Report - sbbkonto-swisspass.netsons.org/

Report Overview

Visited public
2025-06-27 13:25:00
Tags
suspicious telegram_bot
Submit Tags
URL
sbbkonto-swisspass.netsons.org/
Finishing URL
sbbkonto-swisspass.netsons.org/
IP / ASN
89.40.172.131
#60087 Netsons s.r.l.
Title
swisspass.ch
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
sbbkonto-swisspass.netsons.org	unknown	2004-03-20	2025-06-27	2025-06-27	1.8 kB	24 kB	89.40.172.131
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-06-25	1.0 kB	261 kB	104.17.24.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-06-27	medium	sbbkonto-swisspass.netsons.org/	Detects file containing Telegram Bot API
2025-06-27	medium	javascript.script.md5:d007ea84390c6c488c54d97a8dc20175	Detects file containing Telegram Bot API

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Telegram Bot detected

URL
sbbkonto-swisspass.netsons.org/
IP / ASN
89.40.172.131
#60087 Netsons s.r.l.

Token
7658274496:AAGOgKlZxl4gaDy5XKz0ZTdALKX87fTmicM

Bot Overview
User ID 7658274496
Username njsnjsnjdnlbrobot
First Name nl
Last Name
Chat Information
Chat ID -1002448486037
Chat Type supergroup
Title 🇨🇭PASS
User Count 3
Admins 1
Pending Messages 0

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	sbbkonto-swisspass.netsons.org/	ScriptElement	1.5 kB	2025-06-14	2025-07-07
Pretty URL sbbkonto-swisspass.netsons.org/ IP 89.40.172.131 ASN #60087 Netsons s.r.l. Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-14 12:32 Last Seen2025-07-07 13:43 Times Seen18 Hash d007ea84390c6c488c54d97a8dc20175 b6821f95a991b70911f27c2d7599f8547be85a17 2d94b2b73de11dd430eedc2c69048a256b9e6540b0afdafa34f89a839db7f5bd Loading...

HTTP Transactions (6)

URL IP Response Size

GET sbbkonto-swisspass.netsons.org/favicon.ico

89.40.172.131

404 Not Found

796 B

URL GET
sbbkonto-swisspass.netsons.org/favicon.ico
IP
89.40.172.131:443
ASN
#60087 Netsons s.r.l.

Requested by
https://sbbkonto-swisspass.netsons.org/
Certificate
IssuerLet's Encrypt
Subject*.sbbkonto-swisspass.netsons.org
Fingerprint79:E9:C0:6C:44:85:0D:69:2B:93:A4:51:20:87:DD:05:51:56:51:2A
ValidityFri, 27 Jun 2025 00:19:18 GMT - Thu, 25 Sep 2025 00:19:17 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
796 B (796 bytes)
Hash
265e51037981a14ed99a5fc8c5ec1b51
d12ac588953298fdaf46dd5b4af8eb4cf6b06f0a
c4b07931b3fc37bc80d56a367783e7fa7c04ced4befec7f57ed079c38c960400

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: sbbkonto-swisspass.netsons.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sbbkonto-swisspass.netsons.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 796
date: Fri, 27 Jun 2025 13:24:39 GMT
vary: User-Agent

GET sbbkonto-swisspass.netsons.org/

89.40.172.131

200 OK

6.8 kB

URL User Request GET
sbbkonto-swisspass.netsons.org/
IP
89.40.172.131:443
ASN
#60087 Netsons s.r.l.

Certificate
IssuerLet's Encrypt
Subject*.sbbkonto-swisspass.netsons.org
Fingerprint79:E9:C0:6C:44:85:0D:69:2B:93:A4:51:20:87:DD:05:51:56:51:2A
ValidityFri, 27 Jun 2025 00:19:18 GMT - Thu, 25 Sep 2025 00:19:17 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
6.8 kB (6807 bytes)
Hash
1c64af2414a45845114d4937c59b1967
97e609541cc9621fe9fe2dd56ce2417950b3a149
ae11ecea25341bc307c2e03830ba0d10d2f4508302ada0f5355840f10a72b3be

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
YARAhub by abuse.ch	malware	Detects file containing Telegram Bot API

HTTP Headers

GET / HTTP/1.1
Host: sbbkonto-swisspass.netsons.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-length: 1877
content-encoding: br
vary: Accept-Encoding,User-Agent
date: Fri, 27 Jun 2025 13:24:39 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET sbbkonto-swisspass.netsons.org/2.PNG

89.40.172.131

200 OK

9.0 kB

URL GET
sbbkonto-swisspass.netsons.org/2.PNG
IP
89.40.172.131:443
ASN
#60087 Netsons s.r.l.

Requested by
https://sbbkonto-swisspass.netsons.org/
Certificate
IssuerLet's Encrypt
Subject*.sbbkonto-swisspass.netsons.org
Fingerprint79:E9:C0:6C:44:85:0D:69:2B:93:A4:51:20:87:DD:05:51:56:51:2A
ValidityFri, 27 Jun 2025 00:19:18 GMT - Thu, 25 Sep 2025 00:19:17 GMT

File type
PNG image data, 1345 x 58, 8-bit/color RGBA, non-interlaced
Size
9.0 kB (8972 bytes)
Hash
f5c361616c212f5e342b5fc626e10e28
475f185db9cd48b7b6f95549783dad329cd7b010
9a4808b6b2103dc159f6c6744ffc7e8be25b64548cade74a7589472820fe93cb

HTTP Headers

GET /2.PNG HTTP/1.1
Host: sbbkonto-swisspass.netsons.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sbbkonto-swisspass.netsons.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Fri, 04 Jul 2025 13:24:39 GMT
content-type: image/png
last-modified: Thu, 12 Jun 2025 00:34:14 GMT
accept-ranges: bytes
content-length: 8972
date: Fri, 27 Jun 2025 13:24:39 GMT
vary: User-Agent

GET cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css

104.17.24.14

200 OK

102 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sbbkonto-swisspass.netsons.org/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT

File type
ASCII text, with very long lines (52276)
Size
102 kB (102526 bytes)
Hash
c43cd173eeeba2f72aa6b431d06b8c07
427a692f7f39eabb3d5b8510aee2743025daf813
c880eb3d25c765d399840aa204fec22b3230310991089f14781f09a35ed80b8a

HTTP Headers

GET /ajax/libs/font-awesome/6.5.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sbbkonto-swisspass.netsons.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Jun 2025 13:24:39 GMT
content-type: text/css; charset=utf-8
content-length: 18859
cf-ray: 956544123ced56c5-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "656632a7-49ab"
last-modified: Tue, 28 Nov 2023 18:34:15 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 55239
expires: Wed, 17 Jun 2026 13:24:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FCia3bLk1zbBnodFyPw63eMFgF%2BbPUb%2B3uvAZQgLhQWN0h7ZbzvAHKYAiKls4lZellZHg1pdYI1f8h9pGz6CsT2GqGVyPf2INZ3tIxFqp%2FuO1YpPsWwGFZTjWetGnYNi5MiMmEHg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET sbbkonto-swisspass.netsons.org/1.PNG

89.40.172.131

200 OK

5.6 kB

URL GET
sbbkonto-swisspass.netsons.org/1.PNG
IP
89.40.172.131:443
ASN
#60087 Netsons s.r.l.

Requested by
https://sbbkonto-swisspass.netsons.org/
Certificate
IssuerLet's Encrypt
Subject*.sbbkonto-swisspass.netsons.org
Fingerprint79:E9:C0:6C:44:85:0D:69:2B:93:A4:51:20:87:DD:05:51:56:51:2A
ValidityFri, 27 Jun 2025 00:19:18 GMT - Thu, 25 Sep 2025 00:19:17 GMT

File type
PNG image data, 1344 x 66, 8-bit/color RGBA, non-interlaced
Size
5.6 kB (5593 bytes)
Hash
cca9dfcdda44803dafa8b885d5e19728
ef44ece4cd236c0da287a197b707ce3481a59806
4e18cf713753d26455d837e0b3252495cfe95f764c31f5bd17e9ed0628079e35

HTTP Headers

GET /1.PNG HTTP/1.1
Host: sbbkonto-swisspass.netsons.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sbbkonto-swisspass.netsons.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Fri, 04 Jul 2025 13:24:39 GMT
content-type: image/png
last-modified: Thu, 12 Jun 2025 00:34:14 GMT
accept-ranges: bytes
content-length: 5593
date: Fri, 27 Jun 2025 13:24:39 GMT
vary: User-Agent
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

GET cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/webfonts/fa-solid-900.woff2

104.17.24.14

200 OK

156 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/webfonts/fa-solid-900.woff2
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sbbkonto-swisspass.netsons.org/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 156532, version 773.256
Size
156 kB (156532 bytes)
Hash
d465bccb9edf0873f021f66d4b09d89c
214f3c71de28c682602aecd39e9ad2bba15f1b0c
f4c5a5b297e623bc159679563a4d1eb16e409ca3b57698fbc00fd2c907dadae0

HTTP Headers

GET /ajax/libs/font-awesome/6.5.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sbbkonto-swisspass.netsons.org
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 27 Jun 2025 13:24:39 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 156532
cf-ray: 9565441338535694-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "656632a7-26374"
last-modified: Tue, 28 Nov 2023 18:34:15 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 640550
expires: Wed, 17 Jun 2026 13:24:39 GMT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZDSKiunYBzvqZwjh7Lvlk78q4Okq9smyVzoGE2MwEZzNPT9lawUWHGzys5j9Ixs%2FLAco52TVcQkqj7RZIkM2DwOeOimIEWFVMdwFBB5Yex4LsAnWt5Sq5p6MCexfLAgxxt3MdxsT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Telegram Bot detected

Token

Bot Overview

Chat Information

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (6)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers