9:E7:22:13:51:BD:03:15:EE:A8:31:BE:24:0B:CA:37:16
ValidityThu, 14 Mar 2024 05:50:58 GMT - Fri, 14 Mar 2025 05:50:58 GMT

File type
PNG image data, 170 x 19, 8-bit colormap, non-interlaced
Size
1.8 kB (1818 bytes)
Hash
90212f3504e52c2077f65efc908f4b82
aa57cc70978927a10889f4bb8b278cd223fc178a
d45fd2cc05090e4b504f361216b1032409ed3cdf9904f50ce56e8a6b0f3c006e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass

HTTP Headers

GET /content/dam/swisspass/co-branding/sbbkn/logo.png HTTP/1.1
Host: resources.swisspass.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://10e5972.wcomhost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 04:36:36 GMT
Server: Apache
Content-Length: 1818
ETag: "71a-617965e765835"
Expires: Sat, 04 May 2024 10:35:08 GMT
Cache-Control: max-age=21600
Last-Modified: Sat, 04 May 2024 01:00:57 GMT
X-Plattform: cprod
x-url: /content/dam/swisspass/co-branding/sbbkn/logo.png
X-Varnish: 28615149 26272520
X-Cache: HIT
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Keep-Alive: timeout=10, max=500
Connection: Keep-Alive
Content-Type: image/png

cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Light.woff2

18.195.200.224

200 OK

14 kB

URL GET HTTP/2
cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Light.woff2
IP
18.195.200.224:443
ASN
#16509 AMAZON-02

Requested by
https://10e5972.wcomhost.com/
Certificate
IssuerAmazon
Subject*.app.sbb.ch
Fingerprint91:97:68:15:9B:1D:9F:0F:5B:C1:DB:F4:EE:DC:A6:EC:4A:2A:09:71
ValidityWed, 16 Aug 2023 00:00:00 GMT - Fri, 13 Sep 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14212, version 1.0
Size
14 kB (14212 bytes)
Hash
8b70a44a98a0ac5d721df7d8f5136f7b
10e10c01e732f3d35a78e1051bfcc9fe2589ddda
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass

HTTP Headers

GET /fonts/v1_6_subset/SBBWeb-Light.woff2 HTTP/1.1
Host: cdn.app.sbb.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://10e5972.wcomhost.com
DNT: 1
Connection: keep-alive
Referer: https://10e5972.wcomhost.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 04:36:36 GMT
content-type: application/font-woff2
content-length: 14212
server: nginx/1.25.5
last-modified: Wed, 31 Jan 2024 10:14:44 GMT
vary: Accept-Encoding
etag: "65ba1d94-3784"
expires: Sun, 04 May 2025 04:36:36 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With
cache-control: max-age=31536000, public, private
accept-ranges: bytes
set-cookie: 9527f1a32486d650b0687919ffd41c2b=6dcce28833261d4054e25f37ec3adba7; path=/; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2

10e5972.wcomhost.com/resources/img/logo_text_de-20200819.svg

206.188.192.3

140 kB

URL
10e5972.wcomhost.com/resources/img/logo_text_de-20200819.svg
IP
206.188.192.3:0
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Certificate
IssuerSectigo Limited
Subject*.wcomhost.com
Fingerprint51:AB:0A:BC:9C:FF:EB:AA:DF:DD:1E:D8:D0:CE:A2:F8:FC:5F:B9:3A
ValidityThu, 14 Sep 2023 00:00:00 GMT - Mon, 19 Aug 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
140 kB (139971 bytes)
Hash
512410d9227bb0c2481e175dce0eda72
1deb5d9f09592101e632a8351865d54b1d6a27f7
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
OpenPhish	phishing	SwissPass
PhishTank	phishing	Other

HTTP Headers

GET /resources/img/logo_text_de-20200819.svg HTTP/1.1
Host: 10e5972.wcomhost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://10e5972.wcomhost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.25.3.1
Date: Sat, 04 May 2024 04:36:36 GMT
Content-Type: image/svg+xml
Content-Length: 139971
Connection: keep-alive
Last-Modified: Sat, 27 Apr 2024 15:56:55 GMT
ETag: "222c3-6171611c3758a"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: "1; mode=block"
Referrer-Policy: no-referrer-when-downgrade
X-Webcom-Cache-Status: BYPASS
Accept-Ranges: bytes

10e5972.wcomhost.com/resources/fonts/icomoon/icomoon.woff2?7m5yri

206.188.192.3

6.9 kB

URL
10e5972.wcomhost.com/resources/fonts/icomoon/icomoon.woff2?7m5yri
IP
206.188.192.3:0
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Certificate
IssuerSectigo Limited
Subject*.wcomhost.com
Fingerprint51:AB:0A:BC:9C:FF:EB:AA:DF:DD:1E:D8:D0:CE:A2:F8:FC:5F:B9:3A
ValidityThu, 14 Sep 2023 00:00:00 GMT - Mon, 19 Aug 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 6944, version 1.0
Size
6.9 kB (6944 bytes)
Hash
175797213b8b8dffcc1bd588a9ecec2f
6214e06b11da9fadc19ed601467ca86617839e7e
45b8f30ef99295a0d738416e4e5af9fa2dd41619499622c2c57416580fc7197b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
OpenPhish	phishing	SwissPass
PhishTank	phishing	Other

HTTP Headers

GET /resources/fonts/icomoon/icomoon.woff2?7m5yri HTTP/1.1
Host: 10e5972.wcomhost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://10e5972.wcomhost.com/resources/css/normal/app/sso.min-20200819.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.25.3.1
Date: Sat, 04 May 2024 04:36:36 GMT
Content-Type: font/woff2
Content-Length: 6944
Connection: keep-alive
Last-Modified: Sat, 27 Apr 2024 15:57:01 GMT
ETag: "1b20-61716121fc276"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: "1; mode=block"
Referrer-Policy: no-referrer-when-downgrade
X-Webcom-Cache-Status: BYPASS
Accept-Ranges: bytes

10e5972.wcomhost.com/resources/js/swisspass.min-20200819.js

206.188.192.3

200 OK

31 kB

URL GET HTTP/1.1
10e5972.wcomhost.com/resources/js/swisspass.min-20200819.js
IP
206.188.192.3:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://10e5972.wcomhost.com/
Certificate
IssuerSectigo Limited
Subject*.wcomhost.com
Fingerprint51:AB:0A:BC:9C:FF:EB:AA:DF:DD:1E:D8:D0:CE:A2:F8:FC:5F:B9:3A
ValidityThu, 14 Sep 2023 00:00:00 GMT - Mon, 19 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (31228 bytes)
Hash
e37fe394cc3945b173b27bcd3b2b9779
1e2fd6607c9dfe3a1c5beebbe89dd1d7e8b657ce
225e078f0432e7459d74e8d9245f1982570a3897d664ca2d219ccd09b244ab95

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
OpenPhish	phishing	SwissPass
PhishTank	phishing	Other

HTTP Headers

GET /resources/js/swisspass.min-20200819.js HTTP/1.1
Host: 10e5972.wcomhost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://10e5972.wcomhost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.25.3.1
Date: Sat, 04 May 2024 04:36:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 27 Apr 2024 15:56:58 GMT
ETag: W/"183fc-6171611fff5dd"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: "1; mode=block"
Referrer-Policy: no-referrer-when-downgrade
X-Webcom-Cache-Status: BYPASS
Content-Encoding: gzip

10e5972.wcomhost.com/resources/primefaces/jquery/jquery-20200819.js

206.188.192.3

200 OK

40 kB

URL GET HTTP/1.1
10e5972.wcomhost.com/resources/primefaces/jquery/jquery-20200819.js
IP
206.188.192.3:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://10e5972.wcomhost.com/
Certificate
IssuerSectigo Limited
Subject*.wcomhost.com
Fingerprint51:AB:0A:BC:9C:FF:EB:AA:DF:DD:1E:D8:D0:CE:A2:F8:FC:5F:B9:3A
ValidityThu, 14 Sep 2023 00:00:00 GMT - Mon, 19 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32060)
Size
40 kB (39548 bytes)
Hash
43327285f22db304e1bc08eae9c9522e
aff0883be1487a752a7431783bf2e5eb2c39353f
24f31a4afb4d98c85b6cff4c9a953654a77986d6c4c9e9cae52cf57e59095e01

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
OpenPhish	phishing	SwissPass
PhishTank	phishing	Other

HTTP Headers

GET /resources/primefaces/jquery/jquery-20200819.js HTTP/1.1
Host: 10e5972.wcomhost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://10e5972.wcomhost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.25.3.1
Date: Sat, 04 May 2024 04:36:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 27 Apr 2024 15:57:12 GMT
ETag: W/"17c54-6171612cc61e5"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: "1; mode=block"
Referrer-Policy: no-referrer-when-downgrade
X-Webcom-Cache-Status: BYPASS
Content-Encoding: gzip

cdn.cookielaw.org/logos/static/powered_by_logo.svg

104.19.177.52

200 OK

7.8 kB

URL GET HTTP/2
cdn.cookielaw.org/logos/static/powered_by_logo.svg
IP
104.19.177.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://10e5972.wcomhost.com/
Certificate
IssuerCloudflare, Inc.
Subjectcookielaw.org
FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
gzip compressed data, from Unix
Size
7.8 kB (7814 bytes)
Hash
d6b572c5c3ef7744c0c335c8ab9b6c5b
4699860ad661269061cce57a306820268e7ec3a8
eb124cade99bc6eb0d634ab8cd4ab475bf9dc0f04b4efbb803db5c5fbdd8c5b9

HTTP Headers

GET /logos/static/powered_by_logo.svg HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://10e5972.wcomhost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 04:36:35 GMT
content-type: image/svg+xml
content-md5: Y+c301RBZNK39PvKQWrIBw==
last-modified: Thu, 02 May 2024 18:04:43 GMT
x-ms-request-id: e029ff83-401e-0043-13c3-9c6b80000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 35904
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e5ca6c788056a9-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

10e5972.wcomhost.com/resources/img/loader-20200819.png

206.188.192.3

200 OK

272 B

URL GET HTTP/1.1
10e5972.wcomhost.com/resources/img/loader-20200819.png
IP
206.188.192.3:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://10e5972.wcomhost.com/
Certificate
IssuerSectigo Limited
Subject*.wcomhost.com
Fingerprint51:AB:0A:BC:9C:FF:EB:AA:DF:DD:1E:D8:D0:CE:A2:F8:FC:5F:B9:3A
ValidityThu, 14 Sep 2023 00:00:00 GMT - Mon, 19 Aug 2024 23:59:59 GMT

File type
PNG image data, 24 x 24, 4-bit colormap, non-interlaced
Size
272 B (272 bytes)
Hash
1a7ca896940219da5393e26600e0ee7b
558e1d3bad16b2faa7527f1f3133e21bf89cd507
f766c7457c6ec463eaa85778aa47261344f1772e0b7cf1987ad212f889f472f5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
OpenPhish	phishing	SwissPass
PhishTank	phishing	Other

HTTP Headers

GET /resources/img/loader-20200819.png HTTP/1.1
Host: 10e5972.wcomhost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://10e5972.wcomhost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.25.3.1
Date: Sat, 04 May 2024 04:36:36 GMT
Content-Type: image/png
Content-Length: 272
Connection: keep-alive
Last-Modified: Sat, 27 Apr 2024 15:56:45 GMT
ETag: "110-6171611366c14"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: "1; mode=block"
Referrer-Policy: no-referrer-when-downgrade
X-Webcom-Cache-Status: BYPASS
Accept-Ranges: bytes

10e5972.wcomhost.com/resources/js/vendor/vendor.min-20200819.js

206.188.192.3

64 kB

URL
10e5972.wcomhost.com/resources/js/vendor/vendor.min-20200819.js
IP
206.188.192.3:0
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Certificate
IssuerSectigo Limited
Subject*.wcomhost.com
Fingerprint51:AB:0A:BC:9C:FF:EB:AA:DF:DD:1E:D8:D0:CE:A2:F8:FC:5F:B9:3A
ValidityThu, 14 Sep 2023 00:00:00 GMT - Mon, 19 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (663)
Size
64 kB (63758 bytes)
Hash
ccfc9b3b004cfb4f51ae7853af5f78d9
2c52cec1f06c406c4d5d2cf34e870ef15a85dad7
be0223ae72bc8c610c7a5453d349964cbe78ff8646695a58bc13a4cf0a8d81d6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
OpenPhish	phishing	SwissPass
PhishTank	phishing	Other

HTTP Headers

GET /resources/js/vendor/vendor.min-20200819.js HTTP/1.1
Host: 10e5972.wcomhost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://10e5972.wcomhost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.25.3.1
Date: Sat, 04 May 2024 04:36:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 27 Apr 2024 15:57:09 GMT
ETag: W/"2bc0a-6171612990986"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: "1; mode=block"
Referrer-Policy: no-referrer-when-downgrade
X-Webcom-Cache-Status: BYPASS
Content-Encoding: gzip

geolocation.onetrust.com/cookieconsentpub/v1/geo/location

104.18.32.137

110 kB

URL
geolocation.onetrust.com/cookieconsentpub/v1/geo/location
IP
104.18.32.137:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65379)
Size
110 kB (109764 bytes)
Hash
7830b9a3a830055127ae90d51643289f
67eb8322dbcbaef101104b3f9a9d7992c02ba134
e32001eb2d2d184e42755db2dfcf7db91b09ca01a54392093f7cc2bd2e9ab094

HTTP Headers

GET /cookieconsentpub/v1/geo/location HTTP/1.1
Host: geolocation.onetrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://10e5972.wcomhost.com
DNT: 1
Connection: keep-alive
Referer: https://10e5972.wcomhost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 04:36:36 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87e5ca703ed9568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

10e5972.wcomhost.com/resources/img/login_bg.jpg

206.188.192.3

226 kB

URL
10e5972.wcomhost.com/resources/img/login_bg.jpg
IP
206.188.192.3:0
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Certificate
IssuerSectigo Limited
Subject*.wcomhost.com
Fingerprint51:AB:0A:BC:9C:FF:EB:AA:DF:DD:1E:D8:D0:CE:A2:F8:FC:5F:B9:3A
ValidityThu, 14 Sep 2023 00:00:00 GMT - Mon, 19 Aug 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 3508x2339, components 3
Size
226 kB (226097 bytes)
Hash
2cc7e4969f296cbabbd97cc9044d562b
a687ac80bd3d9997b7df2c4e7105b7abbce116f8
c299a55acdc9c551ab7e67912892c6db8ed164dbcebaca370aa75f0f1297c8d4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
OpenPhish	phishing	SwissPass
PhishTank	phishing	Other

HTTP Headers

GET /resources/img/login_bg.jpg HTTP/1.1
Host: 10e5972.wcomhost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://10e5972.wcomhost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.25.3.1
Date: Sat, 04 May 2024 04:36:36 GMT
Content-Type: image/jpeg
Content-Length: 226097
Connection: keep-alive
Last-Modified: Sat, 27 Apr 2024 15:56:51 GMT
ETag: "37331-6171611872054"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: "1; mode=block"
Referrer-Policy: no-referrer-when-downgrade
X-Webcom-Cache-Status: BYPASS
Accept-Ranges: bytes

10e5972.wcomhost.com/resources/img/logo-20200819.svg

206.188.192.3

200 OK

7.4 kB

URL GET HTTP/1.1
10e5972.wcomhost.com/resources/img/logo-20200819.svg
IP
206.188.192.3:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://10e5972.wcomhost.com/
Certificate
IssuerSectigo Limited
Subject*.wcomhost.com
Fingerprint51:AB:0A:BC:9C:FF:EB:AA:DF:DD:1E:D8:D0:CE:A2:F8:FC:5F:B9:3A
ValidityThu, 14 Sep 2023 00:00:00 GMT - Mon, 19 Aug 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
7.4 kB (7374 bytes)
Hash
795242580bfa3135028bd0750fdc1654
2c344b6662e62ddbdba49f635e1c33a827fe75d4
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
OpenPhish	phishing	SwissPass
PhishTank	phishing	Other

HTTP Headers

GET /resources/img/logo-20200819.svg HTTP/1.1
Host: 10e5972.wcomhost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://10e5972.wcomhost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.25.3.1
Date: Sat, 04 May 2024 04:36:36 GMT
Content-Type: image/svg+xml
Content-Length: 7374
Connection: keep-alive
Last-Modified: Sat, 27 Apr 2024 15:56:51 GMT
ETag: "1cce-617161192824f"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: "1; mode=block"
Referrer-Policy: no-referrer-when-downgrade
X-Webcom-Cache-Status: BYPASS
Accept-Ranges: bytes

10e5972.wcomhost.com/idp/co-branding?resource=co-branding&lang=de&provider=

206.188.192.3

404 Not Found

575 B

URL GET HTTP/1.1
10e5972.wcomhost.com/idp/co-branding?resource=co-branding&lang=de&provider=
IP
206.188.192.3:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://10e5972.wcomhost.com/
Certificate
IssuerSectigo Limited
Subject*.wcomhost.com
Fingerprint51:AB:0A:BC:9C:FF:EB:AA:DF:DD:1E:D8:D0:CE:A2:F8:FC:5F:B9:3A
ValidityThu, 14 Sep 2023 00:00:00 GMT - Mon, 19 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
575 B (575 bytes)
Hash
4546cec9cc9f33afaa19f1e81c7278fb
1b389a6d4d910de0f991a27487f1e1cd8b1223df
54998b618c0740e80bd07e3b28870fd68ce831df08dc73a8e3e3a261efdfb720

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
OpenPhish	phishing	SwissPass
PhishTank	phishing	Other

HTTP Headers

GET /idp/co-branding?resource=co-branding&lang=de&provider= HTTP/1.1
Host: 10e5972.wcomhost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://10e5972.wcomhost.com/
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: openresty/1.25.3.1
Date: Sat, 04 May 2024 04:36:36 GMT
Content-Type: text/html
Content-Length: 575
Connection: keep-alive
Last-Modified: Wed, 05 Oct 2011 15:41:30 GMT
ETag: "23f-4ae8f0ab47e80"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: "1; mode=block"
Referrer-Policy: no-referrer-when-downgrade

cdn.cookielaw.org/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/ba92dbb5-02d7-443f-8481-b67e4427328b/de-ch.json

104.19.177.52

200 OK

15 kB

URL GET HTTP/2
cdn.cookielaw.org/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/ba92dbb5-02d7-443f-8481-b67e4427328b/de-ch.json
IP
104.19.177.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://10e5972.wcomhost.com/
Certificate
IssuerCloudflare, Inc.
Subjectcookielaw.org
FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
15 kB (14574 bytes)
Hash
921e9dcb65ee956739cc0ac742bcb15c
ebbdc7439729f9e843fc49a2084491eace91a4ca
61026706307e88772f61f6e05d84bd06cc8763a9ddf08d74787b506860ea0aaf

HTTP Headers

GET /consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/ba92dbb5-02d7-443f-8481-b67e4427328b/de-ch.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://10e5972.wcomhost.com
DNT: 1
Connection: keep-alive
Referer: https://10e5972.wcomhost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 04:36:36 GMT
content-type: application/x-javascript
content-length: 14574
cf-ray: 87e5ca720afe56a9-OSL
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=86400
content-encoding: gzip
etag: 0x8DC4F0599778E17
last-modified: Thu, 28 Mar 2024 09:01:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-md5: 9een+dQKiHe9pgo7gEa5EQ==
x-content-type-options: nosniff
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 1a19a2ed-201e-0071-3fdc-9d3350000000
x-ms-version: 2009-09-19
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otFlat.json

104.19.177.52

3.0 kB

URL
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otFlat.json
IP
104.19.177.52:0
ASN
#13335 CLOUDFLARENET

File type
JSON text data
Size
3.0 kB (3041 bytes)
Hash
9b1f8ddf85fb0cbfd926faacb1fc0405
ade7f952c70f07fd3497cd3e8656ca1f28c78633
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112

HTTP Headers

GET /scripttemplates/202403.1.0/assets/otFlat.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://10e5972.wcomhost.com
DNT: 1
Connection: keep-alive
Referer: https://10e5972.wcomhost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 04:36:36 GMT
content-type: application/json
content-length: 3041
content-encoding: gzip
content-md5: KLWFssuowJEtDumTaVZD/A==
last-modified: Thu, 21 Mar 2024 07:04:28 GMT
etag: 0x8DC497526A04834
x-ms-request-id: 4f3529d2-801e-0088-44a9-98dc8a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 2396
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e5ca729b3356a9-OSL
X-Firefox-Spdy: h2

cdn.cookielaw.org/scripttemplates/202403.1.0/assets/v2/otPcTab.json

104.19.177.52

200 OK

14 kB

URL GET HTTP/2
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/v2/otPcTab.json
IP
104.19.177.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://10e5972.wcomhost.com/
Certificate
IssuerCloudflare, Inc.
Subjectcookielaw.org
FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
14 kB (13599 bytes)
Hash
67eafe0ca141b9b52080c52d281966c4
93308b43a6234c01123881a7b02e9b014b082294
51dfbad7e1a227d3935016e5c4190e5e46e03daa4b249e5ded55f54235efbd7a

HTTP Headers

GET /scripttemplates/202403.1.0/assets/v2/otPcTab.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://10e5972.wcomhost.com
DNT: 1
Connection: keep-alive
Referer: https://10e5972.wcomhost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 04:36:36 GMT
content-type: application/json
content-length: 13599
content-encoding: gzip
content-md5: JqD83lHxEjWNdmDqKd9lzA==
last-modified: Thu, 21 Mar 2024 07:04:31 GMT
etag: 0x8DC4975281E71C8
x-ms-request-id: 528052ee-b01e-0093-65a9-98e289000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 68203
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e5ca729b3456a9-OSL
X-Firefox-Spdy: h2

cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Roman.woff2

18.195.200.224

200 OK

14 kB

URL GET HTTP/2
cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Roman.woff2
IP
18.195.200.224:443
ASN
#16509 AMAZON-02

Requested by
https://10e5972.wcomhost.com/
Certificate
IssuerAmazon
Subject*.app.sbb.ch
Fingerprint91:97:68:15:9B:1D:9F:0F:5B:C1:DB:F4:EE:DC:A6:EC:4A:2A:09:71
ValidityWed, 16 Aug 2023 00:00:00 GMT - Fri, 13 Sep 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14152, version 1.0
Size
14 kB (14152 bytes)
Hash
82e55d1865d40988204fa60522628f4b
e9d74fb23204a62c520d19b8fae3f0193539cdfb
966a89b8080879ba41c6b9f15c5efb58182c33a0d2d1e08748beb554b28b4997

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass

HTTP Headers

GET /fonts/v1_6_subset/SBBWeb-Roman.woff2 HTTP/1.1
Host: cdn.app.sbb.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://10e5972.wcomhost.com
DNT: 1
Connection: keep-alive
Referer: https://10e5972.wcomhost.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 04:36:36 GMT
content-type: application/font-woff2
content-length: 14152
server: nginx/1.25.5
last-modified: Wed, 31 Jan 2024 10:14:44 GMT
vary: Accept-Encoding
etag: "65ba1d94-3748"
expires: Sun, 04 May 2025 04:36:36 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With
cache-control: max-age=31536000, public, private
accept-ranges: bytes
set-cookie: 9527f1a32486d650b0687919ffd41c2b=a3ed87b2dc9abb853daf697c7a2ecf62; path=/; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2

10e5972.wcomhost.com/resources/ico/apple-touch-icon-precomposed-20200819.png

206.188.192.3

404 Not Found

575 B

URL GET HTTP/1.1
10e5972.wcomhost.com/resources/ico/apple-touch-icon-precomposed-20200819.png
IP
206.188.192.3:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://10e5972.wcomhost.com/
Certificate
IssuerSectigo Limited
Subject*.wcomhost.com
Fingerprint51:AB:0A:BC:9C:FF:EB:AA:DF:DD:1E:D8:D0:CE:A2:F8:FC:5F:B9:3A
ValidityThu, 14 Sep 2023 00:00:00 GMT - Mon, 19 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
575 B (575 bytes)
Hash
4546cec9cc9f33afaa19f1e81c7278fb
1b389a6d4d910de0f991a27487f1e1cd8b1223df
54998b618c0740e80bd07e3b28870fd68ce831df08dc73a8e3e3a261efdfb720

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
OpenPhish	phishing	SwissPass
PhishTank	phishing	Other

HTTP Headers

GET /resources/ico/apple-touch-icon-precomposed-20200819.png HTTP/1.1
Host: 10e5972.wcomhost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://10e5972.wcomhost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: openresty/1.25.3.1
Date: Sat, 04 May 2024 04:36:37 GMT
Content-Type: text/html
Content-Length: 575
Connection: keep-alive
Last-Modified: Wed, 05 Oct 2011 15:41:30 GMT
ETag: "23f-4ae8f0ab47e80"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: "1; mode=block"
Referrer-Policy: no-referrer-when-downgrade

