Report - scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php

Report Overview

Submitted URL
scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
IP
172.67.209.113
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-02 16:51:21
Access
public
Website Title
SwissPass
Final URL
scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Tags
swosspass phishing transport
urlquery detections
Phishing - SwissPass

Detections

urlquery
8
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.app.sbb.ch	610967	unknown	2018-04-04	2024-04-26	511 B	15 kB	3.66.100.247
scorpion-lab.com	unknown	2022-03-05	2022-03-05	2024-04-10	3.9 kB	410 kB	104.21.23.59
resources.swisspass.ch	unknown	unknown	2017-02-16	2024-04-03	476 B	202 kB	193.203.121.145

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php	74 B	2023-07-12	2024-05-15
Pretty URL scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php IP 104.21.23.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-12 13:45:42 Last Seen2024-05-15 19:25:33 Times Seen102 Hash 756b017533184fa5b086c13126d3daae 3c6b1702815f56ba5731066828855703d4ac5d40 c77b776fef4c3c2fd7c50edf41496d1776ef31fae6a4531356e1a3fafaef10d5 Loading...

	scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php	1.0 kB	2023-11-14	2024-05-15
Pretty URL scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php IP 104.21.23.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-14 18:20:15 Last Seen2024-05-15 19:25:33 Times Seen97 Hash 802d8baafccce06b1981f26faa482e1e 72ff72c726c8801666e460bbf63c9e052d05efb5 1d1ad2a12eb21962181cdf7126b860a0b539b70bad88c2af3b4068aa929f2de8 Loading...

HTTP Transactions (9)

URL IP Response Size

scorpion-lab.com/wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/loader-20200819.png

104.21.23.59

200 OK

272 B

URL GET HTTP/3
scorpion-lab.com/wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/loader-20200819.png
IP
104.21.23.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Certificate
IssuerGoogle Trust Services LLC
Subjectscorpion-lab.com
Fingerprint65:02:B0:DC:0B:4C:30:E6:DB:4D:DE:84:0E:D8:E9:CD:D0:C9:B4:10
ValidityWed, 01 May 2024 06:15:28 GMT - Tue, 30 Jul 2024 06:15:27 GMT

File type
PNG image data, 24 x 24, 4-bit colormap, non-interlaced
Size
272 B (272 bytes)
Hash
1a7ca896940219da5393e26600e0ee7b
558e1d3bad16b2faa7527f1f3133e21bf89cd507
f766c7457c6ec463eaa85778aa47261344f1772e0b7cf1987ad212f889f472f5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass

HTTP Headers

GET /wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/loader-20200819.png HTTP/1.1
Host: scorpion-lab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Cookie: PHPSESSID=273o6hln5hjh7lo5p9tkk5cph7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 16:50:55 GMT
content-type: image/png
content-length: 272
cache-control: public, max-age=43200
expires: Fri, 03 May 2024 04:50:55 GMT
etag: "110-6613dfc0-cd81b;;;"
last-modified: Mon, 08 Apr 2024 12:14:56 GMT
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aC1o%2BM2auUztvYLMD8c9WkW8r3CeB5qZV%2B1ONxYkA3mpflUz5ZpffveNyBCG7YA%2FiFEY44dGnNJu%2FDra5iMxSZgCMIKatwsce2VB6H7%2FKcoIc1F1Pp3Mu40MgkuawBrlfTss"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d9835998465690-OSL
alt-svc: h3=":443"; ma=86400

scorpion-lab.com/wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/sso.min-20200819.css

104.21.23.59

200 OK

38 kB

URL GET HTTP/3
scorpion-lab.com/wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/sso.min-20200819.css
IP
104.21.23.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Certificate
IssuerGoogle Trust Services LLC
Subjectscorpion-lab.com
Fingerprint65:02:B0:DC:0B:4C:30:E6:DB:4D:DE:84:0E:D8:E9:CD:D0:C9:B4:10
ValidityWed, 01 May 2024 06:15:28 GMT - Tue, 30 Jul 2024 06:15:27 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
38 kB (38498 bytes)
Hash
de0cde3da62c59a02a94334920ae682e
c51d409b4e80a87b70f9d06c8b04c68701d34c32
da86a8f910323e36049f6fee7c877d53f9f5020f2031efdfabaec371476e1b5a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass

HTTP Headers

GET /wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/sso.min-20200819.css HTTP/1.1
Host: scorpion-lab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Cookie: PHPSESSID=273o6hln5hjh7lo5p9tkk5cph7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 16:50:56 GMT
content-type: text/css
cache-control: public, max-age=43200
expires: Fri, 03 May 2024 04:50:55 GMT
etag: W/"2ce5a-6613dfc0-cd822;br"
last-modified: Mon, 08 Apr 2024 12:14:56 GMT
vary: Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eUeAjUUvtiEOM2Z%2F7SR53ekO%2FjImnkBuu5E848DMA73HugUqwcmNKBYytz8qBWQDDvWc6QFeSyap5X8%2Fo5wtludxZBztDcbhejcZWwe0NRAsPBRPs3obuNofj4ZhrRjjudaP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d9835998355690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

scorpion-lab.com/wp-includes/blocks/sbb/fss/logo-20200819.svg

104.21.23.59

200 OK

204 kB

URL GET HTTP/3
scorpion-lab.com/wp-includes/blocks/sbb/fss/logo-20200819.svg
IP
104.21.23.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Certificate
IssuerGoogle Trust Services LLC
Subjectscorpion-lab.com
Fingerprint65:02:B0:DC:0B:4C:30:E6:DB:4D:DE:84:0E:D8:E9:CD:D0:C9:B4:10
ValidityWed, 01 May 2024 06:15:28 GMT - Tue, 30 Jul 2024 06:15:27 GMT

File type
SVG Scalable Vector Graphics image
Size
204 kB (203523 bytes)
Hash
795242580bfa3135028bd0750fdc1654
2c344b6662e62ddbdba49f635e1c33a827fe75d4
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass

HTTP Headers

GET /wp-includes/blocks/sbb/fss/logo-20200819.svg HTTP/1.1
Host: scorpion-lab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Cookie: PHPSESSID=273o6hln5hjh7lo5p9tkk5cph7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 16:50:55 GMT
content-type: image/svg+xml
cache-control: public, max-age=43200
expires: Fri, 03 May 2024 04:50:55 GMT
etag: W/"1cce-6613dfc0-cd83a;br"
last-modified: Mon, 08 Apr 2024 12:14:56 GMT
vary: Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bWhC3EfhGCAshhiHuesuByG0HerFYO5rYm4zwmNE8F5G%2BpRRiUofm1D7m617joloJMdjWtPphsRmEni2lagAufiRgAZkpxKJLitS1wchN2Fng4FcbqknBEU8pzEX97ZZxNzN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d9835998445690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

scorpion-lab.com/wp-includes/blocks/sbb/fss/icomoon.woff2

104.21.23.59

200 OK

6.7 kB

URL GET HTTP/3
scorpion-lab.com/wp-includes/blocks/sbb/fss/icomoon.woff2
IP
104.21.23.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Certificate
IssuerGoogle Trust Services LLC
Subjectscorpion-lab.com
Fingerprint65:02:B0:DC:0B:4C:30:E6:DB:4D:DE:84:0E:D8:E9:CD:D0:C9:B4:10
ValidityWed, 01 May 2024 06:15:28 GMT - Tue, 30 Jul 2024 06:15:27 GMT

File type
Web Open Font Format (Version 2), TrueType, length 6676, version 1.0
Size
6.7 kB (6676 bytes)
Hash
76d0b40f597b59510e88eeec38c1add3
ef6ce2a484f4c6df2d23d0da6428f7a1ee2701a0
78a4a776506b173ae79fd021d0e9003c7d653ca204ea1d69bea4d553f92f787d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass

HTTP Headers

GET /wp-includes/blocks/sbb/fss/icomoon.woff2 HTTP/1.1
Host: scorpion-lab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Cookie: PHPSESSID=273o6hln5hjh7lo5p9tkk5cph7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 16:50:56 GMT
content-type: font/woff2
content-length: 6676
cache-control: public, max-age=43200
expires: Fri, 03 May 2024 04:50:56 GMT
etag: "1a14-6613dfc0-cd835;;;"
last-modified: Mon, 08 Apr 2024 12:14:56 GMT
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PsIOr8vQ04LIx35vHUVZqSKOVLNw91D%2Fjchj6IAiEjp7Y19mqsUmOy2%2BV9cp5ADzJY7CXm0bF2w1EBcK0heQllevZ%2ByHGqfaI9SYtnGFfGtnQHNwHXTd1QAT3yyZ8ahQJYfp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d9835c9d2b5690-OSL
alt-svc: h3=":443"; ma=86400

scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php

104.21.23.59

200 OK

15 kB

URL User Request GET HTTP/2
scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
IP
104.21.23.59:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectscorpion-lab.com
Fingerprint65:02:B0:DC:0B:4C:30:E6:DB:4D:DE:84:0E:D8:E9:CD:D0:C9:B4:10
ValidityWed, 01 May 2024 06:15:28 GMT - Tue, 30 Jul 2024 06:15:27 GMT

File type

Size
15 kB (14604 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass

HTTP Headers

GET /wp-includes/blocks/sbb/fss/signin.php HTTP/1.1
Host: scorpion-lab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 16:50:55 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=273o6hln5hjh7lo5p9tkk5cph7; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kczcti%2Bhr%2F6KSeWFzENmMyQ1kmO1499EIHOhr5mRlmChnOBe1CarIy55oBW729p%2BAGNBD1%2F1O2VDIOMtDXKE60CQJV8Dp6KpKYKXTQLRP9aWNVIqlTM8EfDruwA%2B79I4QurZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d98356febf712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

scorpion-lab.com/wp-includes/blocks/sbb/fss/logo_text_de-20200819.svg

104.21.23.59

200 OK

140 kB

URL GET HTTP/3
scorpion-lab.com/wp-includes/blocks/sbb/fss/logo_text_de-20200819.svg
IP
104.21.23.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Certificate
IssuerGoogle Trust Services LLC
Subjectscorpion-lab.com
Fingerprint65:02:B0:DC:0B:4C:30:E6:DB:4D:DE:84:0E:D8:E9:CD:D0:C9:B4:10
ValidityWed, 01 May 2024 06:15:28 GMT - Tue, 30 Jul 2024 06:15:27 GMT

File type

Size
140 kB (139971 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass

HTTP Headers

GET /wp-includes/blocks/sbb/fss/logo_text_de-20200819.svg HTTP/1.1
Host: scorpion-lab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Cookie: PHPSESSID=273o6hln5hjh7lo5p9tkk5cph7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 16:50:56 GMT
content-type: image/svg+xml
cache-control: public, max-age=43200
expires: Fri, 03 May 2024 04:50:55 GMT
etag: W/"222c3-6613dfc0-cd83b;br"
last-modified: Mon, 08 Apr 2024 12:14:56 GMT
vary: Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aSrFubx2LFRbjMCnuZVaYIMWJ4BNYKpYzDLL6vmJnEXwxpDznHFzDu1%2F55G%2Bd9HprFqzqs159DfW2JC9TM0qPnIaIV0c5MuMT6my8yfCPyQICKT4TVZSk%2FGSY3S%2Bt0dO%2BkiD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d9835998375690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

resources.swisspass.ch/content/dam/swisspass/co-branding/swiss_ch/login_bg.jpg

193.203.121.145

200 OK

201 kB

URL GET HTTP/1.1
resources.swisspass.ch/content/dam/swisspass/co-branding/swiss_ch/login_bg.jpg
IP
193.203.121.145:443
ASN
#31004 Schweizerische Bundesbahnen SBB

Requested by
https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Certificate
IssuerSwissSign AG
Subjectswisspass.ch
Fingerprint0F:CC:F3:F9:E7:22:13:51:BD:03:15:EE:A8:31:BE:24:0B:CA:37:16
ValidityThu, 14 Mar 2024 05:50:58 GMT - Fri, 14 Mar 2025 05:50:58 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1563x1198, components 3
Size
201 kB (200933 bytes)
Hash
0f80ca4a78ce3af79ad01923484e0a5b
fac97c21d7965e9ac6950844123fd5f65b8f0a77
58a037c0bde953b48561826f3df16031f7ddfce33c4018619d3f39c6af6eec1b

HTTP Headers

GET /content/dam/swisspass/co-branding/swiss_ch/login_bg.jpg HTTP/1.1
Host: resources.swisspass.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scorpion-lab.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 16:50:56 GMT
Server: Apache
Content-Length: 200933
ETag: "310e5-61776f3f4443b"
Expires: Thu, 02 May 2024 22:49:21 GMT
Cache-Control: max-age=21600
Last-Modified: Thu, 02 May 2024 11:32:06 GMT
X-Plattform: cprod
x-url: /content/dam/swisspass/co-branding/swiss_ch/login_bg.jpg
X-Varnish: 15624718 20679190
X-Cache: HIT
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Keep-Alive: timeout=10, max=500
Connection: Keep-Alive
Content-Type: image/jpeg

cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Light.woff2

3.66.100.247

200 OK

14 kB

URL GET HTTP/2
cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Light.woff2
IP
3.66.100.247:443
ASN
#16509 AMAZON-02

Requested by
https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Certificate
IssuerAmazon
Subject*.app.sbb.ch
Fingerprint91:97:68:15:9B:1D:9F:0F:5B:C1:DB:F4:EE:DC:A6:EC:4A:2A:09:71
ValidityWed, 16 Aug 2023 00:00:00 GMT - Fri, 13 Sep 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14212, version 1.0
Size
14 kB (14212 bytes)
Hash
8b70a44a98a0ac5d721df7d8f5136f7b
10e10c01e732f3d35a78e1051bfcc9fe2589ddda
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf

HTTP Headers

GET /fonts/v1_6_subset/SBBWeb-Light.woff2 HTTP/1.1
Host: cdn.app.sbb.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://scorpion-lab.com
DNT: 1
Connection: keep-alive
Referer: https://scorpion-lab.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 16:50:56 GMT
content-type: application/font-woff2
content-length: 14212
server: nginx/1.25.5
last-modified: Wed, 31 Jan 2024 10:14:44 GMT
vary: Accept-Encoding
etag: "65ba1d94-3784"
expires: Fri, 02 May 2025 16:50:56 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With
cache-control: max-age=31536000, public, private
accept-ranges: bytes
set-cookie: 9527f1a32486d650b0687919ffd41c2b=ad5ade5c13b79ef8a17f3708d86a212e; path=/; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2

scorpion-lab.com/wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/favicon.ico?v=20140709-1126

104.21.23.59

200 OK

1.2 kB

URL GET HTTP/3
scorpion-lab.com/wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/favicon.ico?v=20140709-1126
IP
104.21.23.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Certificate
IssuerGoogle Trust Services LLC
Subjectscorpion-lab.com
Fingerprint65:02:B0:DC:0B:4C:30:E6:DB:4D:DE:84:0E:D8:E9:CD:D0:C9:B4:10
ValidityWed, 01 May 2024 06:15:28 GMT - Tue, 30 Jul 2024 06:15:27 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
6d866d9c4568bf7fc03e597e74ce7e28
e1b3d9f0e9cdcb785a94b6c1e1fe651a4ff98dcb
7c1925da382279a72f94990d0a1456f78918619f35780ea0905e4ae0db684677

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass

HTTP Headers

GET /wp-includes/blocks/sbb/fss/Login%20_%20SwissPass_files/favicon.ico?v=20140709-1126 HTTP/1.1
Host: scorpion-lab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scorpion-lab.com/wp-includes/blocks/sbb/fss/signin.php
Cookie: PHPSESSID=273o6hln5hjh7lo5p9tkk5cph7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 16:50:56 GMT
content-type: image/x-icon
cache-control: public, max-age=43200
expires: Fri, 03 May 2024 04:50:56 GMT
etag: W/"47e-6613dfc0-cd817;br"
last-modified: Mon, 08 Apr 2024 12:14:56 GMT
vary: Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IY4KOv%2F1881f7rb6U4DYvFx1Dx7SgEfWbUoCySGyx5xQvsgmOLW78c8QlZW04wMU%2Byv2ih%2BWWHuACbL%2F%2Fci%2B1MauC7pAsbxrxQ032BqxweYbEs2HIe17qUCHKllUAf6ZfKD2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d9835e5f8d5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (9)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections