ch-postfinance-reparer.com Open in urlscan Pro
91.215.85.14 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ch-postfinance-reparer.com/
Submission: On January 06 via api (January 6th 2024, 3:38:53 am UTC) from BE — Scanned from DE

Summary HTTP 24 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 24 HTTP transactions. The main IP is 91.215.85.14, located in Russian Federation and belongs to PROSPERO-AS, RU. The main domain is ch-postfinance-reparer.com.
TLS certificate: Issued by R3 on January 2nd 2024. Valid for: 3 months.

This is the only time ch-postfinance-reparer.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PostFinance (Banking)

Domain & IP information

	IP Address	AS Autonomous System
22	91.215.85.14 91.215.85.14	200593 (PROSPERO-AS) (PROSPERO-AS)
2	2a00:17c9:0:8... 2a00:17c9:0:8103::20c	12511 (CH-POSTNE...) (CH-POSTNETZ Post CH AG)
24	3

22 91.215.85.14 (Russian Federation)

ASN200593 (PROSPERO-AS, RU)

ch-postfinance-reparer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:17c9:0:8103::20c (Switzerland)

ASN12511 (CH-POSTNETZ Post CH AG, CH)

www.postfinance.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	ch-postfinance-reparer.com ch-postfinance-reparer.com	676 KB
2	postfinance.ch www.postfinance.ch — Cisco Umbrella Rank: 533577
24	2

	Domain	Requested by
22	ch-postfinance-reparer.com	ch-postfinance-reparer.com
2	www.postfinance.ch	ch-postfinance-reparer.com
24	2

This site contains no links.

Subject Issuer	Validity	Valid
ch-postfinance-reparer.com R3	`2024-01-02` - `2024-04-01`	3 months	crt.sh
postfinance.ch SwissSign RSA TLS EV ICA 2022 - 1	`2023-10-24` - `2024-10-24`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ch-postfinance-reparer.com/
Frame ID: 6250199F8B362E0DE4EA52D47E18DE44
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

24
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

768 kB
Transfer

3246 kB
Size

15
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response ch-postfinance-reparer.com/	154 KB 100 KB	814ms 600ms	Document text/html	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `0578d0d3331b443b5aee2b23e65e98406ae30c0969b2bb750f74102054ee8668` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" cache-control no-store, no-cache, must-revalidate content-encoding br content-type text/html; charset=UTF-8 date Sat, 06 Jan 2024 03:38:48 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache vary Accept-Encoding
GET H2	200	all.hv.min.css ch-postfinance-reparer.com/index_files/	613 KB 67 KB	99ms 98ms	Stylesheet text/css	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/index_files/all.hv.min.css Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `67e7db3e316c95e8dc2f9221897f443717e574047c83a3e1747126678a44158d` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Sat, 06 Jan 2024 03:38:48 GMT content-encoding br last-modified Sun, 20 Feb 2022 16:03:14 GMT vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 68827 expires Sat, 13 Jan 2024 03:38:48 GMT
GET H2	200	all.hv.mobile.min.css ch-postfinance-reparer.com/index_files/	611 KB 70 KB	100ms 100ms	Stylesheet text/css	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/index_files/all.hv.mobile.min.css Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `d0914c4c53c703c789f42965be5b05d04171cbe36bb44ab9bf6696ad03f07d17` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Sat, 06 Jan 2024 03:38:48 GMT content-encoding br last-modified Sun, 20 Feb 2022 16:01:46 GMT vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 71485 expires Sat, 13 Jan 2024 03:38:48 GMT
GET H2	200	all.ef.min.js Show response ch-postfinance-reparer.com/index_files/	192 KB 60 KB	53ms 52ms	Script application/javascript	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/index_files/all.ef.min.js Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `e5aae9816566b9b6f03fdf031c253e77375787570214631cba31087468dab48d` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Sat, 06 Jan 2024 03:38:48 GMT content-encoding br last-modified Sun, 20 Feb 2022 16:01:46 GMT vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 61834 expires Sat, 13 Jan 2024 03:38:48 GMT
GET H2	200	all.hv.min.js Show response ch-postfinance-reparer.com/index_files/	207 KB 53 KB	54ms 53ms	Script application/javascript	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/index_files/all.hv.min.js Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `3b6aef845effa067e4cdfff6a2fa96ce9a6409543bea3d5474fb99aaabf5c315` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Sat, 06 Jan 2024 03:38:48 GMT content-encoding br last-modified Sun, 20 Feb 2022 16:01:46 GMT vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 54355 expires Sat, 13 Jan 2024 03:38:48 GMT
GET H2	200	pfunblulegacy.js Show response ch-postfinance-reparer.com/index_files/	499 KB 82 KB	56ms 54ms	Script application/javascript	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/index_files/pfunblulegacy.js Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `ea8d70c5bb432cc84e8e5e0db99d128dac1c13f1d9d45d4dcba3d5151826310c` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Sat, 06 Jan 2024 03:38:48 GMT content-encoding br last-modified Sun, 20 Feb 2022 16:01:46 GMT vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 83452 expires Sat, 13 Jan 2024 03:38:48 GMT
GET H2	200	unblu.integration.component.min.js Show response ch-postfinance-reparer.com/index_files/	49 KB 8 KB	100ms 99ms	Script application/javascript	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/index_files/unblu.integration.component.min.js Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `c0e5e6227c874ed32064d5705feef3fe25c48de60395122e9652831800489826` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Sat, 06 Jan 2024 03:38:48 GMT content-encoding br last-modified Sun, 20 Feb 2022 16:01:46 GMT vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 8238 expires Sat, 13 Jan 2024 03:38:48 GMT
GET H3	200	unblu.interceptor.min.js Show response ch-postfinance-reparer.com/index_files/	6 KB 2 KB	51ms 51ms	Script application/javascript	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/index_files/unblu.interceptor.min.js Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `7e88448fe82b77cc4944eeed74592c9e299d66ae8b0e2f9f7a8bd320e157e033` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Sat, 06 Jan 2024 03:38:49 GMT content-encoding br last-modified Sun, 20 Feb 2022 16:01:46 GMT vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 1676 expires Sat, 13 Jan 2024 03:38:49 GMT
GET H3	200	visitor.js Show response ch-postfinance-reparer.com/index_files/	2 KB 1 KB	52ms 52ms	Script application/javascript	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/index_files/visitor.js Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `eb531334a6f32cab9a1c15ab18d36f3cc66e773c76e6abce1c9a7164af7e9a0a` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Sat, 06 Jan 2024 03:38:49 GMT content-encoding br last-modified Sun, 20 Feb 2022 16:01:46 GMT vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 1014 expires Sat, 13 Jan 2024 03:38:49 GMT
GET H3	200	Initializer.js Show response ch-postfinance-reparer.com/index_files/	7 KB 3 KB	52ms 51ms	Script application/javascript	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/index_files/Initializer.js Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `6f45613e1f69a8c4b24f4f8594f55ecf6d35d89c13138579a3fec5b935ee1996` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Sat, 06 Jan 2024 03:38:49 GMT content-encoding br last-modified Sun, 20 Feb 2022 16:01:46 GMT vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 2575 expires Sat, 13 Jan 2024 03:38:49 GMT
GET H3	200	SiteIntegrationLazyMain.cfg Show response ch-postfinance-reparer.com/index_files/	14 KB 14 KB	53ms 51ms	Script application/octet-stream	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/index_files/SiteIntegrationLazyMain.cfg Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `112c6c4c1e245cfdc4c4786c0212b4e725a63b85124743aaf69592b9b3e37c03` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Sat, 06 Jan 2024 03:38:49 GMT last-modified Sun, 20 Feb 2022 16:01:46 GMT accept-ranges bytes content-length 14555 content-type application/octet-stream
GET H3	200	SiteIntegrationLazyMain.js Show response ch-postfinance-reparer.com/index_files/	700 KB 174 KB	56ms 54ms	Script application/javascript	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/index_files/SiteIntegrationLazyMain.js Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `751da8f18cc3e46517eb28bfd9d72b266b601267650472caeda3a36809bbcbae` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Sat, 06 Jan 2024 03:38:49 GMT content-encoding br last-modified Sun, 20 Feb 2022 16:01:47 GMT vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 177913 expires Sat, 13 Jan 2024 03:38:49 GMT
GET H2	200	jquery.js Show response ch-postfinance-reparer.com/index_files/	87 KB 30 KB	101ms 100ms	Script application/javascript	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/index_files/jquery.js Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Sat, 06 Jan 2024 03:38:48 GMT content-encoding br last-modified Sun, 20 Feb 2022 16:14:27 GMT vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 30267 expires Sat, 13 Jan 2024 03:38:48 GMT
GET H2	200	logo.png ch-postfinance-reparer.com/index_files/	6 KB 6 KB	102ms 101ms	Image image/png	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ch-postfinance-reparer.com/index_files/logo.png Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `6e2341a524af81d8b9362e829287bede024d49eb00f2983f39ef3e8675614ac6` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers content-type image/png date Sat, 06 Jan 2024 03:38:48 GMT cache-control public, max-age=604800 last-modified Sun, 20 Feb 2022 16:01:47 GMT accept-ranges bytes content-length 6036 expires Sat, 13 Jan 2024 03:38:48 GMT
GET H3	200	statistics Show response ch-postfinance-reparer.com/index_files/	4 KB 4 KB	176ms 175ms	Script text/plain	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/index_files/statistics Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `0ed422d6d048aca37eb3c0ab7d4b824bc16d24b38024d0b48ba8cc26de2595fc` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Sat, 06 Jan 2024 03:38:49 GMT last-modified Sun, 20 Feb 2022 16:01:47 GMT accept-ranges bytes content-length 4486
GET H3	200	stats Show response ch-postfinance-reparer.com/index_files/	101 B 116 B	178ms 176ms	Script text/plain	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/index_files/stats Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `12f64ad6ca5e7436e96ffce9665a3fc82692b3ad10dbb94c3475ebe021b0c1b4` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Sat, 06 Jan 2024 03:38:49 GMT last-modified Sun, 20 Feb 2022 16:01:47 GMT accept-ranges bytes content-length 101
GET DATA	200 OK	truncated /	392 B 392 B		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d57b7c65343639b61a2d188404fd4299d7a1e76d6449c12c8b6cda54d6b5467a` Request headers Referer Origin https://ch-postfinance-reparer.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Content-Type application/font-woff2
GET H3	404	unblu.interceptor.min.js ch-postfinance-reparer.com/sc/	0 0	178ms 177ms	Script text/html	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/sc/unblu.interceptor.min.js Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/index_files/unblu.integration.component.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers pragma no-cache date Sat, 06 Jan 2024 03:38:49 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 708 content-type text/html
GET DATA	200 OK	truncated /	53 KB 53 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `56357c655153f3e1fa0b40233b0aaadedaa0293479322c33f8bf2de499278c7d` Request headers Referer Origin https://ch-postfinance-reparer.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Content-Type application/font-woff2;charset=utf-8
GET H/1.1	200 OK	icons--sprite.png www.postfinance.ch/sc/fp/1/static/fipo/ux/img/	0 0	149ms 50ms	Image text/html	2a00:17c9:0:8103::20c CH-POSTNETZ Post ...
General Check archive.org Show headers Download Go to Show image Full URL https://www.postfinance.ch/sc/fp/1/static/fipo/ux/img/icons--sprite.png Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/index_files/all.hv.min.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a00:17c9:0:8103::20c , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers
GET H/1.1	200 OK	input-border-left.png www.postfinance.ch/sc/fp/1/static/fipo/ux/img/images/	0 0	153ms 54ms	Image text/html	2a00:17c9:0:8103::20c CH-POSTNETZ Post ...
General Check archive.org Show headers Download Go to Show image Full URL https://www.postfinance.ch/sc/fp/1/static/fipo/ux/img/images/input-border-left.png Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/index_files/all.hv.min.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a00:17c9:0:8103::20c , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers
GET DATA	200 OK	truncated /	38 KB 38 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `98b2729855b2bb5f1ba5a1873ee019b01fde1e56500d2d83677556f0df3f346b` Request headers Referer Origin https://ch-postfinance-reparer.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Content-Type application/font-woff2;charset=utf-8
GET H3	404	visitor.js ch-postfinance-reparer.com/ap/ga/ub/	0 0	51ms 51ms	Script text/html	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/ap/ga/ub/visitor.js?x-unblu-apikey=MZsy5sFESYqU7MawXZgR_w Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/index_files/unblu.integration.component.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers pragma no-cache date Sat, 06 Jan 2024 03:38:49 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 708 content-type text/html
GET H3	404	Initializer.js ch-postfinance-reparer.com/ap/ga/ub/static/js/wp/xmd1645372553448/	0 0	79ms 79ms	Script text/html	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/ap/ga/ub/static/js/wp/xmd1645372553448/Initializer.js Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/index_files/visitor.js Protocol H3 Security QUIC, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers pragma no-cache date Sat, 06 Jan 2024 03:38:49 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 708 content-type text/html
GET H3	404	SiteIntegrationLazyMain.cfg ch-postfinance-reparer.com/ap/ga/ub/config/xmd1645372553448/all/fr/null/en-GB/https$ch-postfinance-reparer.com/MZsy5sFESYqU7MawXZgR_w/null/null/null/	0 0	52ms 52ms	Script text/html	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/ap/ga/ub/config/xmd1645372553448/all/fr/null/en-GB/https$ch-postfinance-reparer.com/MZsy5sFESYqU7MawXZgR_w/null/null/null/SiteIntegrationLazyMain.cfg Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/index_files/Initializer.js Protocol H3 Security QUIC, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers pragma no-cache date Sat, 06 Jan 2024 03:38:49 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 708 content-type text/html
GET H3	404	statistics.gif Show response ch-postfinance-reparer.com/ef/public/cc/pics/	708 B 721 B	51ms 51ms	XHR text/html	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/ef/public/cc/pics/statistics.gif?s=./index_files/all.ef.min.js,./index_files/all.hv.min.js,./index_files/pfunblulegacy.js,./index_files/unblu.integration.component.min.js,/sc/unblu.interceptor.min.js,./index_files/unblu.interceptor.min.js,./index_files/visitor.js,./index_files/Initializer.js,./index_files/SiteIntegrationLazyMain.cfg,./index_files/SiteIntegrationLazyMain.js,index_files/jquery.js,https://ch-postfinance-reparer.com/ap/ga/ub/static/js/wp/xmd1645372553448/Initializer.js,https://ch-postfinance-reparer.com/ap/ga/ub/config/xmd1645372553448/all/fr/null/en-GB/https$ch-postfinance-reparer.com/MZsy5sFESYqU7MawXZgR_w/null/null/null/SiteIntegrationLazyMain.cfg,./index_files/statistics,./index_files/stats Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/index_files/jquery.js Protocol H3 Security QUIC, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa` Request headers Accept / Referer https://ch-postfinance-reparer.com/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers pragma no-cache date Sat, 06 Jan 2024 03:38:49 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 708 content-type text/html
GET H3	404	data-woff2.css Show response ch-postfinance-reparer.com/sc/fp/1/static/fipo/ux/fonts/	708 B 721 B	51ms 51ms	XHR text/html	91.215.85.14 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://ch-postfinance-reparer.com/sc/fp/1/static/fipo/ux/fonts/data-woff2.css Requested by Host: ch-postfinance-reparer.com URL: https://ch-postfinance-reparer.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash `37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa` Request headers accept-language de-DE,de;q=0.9 Referer https://ch-postfinance-reparer.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers pragma no-cache date Sat, 06 Jan 2024 03:38:49 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 708 content-type text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PostFinance (Banking)

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ch-postfinance-reparer.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 30d0cd2f95ea9f4e851428d598d8cb19
ch-postfinance-reparer.com/	1969-12-31 23:59:59	Name: EF001Sprache Value: en-US
ch-postfinance-reparer.com/	1969-12-31 23:59:59	Name: EF001Betriebssystem Value: Win32
ch-postfinance-reparer.com/	1969-12-31 23:59:59	Name: EF001Webbrowser Value: Mozilla/5.0%20(Windows%20NT%2010.0_%20Win64_%20x64)%20AppleWebKit/537.36%20(KHTML_%20like%20Gecko)%20Chrome/120.0.6099.129%20Safari/537.36
ch-postfinance-reparer.com/	1969-12-31 23:59:59	Name: EF001Zeitzone Value: -60
ch-postfinance-reparer.com/	1969-12-31 23:59:59	Name: EF001Bildschirm Value: 1600*1200
ch-postfinance-reparer.com/	1969-12-31 23:59:59	Name: EF001Hash Value: -1806396736
ch-postfinance-reparer.com/	1969-12-31 23:59:59	Name: EF001Plugins Value: -1569584275
ch-postfinance-reparer.com/	1969-12-31 23:59:59	Name: EF001Farbtiefe Value: 24
ch-postfinance-reparer.com/	1969-12-31 23:59:59	Name: EF001BFG Value: 1600x1200
ch-postfinance-reparer.com/	1969-12-31 23:59:59	Name: EF001WGLR Value: Intel%20Iris%20OpenGL%20Engine
ch-postfinance-reparer.com/	1969-12-31 23:59:59	Name: EF001WGLV Value: Intel%20Inc.
ch-postfinance-reparer.com/	1969-12-31 23:59:59	Name: loginlocation Value: https%3A%2F%2Fch-postfinance-reparer.com%2F
ch-postfinance-reparer.com/	1969-12-31 23:59:59	Name: EFLoginInfo Value: BS=1600x1200,CD=24,GV=Intel Inc.,GR=Intel Iris OpenGL Engine
ch-postfinance-reparer.com/	1969-12-31 23:59:59	Name: EF003 Value: 158375

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://ch-postfinance-reparer.com/ap/ga/ub/visitor.js?x-unblu-apikey=MZsy5sFESYqU7MawXZgR_w Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://ch-postfinance-reparer.com/ap/ga/ub/static/js/wp/xmd1645372553448/Initializer.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://ch-postfinance-reparer.com/ap/ga/ub/config/xmd1645372553448/all/fr/null/en-GB/https$ch-postfinance-reparer.com/MZsy5sFESYqU7MawXZgR_w/null/null/null/SiteIntegrationLazyMain.cfg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://ch-postfinance-reparer.com/sc/unblu.interceptor.min.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://ch-postfinance-reparer.com/ef/public/cc/pics/statistics.gif?s=./index_files/all.ef.min.js,./index_files/all.hv.min.js,./index_files/pfunblulegacy.js,./index_files/unblu.integration.component.min.js,/sc/unblu.interceptor.min.js,./index_files/unblu.interceptor.min.js,./index_files/visitor.js,./index_files/Initializer.js,./index_files/SiteIntegrationLazyMain.cfg,./index_files/SiteIntegrationLazyMain.js,index_files/jquery.js,https://ch-postfinance-reparer.com/ap/ga/ub/static/js/wp/xmd1645372553448/Initializer.js,https://ch-postfinance-reparer.com/ap/ga/ub/config/xmd1645372553448/all/fr/null/en-GB/https$ch-postfinance-reparer.com/MZsy5sFESYqU7MawXZgR_w/null/null/null/SiteIntegrationLazyMain.cfg,./index_files/statistics,./index_files/stats Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://ch-postfinance-reparer.com/sc/fp/1/static/fipo/ux/fonts/data-woff2.css Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ch-postfinance-reparer.com
www.postfinance.ch
2a00:17c9:0:8103::20c
91.215.85.14
0578d0d3331b443b5aee2b23e65e98406ae30c0969b2bb750f74102054ee8668
0ed422d6d048aca37eb3c0ab7d4b824bc16d24b38024d0b48ba8cc26de2595fc
112c6c4c1e245cfdc4c4786c0212b4e725a63b85124743aaf69592b9b3e37c03
12f64ad6ca5e7436e96ffce9665a3fc82692b3ad10dbb94c3475ebe021b0c1b4
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
3b6aef845effa067e4cdfff6a2fa96ce9a6409543bea3d5474fb99aaabf5c315
56357c655153f3e1fa0b40233b0aaadedaa0293479322c33f8bf2de499278c7d
67e7db3e316c95e8dc2f9221897f443717e574047c83a3e1747126678a44158d
6e2341a524af81d8b9362e829287bede024d49eb00f2983f39ef3e8675614ac6
6f45613e1f69a8c4b24f4f8594f55ecf6d35d89c13138579a3fec5b935ee1996
751da8f18cc3e46517eb28bfd9d72b266b601267650472caeda3a36809bbcbae
7e88448fe82b77cc4944eeed74592c9e299d66ae8b0e2f9f7a8bd320e157e033
98b2729855b2bb5f1ba5a1873ee019b01fde1e56500d2d83677556f0df3f346b
c0e5e6227c874ed32064d5705feef3fe25c48de60395122e9652831800489826
d0914c4c53c703c789f42965be5b05d04171cbe36bb44ab9bf6696ad03f07d17
d57b7c65343639b61a2d188404fd4299d7a1e76d6449c12c8b6cda54d6b5467a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5aae9816566b9b6f03fdf031c253e77375787570214631cba31087468dab48d
ea8d70c5bb432cc84e8e5e0db99d128dac1c13f1d9d45d4dcba3d5151826310c
eb531334a6f32cab9a1c15ab18d36f3cc66e773c76e6abce1c9a7164af7e9a0a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

ch-postfinance-reparer.com Open in urlscan Pro 91.215.85.14 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

24 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

768 kBTransfer

3246 kBSize

15 Cookies

0 Outgoing links

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

65 JavaScript Global Variables

15 Cookies

6 Console Messages

ch-postfinance-reparer.com Open in urlscan Pro
91.215.85.14 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

768 kB
Transfer

3246 kB
Size

15
Cookies

24 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!