10e5972.wcomhost.com/resources/img/favicon.ico?v=20140709-1126

206.188.192.3

200 OK

1.2 kB

URL GET HTTP/1.1
10e5972.wcomhost.com/resources/img/favicon.ico?v=20140709-1126
IP
206.188.192.3:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://10e5972.wcomhost.com/
Certificate
IssuerSectigo Limited
Subject*.wcomhost.com
Fingerprint51:AB:0A:BC:9C:FF:EB:AA:DF:DD:1E:D8:D0:CE:A2:F8:FC:5F:B9:3A
ValidityThu, 14 Sep 2023 00:00:00 GMT - Mon, 19 Aug 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
6d866d9c4568bf7fc03e597e74ce7e28
e1b3d9f0e9cdcb785a94b6c1e1fe651a4ff98dcb
7c1925da382279a72f94990d0a1456f78918619f35780ea0905e4ae0db684677

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
OpenPhish	phishing	SwissPass
PhishTank	phishing	Other

HTTP Headers

GET /resources/img/favicon.ico?v=20140709-1126 HTTP/1.1
Host: 10e5972.wcomhost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://10e5972.wcomhost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.25.3.1
Date: Sat, 04 May 2024 04:36:37 GMT
Content-Type: image/x-icon
Content-Length: 1150
Connection: keep-alive
Last-Modified: Sat, 27 Apr 2024 15:56:45 GMT
ETag: "47e-61716112da243"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: "1; mode=block"
Referrer-Policy: no-referrer-when-downgrade
X-Webcom-Cache-Status: BYPASS
Accept-Ranges: bytes

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=Xv3f4d8kydKcd7QXB-4kOnAgZjvfBMZ62vn2fNP07-gIIUOYSbzaMRWY859gKTkWKDl2MM0t_CBjHbJmLflZIJ7T9DY20dtip-ePWIThlj1IPbAXvI5sL4zWabxxEHqW
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
content-length: 444
date: Sat, 04 May 2024 04:34:38 GMT
age: 135
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otCommonStyles.css

104.19.177.52

200 OK

25 kB

URL GET HTTP/2
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otCommonStyles.css
IP
104.19.177.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://10e5972.wcomhost.com/
Certificate
IssuerCloudflare, Inc.
Subjectcookielaw.org
FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (24823), with no line terminators
Size
25 kB (24823 bytes)
Hash
e04ad89975c535b30bae773d0eb0d3b2
0c72555d0fd844150b6ec407a57da2d29bf380e2
06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992

HTTP Headers

GET /scripttemplates/202403.1.0/assets/otCommonStyles.css HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://10e5972.wcomhost.com
DNT: 1
Connection: keep-alive
Referer: https://10e5972.wcomhost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 04:36:36 GMT
content-type: text/css
content-md5: 4ErYmXXFNbMLrnc9DrDTsg==
last-modified: Thu, 21 Mar 2024 07:04:40 GMT
x-ms-request-id: ae2e812d-301e-000b-6aa9-98c2e8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 2396
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e5ca729b3756a9-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.cookielaw.org/logos/static/ot_guard_logo.svg

104.19.177.52

200 OK

497 B

URL GET HTTP/2
cdn.cookielaw.org/logos/static/ot_guard_logo.svg
IP
104.19.177.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://10e5972.wcomhost.com/
Certificate
IssuerCloudflare, Inc.
Subjectcookielaw.org
FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
497 B (497 bytes)
Hash
4cefeea2da1f500b581d4842d6454a50
9939dd4c1394641f53655e558bfdca7499480c52
220f235f0188ff469b92b56eb86adf4e828b8a90c587ebfa073383b8583aaeb2

HTTP Headers

GET /logos/static/ot_guard_logo.svg HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://10e5972.wcomhost.com
DNT: 1
Connection: keep-alive
Referer: https://10e5972.wcomhost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 04:36:37 GMT
content-type: image/svg+xml
content-md5: tXyZydHjxQshFMbbBT1/8A==
last-modified: Thu, 02 May 2024 06:39:38 GMT
x-ms-request-id: 48459110-f01e-009d-0d9d-9c3b29000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 68203
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e5ca734b8656a9-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML