urlscan.io logo urlscan.io
SecurityTrails logo

r2v-art.ru Open in urlscan Pro
2a03:6f00:6:1::b972:f5c1  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://r2v-art.ru//install122222/language/en-gb/common/cache/
Submission: On June 11 via automatic, source phishtank
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 22 HTTP transactions. The main IP is 2a03:6f00:6:1::b972:f5c1, located in Russian Federation and belongs to TIMEWEB-AS, RU. The main domain is r2v-art.ru.
TLS certificate: Issued by R3 on April 13th 2021. Valid for: 3 months.
This is the only time r2v-art.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PostFinance (Banking)

Domain & IP information

IP Address AS Autonomous System
4 2a03:6f00:6:1... 9123 (TIMEWEB-AS)
12 2a00:17c9:0:8... 12511 (CH-POSTNE...)
2 2a00:1450:400... 15169 (GOOGLE)
22 4
Domain Requested by
12 www.postfinance.ch r2v-art.ru
www.postfinance.ch
4 r2v-art.ru www.postfinance.ch
r2v-art.ru
2 www.google-analytics.com www.postfinance.ch
www.google-analytics.com
22 3

This site contains links to these domains. Also see Links.

Domain
www.postfinance.ch
Subject Issuer Validity Valid
r2v-art.ru
R3		 2021-04-13 -
2021-07-12		 3 months crt.sh
www.postfinance.ch
SwissSign EV Gold CA 2014 - G22		 2021-04-13 -
2022-04-13		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-05-17 -
2021-08-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://r2v-art.ru//install122222/language/en-gb/common/cache/
Frame ID: D0E4EE1E4E3D95C6B3B6E57EB3D90B34
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<!-- (?:End )?Google Tag Manager -->/i

Page Statistics

22
Requests

82 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

576 kB
Transfer

2465 kB
Size

19
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
r2v-art.ru//install122222/language/en-gb/common/cache/ 		31 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://r2v-art.ru//install122222/language/en-gb/common/cache/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:6f00:6:1::b972:f5c1 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
00c9403fa1a377f94fb5e2faca5a9a4c28ea4e32adb681e3171c22b5e34f6801

