mein-postfinance.com Open in urlscan Pro
217.160.0.63 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://shre.ink/PF15219
Effective URL:
https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
Submission: On May 23 via manual (May 23rd 2023, 1:30:26 pm UTC) from CH — Scanned from DE

Summary HTTP 27 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 2 countries across 7 domains to perform 27 HTTP transactions. The main IP is 217.160.0.63, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is mein-postfinance.com.
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on May 23rd 2023. Valid for: a year.

This is the only time mein-postfinance.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PostFinance (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3032::6815:211c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700:303... 2606:4700:3030::ac43:8cbb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
1	34.233.240.217 34.233.240.217	14618 (AMAZON-AES) (AMAZON-AES)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	162.241.24.197 162.241.24.197	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
4 16	217.160.0.63 217.160.0.63	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
27	9

1 2606:4700:3032::6815:211c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

shre.ink	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3030::ac43:8cbb (United States)

ASN13335 (CLOUDFLARENET, US)

shre.ink	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.233.240.217 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-233-240-217.compute-1.amazonaws.com

api.shre.ink	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.241.24.197 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5895.bluehost.com

hef.zmc.mybluehost.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 217.160.0.63 (Germany) 4 redirects

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: 217-160-0-63.elastic-ssl.ui-r.com

mein-postfinance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	mein-postfinance.com 4 redirects mein-postfinance.com	2 MB
8	shre.ink 1 redirects shre.ink api.shre.ink	168 KB
3	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184	151 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	1 KB
1	mybluehost.me hef.zmc.mybluehost.me	244 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2230	240 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	79 KB
27	7

	Domain	Requested by
16	mein-postfinance.com	4 redirects mein-postfinance.com
7	shre.ink	1 redirects shre.ink
3	securepubads.g.doubleclick.net	shre.ink securepubads.g.doubleclick.net
1	fonts.googleapis.com	shre.ink
1	hef.zmc.mybluehost.me	shre.ink
1	region1.google-analytics.com	www.googletagmanager.com
1	api.shre.ink	shre.ink
1	www.googletagmanager.com	shre.ink
27	8

This site contains no links.

Subject Issuer	Validity	Valid
shre.ink Cloudflare Inc ECC CA-3	`2023-03-02` - `2024-03-01`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
api.shre.ink Amazon RSA 2048 M01	`2023-03-03` - `2024-04-01`	a year	crt.sh
webmail.hef.zmc.mybluehost.me R3	`2023-05-12` - `2023-08-10`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
mein-postfinance.com GeoTrust TLS RSA CA G1	`2023-05-23` - `2024-05-22`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
Frame ID: 67A9B40CDAE05909F97D9341FE08B6C1
Requests: 29 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PostFinance - E-finance

Page URL History Show full URLs

http://shre.ink/PF15219 HTTP 301
https://shre.ink/PF15219 Page URL
https://hef.zmc.mybluehost.me/redirects/US684512/ Page URL
https://mein-postfinance.com/ch-de HTTP 301
https://mein-postfinance.com/ch-de/ HTTP 302
https://mein-postfinance.com/ch-de/b2ac2d8 HTTP 301
https://mein-postfinance.com/ch-de/b2ac2d8/ HTTP 302
https://mein-postfinance.com/ch-de/b2ac2d8/Login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

\bangular.{0,32}\.js

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

/_nuxt/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

27
Requests

96 %
HTTPS

67 %
IPv6

7
Domains

8
Subdomains

9
IPs

2
Countries

2428 kB
Transfer

3321 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://shre.ink/PF15219 HTTP 301
https://shre.ink/PF15219 Page URL
https://hef.zmc.mybluehost.me/redirects/US684512/ Page URL
https://mein-postfinance.com/ch-de HTTP 301
https://mein-postfinance.com/ch-de/ HTTP 302
https://mein-postfinance.com/ch-de/b2ac2d8 HTTP 301
https://mein-postfinance.com/ch-de/b2ac2d8/ HTTP 302
https://mein-postfinance.com/ch-de/b2ac2d8/Login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://shre.ink/PF15219 HTTP 301
https://shre.ink/PF15219

27 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

PF15219 Show response
shre.ink/
Redirect Chain

http://shre.ink/PF15219
https://shre.ink/PF15219

6 KB
2 KB

92ms
64ms

Document
text/html

2606:4700:3030::ac43:8cbb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shre.ink/PF15219

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::ac43:8cbb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8d106006e9c65e2e9192aa3852e8ca9506984b7ed89940cfbfaeb84cc0e08d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7cbda72fb8d81c1c-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 23 May 2023 13:30:22 GMT
link: </_nuxt/70e253c.js>; rel="preload"; as=script, </_nuxt/8f8988a.js>; rel="preload"; as=script, </_nuxt/48403f5.js>; rel="preload"; as=script, </_nuxt/7920c1d.js>; rel="preload"; as=script
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TjIF2JARqoAiB9rLRkpJLw%2FQyrMLGKWfXi4q6J74IGN%2FIYJreYCqhQeDDn8WerBOlh9kBDwEnS1U3lkJlvEOaWk0Q4Zdc3n%2BrokV0dB4giv8CXV4IzdcGW9HouuLUN2%2B5z%2F%2B0VySiw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-robots-tag: noindex

Redirect headers

CF-RAY: 7cbda72f78949bb9-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Tue, 23 May 2023 13:30:22 GMT
Expires: Tue, 23 May 2023 14:30:22 GMT
Location: https://shre.ink/PF15219
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8tVD1f04hexD3fCf9D3t%2Fd1VhNziyOBV1T61efNapS3xmuk7o7zmBmvuKcjSsEHjYsidW%2B7a0INuQnJ15pG9tXc9RhdWLVZx%2Bk4tPAKoaZkpDD8%2BUTwd69%2BKf7ZBGrmHxOLNsRvbwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 70e253c.js Show response
shre.ink/_nuxt/ 3 KB
2 KB 15ms
14ms Script
application/javascript 2606:4700:3030::ac43:8cbb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shre.ink/_nuxt/70e253c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::ac43:8cbb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9032ab886a442930a17bd528238616ebd63a6d63712c4b2eda518f84cb2fe4cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shre.ink/PF15219
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:30:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2666
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"b9d5e4ca5b05b27a76e251b4e0ac7c3d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MGsgI6eyuv4JuFuX9FzPwpZDbPexSg6qPn89RdTce%2FNQrMSiUGJTTnx5VZjTJfgo3TWjFQ8tIWI58oDAfHRi%2BvI5z%2BqVNzOEpimy10qSnwsdDX7otqfyYshWzZNAsx%2F6pXvYWOZzGg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
x-robots-tag: noindex
cf-ray: 7cbda73039671c1c-FRA

GET
H2 200 8f8988a.js Show response
shre.ink/_nuxt/ 251 KB
86 KB 27ms
26ms Script
application/javascript 2606:4700:3030::ac43:8cbb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shre.ink/_nuxt/8f8988a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::ac43:8cbb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f696a6194a7c208a54b467d45f76580b9f03f9132150241bb4aa67f476bca6ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shre.ink/PF15219
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:30:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3269
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"965ffe91122d55f56ff3749b8935aba6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lCpVzzA%2BYrbfhvOF%2BOJST%2B1wHGRVSj2l1m1iNRyJzmSkmpm24hDyrnetLUkHIZi0OWyXd3bGPW9JNfXKRUs2XoSBwAk0TOxBlzX0WNnMoICTtZBH3GCjsgm22A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
x-robots-tag: noindex
cf-ray: 7cbda73039681c1c-FRA

GET
H2 200 48403f5.js Show response
shre.ink/_nuxt/ 203 KB
56 KB 20ms
19ms Script
application/javascript 2606:4700:3030::ac43:8cbb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shre.ink/_nuxt/48403f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::ac43:8cbb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

055ebfa8368e99942256a553ef6f5ed45b4eae0e6bd62de36459e7eb3377f163

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shre.ink/PF15219
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:30:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2666
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"fccda9f24a1919668cd403b71fc239e7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dv3s53AXDgbp1SzDi9DtRux1N%2B6TVnSqHNNle9QWM92ZORxo7hobW7f0qbgBj6slSN6euDob8HWjh1kVMEWdS0wqL83EK2jodPM0esF7uEtO7KcjdPwiiGeqXwQ5AdmMJZH8Mg2UYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
x-robots-tag: noindex
cf-ray: 7cbda730396b1c1c-FRA

GET
H2 200 7920c1d.js Show response
shre.ink/_nuxt/ 71 KB
19 KB 18ms
18ms Script
application/javascript 2606:4700:3030::ac43:8cbb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shre.ink/_nuxt/7920c1d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::ac43:8cbb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09b9eb573734e1d1346e1c66cd2342c41612a53e5b1bcf30dd97c57090958679

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shre.ink/PF15219
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:30:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3941
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"7b09177f3f7e1f3cd623315b88906c2b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FOhewLDoO%2FDfHOyZ3im6xwct9S11bz4RZu3KL5GakAISO3etqSol8dAAcD6qGhJnNLc4G9UWAPvs06pFjwKgPzC6juytbLe7qjbvqwrIyPWpjrLWzlw9nPcA%2BSpvyKqDqtCJD%2FFGwA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
x-robots-tag: noindex
cf-ray: 7cbda730396c1c1c-FRA

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 76 KB
25 KB 102ms
60ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: shre.ink
URL: https://shre.ink/PF15219

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11f0e563d8ab6662d3a09b56f257365516a91e6660a0dcff18a8d1a531504b61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shre.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:30:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25313
x-xss-protection: 0
server: cafe
etag: 869 / 19500 / m202305160101 / config-hash: 17264376816506353205
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 23 May 2023 13:30:22 GMT

GET
H3 200 cd52b4e.js Show response
shre.ink/_nuxt/ 3 KB
2 KB 22ms
21ms Script
application/javascript 2606:4700:3030::ac43:8cbb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shre.ink/_nuxt/cd52b4e.js

Requested by

Host: shre.ink
URL: https://shre.ink/_nuxt/70e253c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:8cbb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3af6d3d6078e73686473d771702059ee76520e1e9734d98b9c5bc3b2e6bd290

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shre.ink/PF15219
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:30:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3122
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"44f0211ab10bd1064ad426c087ae8870"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=slg%2BlRqJeZzhsN%2B5qXZWBr7KvVIpJSuQtMI%2F2cNOMc3yrb38iGZWOu1ty%2FzcjUCW%2FPAqgj5bFVdHUvlqw5fRP2bZt9TrQf6%2BCEobx2QWy3Iz5RBgedijPpajQKxDQ6dp0oXMksvTOg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
x-robots-tag: noindex
cf-ray: 7cbda730eec43837-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 223 KB
79 KB 159ms
24ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-1B3H44VW9G&l=dataLayer

Requested by

Host: shre.ink
URL: https://shre.ink/_nuxt/48403f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

389a84a134d55df849d82277804aca8c69572db0d1f564a298ea4c1f36aaded1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shre.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:30:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80312
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 23 May 2023 13:30:22 GMT

GET
H2 200 PF15219
api.shre.ink/url/ 63 B
207 B 396ms
154ms XHR
application/json 34.233.240.217
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.shre.ink/url/PF15219
Requested by: Host: shre.ink
URL: https://shre.ink/_nuxt/8f8988a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.233.240.217 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-233-240-217.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: application/json, text/plain, */*
Referer: https://shre.ink/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin: https://shre.ink
date: Tue, 23 May 2023 13:30:22 GMT
content-length: 63
vary: origin
apigw-requestid: FYLtUhz7IAMEJCg=
content-type: application/json

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305160101/ 407 KB
126 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305160101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c909c28a92bf7b48807218b7eb333d2e6700bd123064a9625b63e36764ae3d91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shre.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 12:42:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2893
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128419
x-xss-protection: 0
server: cafe
etag: 9945815184239927542
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 22 May 2024 12:42:09 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 342 B
209 B 60ms
42ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=shre.ink

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7eebe8e04352af4b7afbc2fb6c7b5413ec8cfc4567fb50cc2f411324e0958edb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shre.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:30:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 184
x-xss-protection: 0
expires: Tue, 23 May 2023 13:30:22 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
240 B 42ms
17ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-1B3H44VW9G&gtm=45je35h0&_p=2092646040&cid=1213469321.1684848623&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&ngs=1&_s=1&sid=1684848622&sct=1&seg=0&dl=https%3A%2F%2Fshre.ink%2FPF15219&dt=Encurtador%20de%20link%20gr%C3%A1tis%20%7C%20URL%20Gr%C3%A1tis&en=scroll&_fv=1&_nsi=1&_ss=1&ep.debug_mode=false&epn.percent_scrolled=90
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-1B3H44VW9G&l=dataLayer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shre.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 13:30:22 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://shre.ink
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
hef.zmc.mybluehost.me/redirects/US684512/ 80 B
244 B 847ms
257ms Document
text/html 162.241.24.197
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hef.zmc.mybluehost.me/redirects/US684512/
Requested by: Host: shre.ink
URL: https://shre.ink/_nuxt/48403f5.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.24.197 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5895.bluehost.com
Software: nginx/1.21.6 /
Resource Hash

Request headers

Referer: https://shre.ink/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-length: 94
content-type: text/html; charset=UTF-8
date: Tue, 23 May 2023 13:30:13 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
server: nginx/1.21.6
vary: Accept-Encoding
x-server-cache: false

GET
H2 200 css2
fonts.googleapis.com/ 10 KB
1 KB 107ms
17ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600&family=Montserrat:wght@600;700&display=swap

Requested by

Host: shre.ink
URL: https://shre.ink/_nuxt/8f8988a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shre.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 23 May 2023 13:30:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 23 May 2023 13:30:22 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 23 May 2023 13:30:22 GMT

POST collect
region1.google-analytics.com/g/ 0
0

GET
H2

200

Primary Request Login.php Show response
mein-postfinance.com/ch-de/b2ac2d8/
Redirect Chain

https://mein-postfinance.com/ch-de
https://mein-postfinance.com/ch-de/
https://mein-postfinance.com/ch-de/b2ac2d8
https://mein-postfinance.com/ch-de/b2ac2d8/
https://mein-postfinance.com/ch-de/b2ac2d8/Login.php

142 KB
101 KB

92ms
92ms

Document
text/html

217.160.0.63
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.63 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-63.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 70915fd662f474adb298b46fd6dc63d5b7167d5dae73afce1e335fcea227b13f

Request headers

Referer: https://hef.zmc.mybluehost.me/redirects/US684512/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 23 May 2023 13:30:24 GMT
server: Apache

Redirect headers

content-type: text/html; charset=UTF-8
date: Tue, 23 May 2023 13:30:24 GMT
location: ./Login.php
server: Apache

GET
H2 200 all.hv.min.css
mein-postfinance.com/ch-de/b2ac2d8/style/ 583 KB
584 KB 55ms
54ms Stylesheet
text/css 217.160.0.63
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://mein-postfinance.com/ch-de/b2ac2d8/style/all.hv.min.css
Requested by: Host: mein-postfinance.com
URL: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.63 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-63.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: b8fa37a532bd17eb5ee05838fa82dae74b8ad285627a1c9bab4577faff1416ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:30:24 GMT
last-modified: Tue, 23 May 2023 13:30:24 GMT
server: Apache
accept-ranges: bytes
etag: W/"91d8f-5fc5c63bc2233"
content-length: 597391
content-type: text/css

GET
H2 200 angular.min.js Show response
mein-postfinance.com/ch-de/b2ac2d8/style/js/ 163 KB
164 KB 39ms
39ms Script
text/javascript 217.160.0.63
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://mein-postfinance.com/ch-de/b2ac2d8/style/js/angular.min.js
Requested by: Host: mein-postfinance.com
URL: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.63 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-63.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 8c50aa8567731858e81bcfd2027718d9a7c8fd7bf54cf496499adbf5da5741b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:30:24 GMT
last-modified: Tue, 23 May 2023 13:30:24 GMT
server: Apache
accept-ranges: bytes
etag: W/"28cdb-5fc5c63bc7ff3"
content-length: 167131
content-type: text/javascript

GET
H2 200 jquery.min.js Show response
mein-postfinance.com/ch-de/b2ac2d8/style/js/ 286 KB
287 KB 40ms
39ms Script
text/javascript 217.160.0.63
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://mein-postfinance.com/ch-de/b2ac2d8/style/js/jquery.min.js
Requested by: Host: mein-postfinance.com
URL: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.63 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-63.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 692d421d5c163409a5918e802f507abbaa6bec90baa454c5252977a5b3b7ff0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:30:24 GMT
last-modified: Tue, 23 May 2023 13:30:24 GMT
server: Apache
accept-ranges: bytes
etag: W/"478d0-5fc5c63bc8f93"
content-length: 293072
content-type: text/javascript

GET
H2 200 jquery.validate.min.js Show response
mein-postfinance.com/ch-de/b2ac2d8/style/js/ 49 KB
49 KB 55ms
54ms Script
text/javascript 217.160.0.63
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://mein-postfinance.com/ch-de/b2ac2d8/style/js/jquery.validate.min.js
Requested by: Host: mein-postfinance.com
URL: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.63 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-63.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: d8e8637b61ccad3568add2c4863d9c0d9dc893f643c69e10336780b64502aff8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:30:24 GMT
last-modified: Tue, 23 May 2023 13:30:24 GMT
server: Apache
accept-ranges: bytes
etag: W/"c448-5fc5c63bc9f33"
content-length: 50248
content-type: text/javascript

GET
H2 200 jquery.mask.js Show response
mein-postfinance.com/ch-de/b2ac2d8/style/js/ 18 KB
18 KB 55ms
55ms Script
text/javascript 217.160.0.63
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://mein-postfinance.com/ch-de/b2ac2d8/style/js/jquery.mask.js
Requested by: Host: mein-postfinance.com
URL: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.63 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-63.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:30:24 GMT
last-modified: Tue, 23 May 2023 13:30:24 GMT
server: Apache
accept-ranges: bytes
etag: W/"47fe-5fc5c63bc8f93"
content-length: 18430
content-type: text/javascript

GET
H2 200 all.hv.mobile.min.css
mein-postfinance.com/ch-de/b2ac2d8/style/ 608 KB
609 KB 36ms
36ms Stylesheet
text/css 217.160.0.63
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://mein-postfinance.com/ch-de/b2ac2d8/style/all.hv.mobile.min.css
Requested by: Host: mein-postfinance.com
URL: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.63 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-63.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 8e7874d6597637018b91f5e69e240450e3f644bef5d0675d383fa0dbcef9b6eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:30:24 GMT
last-modified: Tue, 23 May 2023 13:30:24 GMT
server: Apache
accept-ranges: bytes
etag: W/"9803f-5fc5c63bc2233"
content-length: 622655
content-type: text/css

GET
H2 200 logo.png
mein-postfinance.com/ch-de/b2ac2d8/style/ 6 KB
6 KB 28ms
28ms Image
image/png 217.160.0.63
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mein-postfinance.com/ch-de/b2ac2d8/style/logo.png
Requested by: Host: mein-postfinance.com
URL: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.63 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-63.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 6e2341a524af81d8b9362e829287bede024d49eb00f2983f39ef3e8675614ac6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:30:24 GMT
last-modified: Tue, 23 May 2023 13:30:24 GMT
server: Apache
accept-ranges: bytes
etag: W/"1794-5fc5c63bc5113"
content-length: 6036
content-type: image/png

GET
DATA 200
OK truncated
/ 53 KB
53 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56357c655153f3e1fa0b40233b0aaadedaa0293479322c33f8bf2de499278c7d

Request headers

Referer
Origin: https://mein-postfinance.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
H2 200 icons--sprite.png
mein-postfinance.com/ch-de/b2ac2d8/style/ 119 KB
119 KB 31ms
30ms Image
image/png 217.160.0.63
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mein-postfinance.com/ch-de/b2ac2d8/style/icons--sprite.png
Requested by: Host: mein-postfinance.com
URL: https://mein-postfinance.com/ch-de/b2ac2d8/style/all.hv.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.63 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-63.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: f7ab85d108404ce04f57561886170bb64f90ca6ffc0de468508483c52d99171c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mein-postfinance.com/ch-de/b2ac2d8/style/all.hv.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:30:24 GMT
last-modified: Tue, 23 May 2023 13:30:24 GMT
server: Apache
accept-ranges: bytes
etag: W/"1dba9-5fc5c63bc4173"
content-length: 121769
content-type: image/png

GET
H2 200 input-border-left.png
mein-postfinance.com/ch-de/b2ac2d8/style// 942 B
1 KB 30ms
29ms Image
image/png 217.160.0.63
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mein-postfinance.com/ch-de/b2ac2d8/style//input-border-left.png
Requested by: Host: mein-postfinance.com
URL: https://mein-postfinance.com/ch-de/b2ac2d8/style/all.hv.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.63 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-63.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 02eb02cdb556defb1b4e160fff6868045f5d2f83fb7da6f8bb6b9b8dda23bb58

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mein-postfinance.com/ch-de/b2ac2d8/style/all.hv.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:30:24 GMT
last-modified: Tue, 23 May 2023 13:30:24 GMT
server: Apache
accept-ranges: bytes
etag: W/"3ae-5fc5c63bc5113"
content-length: 942
content-type: image/png

GET
DATA 200
OK truncated
/ 38 KB
38 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98b2729855b2bb5f1ba5a1873ee019b01fde1e56500d2d83677556f0df3f346b

Request headers

Referer
Origin: https://mein-postfinance.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
H2 200 Where_Page.php Show response
mein-postfinance.com/ch-de/b2ac2d8/Account/auto_system/ 6 B
251 B 83ms
82ms XHR
text/html 217.160.0.63
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://mein-postfinance.com/ch-de/b2ac2d8/Account/auto_system/Where_Page.php?Online=login
Requested by: Host: mein-postfinance.com
URL: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.63 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-63.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 0d21bd52022ca7f7e97109d28d327da1e68cc0bedd9713b2dc2b49d3aa104392

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
date: Tue, 23 May 2023 13:30:25 GMT
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
server: Apache
content-type: text/html; charset=UTF-8

GET
H2 200 Where_Page.php Show response
mein-postfinance.com/ch-de/b2ac2d8/Account/auto_system/ 6 B
204 B 74ms
73ms XHR
text/html 217.160.0.63
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://mein-postfinance.com/ch-de/b2ac2d8/Account/auto_system/Where_Page.php?Online=login
Requested by: Host: mein-postfinance.com
URL: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.63 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-63.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 0d21bd52022ca7f7e97109d28d327da1e68cc0bedd9713b2dc2b49d3aa104392

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
date: Tue, 23 May 2023 13:30:26 GMT
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
server: Apache
content-type: text/html; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-1B3H44VW9G&gtm=45je35h0&_p=2092646040&cid=1213469321.1684848623&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=2&sid=1684848622&sct=1&seg=0&dl=https%3A%2F%2Fshre.ink%2FPF15219&dt=Encurtador%20de%20link%20gr%C3%A1tis%20%7C%20URL%20Gr%C3%A1tis&en=user_engagement&ep.debug_mode=false&_et=1102

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PostFinance (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| angular function| $ function| jQuery

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
shre.ink/	1970-01-20 20:46:24	Name: i18n_redirected Value: default
.shre.ink/	1970-01-20 21:36:48	Name: _ga Value: GA1.1.1213469321.1684848623
.shre.ink/	1970-01-20 21:36:48	Name: _ga_1B3H44VW9G Value: GS1.1.1684848622.1.0.1684848623.0.0.0
mein-postfinance.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 1d1fc20167159ab0e8b12069aa0e53ca

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://shre.ink/PF15219 Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.shre.ink
fonts.googleapis.com
hef.zmc.mybluehost.me
mein-postfinance.com
region1.google-analytics.com
securepubads.g.doubleclick.net
shre.ink
www.googletagmanager.com
region1.google-analytics.com
162.241.24.197
2001:4860:4802:34::36
217.160.0.63
2606:4700:3030::ac43:8cbb
2606:4700:3032::6815:211c
2a00:1450:4001:809::2008
2a00:1450:4001:80e::2002
2a00:1450:4001:82f::200a
34.233.240.217
02eb02cdb556defb1b4e160fff6868045f5d2f83fb7da6f8bb6b9b8dda23bb58
055ebfa8368e99942256a553ef6f5ed45b4eae0e6bd62de36459e7eb3377f163
09b9eb573734e1d1346e1c66cd2342c41612a53e5b1bcf30dd97c57090958679
0d21bd52022ca7f7e97109d28d327da1e68cc0bedd9713b2dc2b49d3aa104392
11f0e563d8ab6662d3a09b56f257365516a91e6660a0dcff18a8d1a531504b61
389a84a134d55df849d82277804aca8c69572db0d1f564a298ea4c1f36aaded1
56357c655153f3e1fa0b40233b0aaadedaa0293479322c33f8bf2de499278c7d
692d421d5c163409a5918e802f507abbaa6bec90baa454c5252977a5b3b7ff0d
6e2341a524af81d8b9362e829287bede024d49eb00f2983f39ef3e8675614ac6
70915fd662f474adb298b46fd6dc63d5b7167d5dae73afce1e335fcea227b13f
7eebe8e04352af4b7afbc2fb6c7b5413ec8cfc4567fb50cc2f411324e0958edb
8c50aa8567731858e81bcfd2027718d9a7c8fd7bf54cf496499adbf5da5741b9
8e7874d6597637018b91f5e69e240450e3f644bef5d0675d383fa0dbcef9b6eb
9032ab886a442930a17bd528238616ebd63a6d63712c4b2eda518f84cb2fe4cb
98b2729855b2bb5f1ba5a1873ee019b01fde1e56500d2d83677556f0df3f346b
b8fa37a532bd17eb5ee05838fa82dae74b8ad285627a1c9bab4577faff1416ae
c3af6d3d6078e73686473d771702059ee76520e1e9734d98b9c5bc3b2e6bd290
c909c28a92bf7b48807218b7eb333d2e6700bd123064a9625b63e36764ae3d91
cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a
d8e8637b61ccad3568add2c4863d9c0d9dc893f643c69e10336780b64502aff8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f696a6194a7c208a54b467d45f76580b9f03f9132150241bb4aa67f476bca6ed
f7ab85d108404ce04f57561886170bb64f90ca6ffc0de468508483c52d99171c
f8d106006e9c65e2e9192aa3852e8ca9506984b7ed89940cfbfaeb84cc0e08d3

mein-postfinance.com Open in urlscan Pro 217.160.0.63 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

27 Requests

96 %HTTPS

67 %IPv6

7 Domains

8 Subdomains

9 IPs

2 Countries

2428 kBTransfer

3321 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

mein-postfinance.com Open in urlscan Pro
217.160.0.63 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

27
Requests

96 %
HTTPS

67 %
IPv6

7
Domains

8
Subdomains

9
IPs

2
Countries

2428 kB
Transfer

3321 kB
Size

4
Cookies

27 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!