Request headers

:method
GET
:authority
r2v-art.ru
:scheme
https
:path
//install122222/language/en-gb/common/cache/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server
nginx/1.16.1
date
Fri, 11 Jun 2021 15:33:42 GMT
content-type
text/html; charset=UTF-8
content-length
7964
set-cookie
PHPSESSID=7712ab41291783fa2b9c6dcaca38501b; path=/
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, public
pragma
no-cache
vary
Accept-Encoding
content-encoding
gzip
all.hv.min.css
www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/css/ 		576 KB
74 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/css/all.hv.min.css
Requested by
Host: r2v-art.ru
URL: https://r2v-art.ru//install122222/language/en-gb/common/cache/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a00:17c9:0:8103::205 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
08d0faa75634d5454cda1dacdbf41a7267671a925d62d47a1963ad4d1452612b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 11 Jun 2021 15:33:44 GMT
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
Expect-CT
enforce,max-age=2592000,report-uri="https://e-finance.postfinance.ch/report"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
P3P
CP="OTI DSP CURa OUR LEG COM NAV INT"
X-XSS-Protection
1; mode=block
Cache-Control
public, max-age=25920000, s-maxage=25920000
Transfer-Encoding
chunked
Connection
Keep-Alive
Content-Type
text/css; charset=UTF-8
Keep-Alive
timeout=5, max=50
X-Content-Type-Options
nosniff
all.ef.min.js
www.postfinance.ch/cc/fp/20210521111153/static/login/js/ 		192 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.postfinance.ch/cc/fp/20210521111153/static/login/js/all.ef.min.js
Requested by
Host: r2v-art.ru
URL: https://r2v-art.ru//install122222/language/en-gb/common/cache/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a00:17c9:0:8103::205 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
5a04fa0edb2d4f1b919fc902b6a9716bce0b0e571a36d368c719a6adbf9db53d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 11 Jun 2021 15:33:44 GMT
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
Expect-CT
enforce,max-age=2592000,report-uri="https://e-finance.postfinance.ch/report"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
P3P
CP="OTI DSP CURa OUR LEG COM NAV INT"
X-XSS-Protection
1; mode=block
Cache-Control
public, max-age=25920000, s-maxage=25920000
Transfer-Encoding
chunked
Connection
Keep-Alive
Content-Type
application/javascript; charset=UTF-8
Keep-Alive
timeout=5, max=50
X-Content-Type-Options
nosniff
all.hv.min.js
www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/js/ 		207 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/js/all.hv.min.js
Requested by
Host: r2v-art.ru
URL: https://r2v-art.ru//install122222/language/en-gb/common/cache/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a00:17c9:0:8103::205 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
dc61d91e81a2888650c54b7b4e2027e5a2dfe3847536eeb5b0c2e8a17435bcbd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 11 Jun 2021 15:33:44 GMT
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
Expect-CT
enforce,max-age=2592000,report-uri="https://e-finance.postfinance.ch/report"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
P3P
CP="OTI DSP CURa OUR LEG COM NAV INT"
X-XSS-Protection
1; mode=block
Cache-Control
public, max-age=25920000, s-maxage=25920000
Transfer-Encoding
chunked
Connection
Keep-Alive
Content-Type
application/javascript; charset=UTF-8
Keep-Alive
timeout=5, max=50
X-Content-Type-Options
nosniff
pf.unblu.js
www.postfinance.ch/binp/pfch/ 		510 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.postfinance.ch/binp/pfch/pf.unblu.js
Requested by
Host: r2v-art.ru
URL: https://r2v-art.ru//install122222/language/en-gb/common/cache/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a00:17c9:0:8103::205 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
babba2b1969e83f3b1cd7a0ef6d0351abe74766b18a77e4877a232b49737425e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 11 Jun 2021 15:33:44 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
P3P
CP="OTI DSP CURa OUR LEG COM NAV INT"
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
X-Frame-Options
SAMEORIGIN
Expect-CT
enforce,max-age=2592000,report-uri="https://e-finance.postfinance.ch/report"
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Methods
GET
Upgrade
h2
Access-Control-Allow-Origin
https://www.postfinance.ch
Content-Type
text/javascript;charset=UTF-8
Keep-Alive
timeout=5, max=50
unblu.integration.component.min.js
www.postfinance.ch/sc/ 		50 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.postfinance.ch/sc/unblu.integration.component.min.js
Requested by
Host: r2v-art.ru
URL: https://r2v-art.ru//install122222/language/en-gb/common/cache/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a00:17c9:0:8103::205 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
ed33fee543efb9983f0d3f07daad78d54ea744ab8f802bca20ed70274a1ccf48
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 11 Jun 2021 15:33:44 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
P3P
CP="OTI DSP CURa OUR LEG COM NAV INT"
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 May 2021 17:59:39 GMT
Server
Apache
Expect-CT
enforce,max-age=2592000,report-uri="https://e-finance.postfinance.ch/report"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/javascript
Cache-Control
public, max-age=86400, s-maxage=86400
Keep-Alive
timeout=5, max=50
logo.png
www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/img/icons2x/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/img/icons2x/logo.png
Requested by
Host: r2v-art.ru
URL: https://r2v-art.ru//install122222/language/en-gb/common/cache/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a00:17c9:0:8103::205 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
6e2341a524af81d8b9362e829287bede024d49eb00f2983f39ef3e8675614ac6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 11 Jun 2021 15:33:44 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
Expect-CT
enforce,max-age=2592000,report-uri="https://e-finance.postfinance.ch/report"
X-Frame-Options
SAMEORIGIN
P3P
CP="OTI DSP CURa OUR LEG COM NAV INT"
X-XSS-Protection
1; mode=block
Cache-Control
public, max-age=25920000, s-maxage=25920000
Transfer-Encoding
chunked
Connection
Keep-Alive
Content-Type
image/png
Keep-Alive
timeout=5, max=49
X-Content-Type-Options
nosniff
statistics
www.postfinance.ch/ap/ga/ef/appl/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.postfinance.ch/ap/ga/ef/appl/statistics?p_page=993
Requested by
Host: r2v-art.ru
URL: https://r2v-art.ru//install122222/language/en-gb/common/cache/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a00:17c9:0:8103::205 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
0ed422d6d048aca37eb3c0ab7d4b824bc16d24b38024d0b48ba8cc26de2595fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 11 Jun 2021 15:33:44 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
P3P
CP="OTI DSP CURa OUR LEG COM NAV INT"
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
Expect-CT
enforce,max-age=2592000,report-uri="https://e-finance.postfinance.ch/report"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/javascript ;charset=ISO-8859-1
Access-Control-Allow-Origin
https://www.postfinance.ch
Access-Control-Allow-Credentials
true
Keep-Alive
timeout=5, max=48
stats
www.postfinance.ch/ap/ga/ef/appl/ 		101 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.postfinance.ch/ap/ga/ef/appl/stats?p_page=993
Requested by
Host: r2v-art.ru
URL: https://r2v-art.ru//install122222/language/en-gb/common/cache/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a00:17c9:0:8103::205 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
12f64ad6ca5e7436e96ffce9665a3fc82692b3ad10dbb94c3475ebe021b0c1b4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 11 Jun 2021 15:33:44 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
P3P
CP="OTI DSP CURa OUR LEG COM NAV INT"
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
Expect-CT
enforce,max-age=2592000,report-uri="https://e-finance.postfinance.ch/report"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/javascript; charset=ISO-8859-1
Access-Control-Allow-Origin
https://www.postfinance.ch
Access-Control-Allow-Credentials
true
Keep-Alive
timeout=5, max=47
all.hv.mobile.min.css
www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/css/ 		600 KB
77 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/css/all.hv.mobile.min.css
Requested by
Host: r2v-art.ru
URL: https://r2v-art.ru//install122222/language/en-gb/common/cache/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a00:17c9:0:8103::205 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
1ff57fa651c34fd4133d097176bc33b27c17e7f292ac3baf8de4d63bb027cab9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 11 Jun 2021 15:33:44 GMT
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
Expect-CT
enforce,max-age=2592000,report-uri="https://e-finance.postfinance.ch/report"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
P3P
CP="OTI DSP CURa OUR LEG COM NAV INT"
X-XSS-Protection
1; mode=block
Cache-Control
public, max-age=25920000, s-maxage=25920000
Transfer-Encoding
chunked
Connection
Keep-Alive
Content-Type
text/css; charset=UTF-8
Keep-Alive
timeout=5, max=45
X-Content-Type-Options
nosniff
gtm.js
www.postfinance.ch/sc/ 		121 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.postfinance.ch/sc/gtm.js
Requested by
Host: r2v-art.ru
URL: https://r2v-art.ru//install122222/language/en-gb/common/cache/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a00:17c9:0:8103::205 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
e7973777c6df60981245cbd0d56a827753a762436959a2b007290d3effab1bbf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 11 Jun 2021 15:33:44 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
P3P
CP="OTI DSP CURa OUR LEG COM NAV INT"
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 May 2021 17:59:39 GMT
Server
Apache
Expect-CT
enforce,max-age=2592000,report-uri="https://e-finance.postfinance.ch/report"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/javascript
Cache-Control
public, max-age=86400, s-maxage=86400
Keep-Alive
timeout=5, max=46
truncated
/ 		392 B
392 B 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d57b7c65343639b61a2d188404fd4299d7a1e76d6449c12c8b6cda54d6b5467a

Request headers

Origin
https://r2v-art.ru
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
application/font-woff2
unblu.interceptor.min.js
r2v-art.ru/sc/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://r2v-art.ru/sc/unblu.interceptor.min.js
Requested by
Host: www.postfinance.ch
URL: https://www.postfinance.ch/sc/unblu.integration.component.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:6f00:6:1::b972:f5c1 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash

Request headers

:path
/sc/unblu.interceptor.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r2v-art.ru
cookie
PHPSESSID=7712ab41291783fa2b9c6dcaca38501b
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 15:33:45 GMT
server
nginx/1.16.1
content-length
196
content-type
text/html; charset=iso-8859-1
frutiger-light.woff
www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/fonts/ 		0
0
icons--sprite.png
www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/img/ 		119 KB
120 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/img/icons--sprite.png
Requested by
Host: www.postfinance.ch
URL: https://www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/css/all.hv.min.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a00:17c9:0:8103::205 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
f7ab85d108404ce04f57561886170bb64f90ca6ffc0de468508483c52d99171c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/css/all.hv.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 11 Jun 2021 15:33:45 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
Expect-CT
enforce,max-age=2592000,report-uri="https://e-finance.postfinance.ch/report"
X-Frame-Options
SAMEORIGIN
P3P
CP="OTI DSP CURa OUR LEG COM NAV INT"
X-XSS-Protection
1; mode=block
Cache-Control
public, max-age=25920000, s-maxage=25920000
Transfer-Encoding
chunked
Connection
Keep-Alive
Content-Type
image/png
Keep-Alive
timeout=5, max=49
X-Content-Type-Options
nosniff
frutiger-bold.woff
www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/fonts/ 		0
0
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.postfinance.ch
URL: https://www.postfinance.ch/sc/gtm.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 09 Apr 2021 23:59:54 GMT
server
Golfe2
age
6893
date
Fri, 11 Jun 2021 13:38:52 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19569
expires
Fri, 11 Jun 2021 15:38:52 GMT
input-border-left.png
www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/img/images/ 		942 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/img/images/input-border-left.png
Requested by
Host: www.postfinance.ch
URL: https://www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/css/all.hv.min.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a00:17c9:0:8103::205 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
02eb02cdb556defb1b4e160fff6868045f5d2f83fb7da6f8bb6b9b8dda23bb58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/css/all.hv.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 11 Jun 2021 15:33:45 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
Expect-CT
enforce,max-age=2592000,report-uri="https://e-finance.postfinance.ch/report"
X-Frame-Options
SAMEORIGIN
P3P
CP="OTI DSP CURa OUR LEG COM NAV INT"
X-XSS-Protection
1; mode=block
Cache-Control
public, max-age=25920000, s-maxage=25920000
Transfer-Encoding
chunked
Connection
Keep-Alive
Content-Type
image/png
Keep-Alive
timeout=5, max=44
X-Content-Type-Options
nosniff
statistics.gif
r2v-art.ru/ef/public/cc/pics/ 		196 B
278 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r2v-art.ru/ef/public/cc/pics/statistics.gif?s=https://www.google-analytics.com/analytics.js,https://www.postfinance.ch/sc/gtm.js,https://www.postfinance.ch/cc/fp/20210521111153/static/login/js/all.ef.min.js,https://www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/js/all.hv.min.js,https://www.postfinance.ch/binp/pfch/pf.unblu.js,https://www.postfinance.ch/sc/unblu.integration.component.min.js,/sc/unblu.interceptor.min.js,https://www.postfinance.ch/ap/ga/ef/appl/statistics?p_page=993,https://www.postfinance.ch/ap/ga/ef/appl/stats?p_page=993
Requested by
Host: www.postfinance.ch
URL: https://www.postfinance.ch/cc/fp/20210521111153/static/login/js/all.ef.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:6f00:6:1::b972:f5c1 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Request headers

:path
/ef/public/cc/pics/statistics.gif?s=https://www.google-analytics.com/analytics.js,https://www.postfinance.ch/sc/gtm.js,https://www.postfinance.ch/cc/fp/20210521111153/static/login/js/all.ef.min.js,https://www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/js/all.hv.min.js,https://www.postfinance.ch/binp/pfch/pf.unblu.js,https://www.postfinance.ch/sc/unblu.integration.component.min.js,/sc/unblu.interceptor.min.js,https://www.postfinance.ch/ap/ga/ef/appl/statistics?p_page=993,https://www.postfinance.ch/ap/ga/ef/appl/stats?p_page=993
pragma
no-cache
cookie
PHPSESSID=7712ab41291783fa2b9c6dcaca38501b; EF001Sprache=en-US; EF001Betriebssystem=Linux%20x86_64; EF001Webbrowser=Mozilla/5.0%20(Windows%20NT%2010.0_%20Win64_%20x64)%20AppleWebKit/537.36%20(KHTML_%20like%20Gecko)%20Chrome/89.0.4389.72%20Safari/537.36; EF001Zeitzone=-120; EF001Bildschirm=1600*1200; EF001Hash=-1806396736; EF001Plugins=13801249950; EF001Farbtiefe=24; EF001BFG=1600x1200; EF001WGLR=undefined; EF001WGLV=undefined; loginlocation=https%3A%2F%2Fr2v-art.ru%2F%2Finstall122222%2Flanguage%2Fen-gb%2Fcommon%2Fcache%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
r2v-art.ru
x-requested-with
XMLHttpRequest
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
*/*
Referer
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 15:33:45 GMT
server
nginx/1.16.1
content-length
196
content-type
text/html; charset=iso-8859-1
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j90&aip=1&a=1582645321&t=pageview&_s=1&dl=https%3A%2F%2Fr2v-art.ru%2F%2Finstall122222%2Flanguage%2Fen-gb%2Fcommon%2Fcache%2F&ul=en-us&de=UTF-8&dt=PostFinance%20-%20E-Finance&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1634973689&gjid=136783214&cid=1036591142.1623425625&tid=UA-133468006-2&_gid=1193435003.1623425625&_r=1&gtm=2wg1k0M5CR4H8&cd8=de&cd9=de&cd10=Fipo&cd11=Live&cd12=2021-06-11T17%3A33%3A45.441%2B02%3A00&cd13=%7B%22id%22%3A%22GTM-M5CR4H8%22%2C%22v%22%3A%2218%22%2C%22e%22%3A%22Local%22%2C%22d%22%3Afalse%2C%22ev%22%3A%22gtm.js%22%2C%22dLen%22%3A1%7D&cd14=7d48c567-0f0d-48f0-a1b3-1f9bbb5b26b4&cd18=&cd20=GTM-M5CR4H8&cd30=Andere&cd15=1036591142.1623425625&cd17=pageview&z=318047249&cd19=727
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 15:33:45 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://r2v-art.ru
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
frutiger-bold.ttf
www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/fonts/ 		0
0
frutiger-light.ttf
www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/fonts/ 		0
0
data-woff2.css
r2v-art.ru/cc/fp/20210521111153/static/fipo/ux/fonts/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r2v-art.ru/cc/fp/20210521111153/static/fipo/ux/fonts/data-woff2.css
Requested by
Host: r2v-art.ru
URL: https://r2v-art.ru//install122222/language/en-gb/common/cache/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:6f00:6:1::b972:f5c1 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash

Request headers

:path
/cc/fp/20210521111153/static/fipo/ux/fonts/data-woff2.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
r2v-art.ru
cookie
PHPSESSID=7712ab41291783fa2b9c6dcaca38501b; EF001Sprache=en-US; EF001Betriebssystem=Linux%20x86_64; EF001Webbrowser=Mozilla/5.0%20(Windows%20NT%2010.0_%20Win64_%20x64)%20AppleWebKit/537.36%20(KHTML_%20like%20Gecko)%20Chrome/89.0.4389.72%20Safari/537.36; EF001Zeitzone=-120; EF001Bildschirm=1600*1200; EF001Hash=-1806396736; EF001Plugins=13801249950; EF001Farbtiefe=24; EF001BFG=1600x1200; EF001WGLR=undefined; EF001WGLV=undefined; loginlocation=https%3A%2F%2Fr2v-art.ru%2F%2Finstall122222%2Flanguage%2Fen-gb%2Fcommon%2Fcache%2F; _ga=GA1.2.1036591142.1623425625; _gid=GA1.2.1193435003.1623425625; _gat_UA-133468006-2=1
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 15:33:45 GMT
server
nginx/1.16.1
content-length
196
content-type
text/html; charset=iso-8859-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.postfinance.ch
URL
https://www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/fonts/frutiger-light.woff
Domain
www.postfinance.ch
URL
https://www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/fonts/frutiger-bold.woff
Domain
www.postfinance.ch
URL
https://www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/fonts/frutiger-bold.ttf
Domain
www.postfinance.ch
URL
https://www.postfinance.ch/cc/fp/20210521111153/static/fipo/ux/fonts/frutiger-light.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PostFinance (Banking)

78 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| dataLayer function| submitenter function| noenter function| findLabelFor function| enableFormElement function| disableFormElement function| getPageLanugage function| drucken function| deactivate_button function| base64_encode function| makeHTMLEntities function| exportPDF function| isCapslock function| toggleLoginMethod function| amsBridge function| setupLogin function| cleanupFipoTextResources function| doesFontExist function| fontDetection function| ef001 function| openContentOverlay function| requirejs function| require function| requireAsync function| define function| P object| Modernizr function| $ function| jQuery boolean| isApp boolean| isTouch boolean| isMobileApp object| pf object| google_tag_manager object| webpackJsonp function| setImmediate function| clearImmediate object| regeneratorRuntime object| nnUnblu object| unblu object| unbluIntegrationComponent boolean| isMobile boolean| isOkepa boolean| isQr function| setUpInfoMsgs number| t object| d boolean| hasError object| google_tag_data string| GoogleAnalyticsObject function| ga function| checkusername function| forgotPassword function| loginAbort function| checksaved string| str number| index undefined| webGlRenderer undefined| webGlVendor object| canvas object| gl string| browserWindowSize number| farbtiefe object| gaplugins object| gaGlobal object| gaData function| _ga_originalSendHitTask

19 Cookies

Domain/Path Name / Value
.r2v-art.ru/ Name: _gat_UA-133468006-2
Value: 1
.r2v-art.ru/ Name: _gid
Value: GA1.2.1193435003.1623425625
r2v-art.ru/ Name: loginlocation
Value: https%3A%2F%2Fr2v-art.ru%2F%2Finstall122222%2Flanguage%2Fen-gb%2Fcommon%2Fcache%2F
r2v-art.ru/ Name: EF001WGLV
Value: undefined
.r2v-art.ru/ Name: _ga
Value: GA1.2.1036591142.1623425625
r2v-art.ru/ Name: EF001WGLR
Value: undefined
r2v-art.ru/ Name: EF001BFG
Value: 1600x1200
r2v-art.ru/ Name: EF001Webbrowser
Value: Mozilla/5.0%20(Windows%20NT%2010.0_%20Win64_%20x64)%20AppleWebKit/537.36%20(KHTML_%20like%20Gecko)%20Chrome/89.0.4389.72%20Safari/537.36
r2v-art.ru/ Name: EF001Plugins
Value: 13801249950
r2v-art.ru/ Name: EF001Hash
Value: -1806396736
r2v-art.ru/ Name: EF001Zeitzone
Value: -120
r2v-art.ru/ Name: EF001Bildschirm
Value: 1600*1200
r2v-art.ru/ Name: EF001Betriebssystem
Value: Linux%20x86_64
r2v-art.ru//install122222/language/en-gb/common/cache Name: EF003
Value: 30489
r2v-art.ru/ Name: EF001Sprache
Value: en-US
r2v-art.ru//install122222/language/en-gb/common/cache Name:
Value: font_css_cache
r2v-art.ru/ Name: EF001Farbtiefe
Value: 24
r2v-art.ru/ Name: PHPSESSID
Value: 7712ab41291783fa2b9c6dcaca38501b
r2v-art.ru//install122222/language/en-gb/common/cache Name: EFLoginInfo
Value: BS=1600x1200,CD=24,GV=undefined,GR=undefined

1 Console Messages

Source Level URL
Text
console-api error URL: https://www.postfinance.ch/sc/unblu.integration.component.min.js(Line 1)
Message:
Error during init of Unblu Integration Component undefined