mein-postfinance.com
Open in
urlscan Pro
217.160.0.63
Malicious Activity!
Public Scan
Effective URL: https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
Submission: On May 23 via manual from CH — Scanned from DE
Summary
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on May 23rd 2023. Valid for: a year.
This is the only time mein-postfinance.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PostFinance (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3032::6815:211c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 2606:4700:303... 2606:4700:3030::ac43:8cbb | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2a00:1450:400... 2a00:1450:4001:80e::2002 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:809::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 34.233.240.217 34.233.240.217 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 2001:4860:480... 2001:4860:4802:34::36 | 15169 (GOOGLE) (GOOGLE) | |
1 | 162.241.24.197 162.241.24.197 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 2a00:1450:400... 2a00:1450:4001:82f::200a | 15169 (GOOGLE) (GOOGLE) | |
4 16 | 217.160.0.63 217.160.0.63 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
27 | 9 |
ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-233-240-217.compute-1.amazonaws.com
api.shre.ink |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5895.bluehost.com
hef.zmc.mybluehost.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
mein-postfinance.com
4 redirects
mein-postfinance.com |
2 MB |
8 |
shre.ink
1 redirects
shre.ink api.shre.ink |
168 KB |
3 |
doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184 |
151 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35 |
1 KB |
1 |
mybluehost.me
hef.zmc.mybluehost.me |
244 B |
1 |
google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2230 |
240 B |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40 |
79 KB |
27 | 7 |
Domain | Requested by | |
---|---|---|
16 | mein-postfinance.com |
4 redirects
mein-postfinance.com
|
7 | shre.ink |
1 redirects
shre.ink
|
3 | securepubads.g.doubleclick.net |
shre.ink
securepubads.g.doubleclick.net |
1 | fonts.googleapis.com |
shre.ink
|
1 | hef.zmc.mybluehost.me |
shre.ink
|
1 | region1.google-analytics.com |
www.googletagmanager.com
|
1 | api.shre.ink |
shre.ink
|
1 | www.googletagmanager.com |
shre.ink
|
27 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
shre.ink Cloudflare Inc ECC CA-3 |
2023-03-02 - 2024-03-01 |
a year | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2023-04-24 - 2023-07-17 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-04-24 - 2023-07-17 |
3 months | crt.sh |
api.shre.ink Amazon RSA 2048 M01 |
2023-03-03 - 2024-04-01 |
a year | crt.sh |
webmail.hef.zmc.mybluehost.me R3 |
2023-05-12 - 2023-08-10 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-04-24 - 2023-07-17 |
3 months | crt.sh |
mein-postfinance.com GeoTrust TLS RSA CA G1 |
2023-05-23 - 2024-05-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://mein-postfinance.com/ch-de/b2ac2d8/Login.php
Frame ID: 67A9B40CDAE05909F97D9341FE08B6C1
Requests: 29 HTTP requests in this frame
Screenshot
Page Title
PostFinance - E-financePage URL History Show full URLs
-
http://shre.ink/PF15219
HTTP 301
https://shre.ink/PF15219 Page URL
- https://hef.zmc.mybluehost.me/redirects/US684512/ Page URL
-
https://mein-postfinance.com/ch-de
HTTP 301
https://mein-postfinance.com/ch-de/ HTTP 302
https://mein-postfinance.com/ch-de/b2ac2d8 HTTP 301
https://mein-postfinance.com/ch-de/b2ac2d8/ HTTP 302
https://mein-postfinance.com/ch-de/b2ac2d8/Login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
AngularJS (JavaScript Frameworks) Expand
Detected patterns
- \bangular.{0,32}\.js
Nuxt.js (JavaScript Frameworks) Expand
Detected patterns
- /_nuxt/
Google Analytics (Analytics) Expand
Detected patterns
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://shre.ink/PF15219
HTTP 301
https://shre.ink/PF15219 Page URL
- https://hef.zmc.mybluehost.me/redirects/US684512/ Page URL
-
https://mein-postfinance.com/ch-de
HTTP 301
https://mein-postfinance.com/ch-de/ HTTP 302
https://mein-postfinance.com/ch-de/b2ac2d8 HTTP 301
https://mein-postfinance.com/ch-de/b2ac2d8/ HTTP 302
https://mein-postfinance.com/ch-de/b2ac2d8/Login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://shre.ink/PF15219 HTTP 301
- https://shre.ink/PF15219
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
PF15219
shre.ink/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
70e253c.js
shre.ink/_nuxt/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8f8988a.js
shre.ink/_nuxt/ |
251 KB 86 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
48403f5.js
shre.ink/_nuxt/ |
203 KB 56 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7920c1d.js
shre.ink/_nuxt/ |
71 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gpt.js
securepubads.g.doubleclick.net/tag/js/ |
76 KB 25 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cd52b4e.js
shre.ink/_nuxt/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
223 KB 79 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PF15219
api.shre.ink/url/ |
63 B 207 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305160101/ |
407 KB 126 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ppub_config
securepubads.g.doubleclick.net/pagead/ |
342 B 209 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 240 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
hef.zmc.mybluehost.me/redirects/US684512/ |
80 B 244 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
10 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
collect
region1.google-analytics.com/g/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
Login.php
mein-postfinance.com/ch-de/b2ac2d8/ Redirect Chain
|
142 KB 101 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.hv.min.css
mein-postfinance.com/ch-de/b2ac2d8/style/ |
583 KB 584 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
angular.min.js
mein-postfinance.com/ch-de/b2ac2d8/style/js/ |
163 KB 164 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
mein-postfinance.com/ch-de/b2ac2d8/style/js/ |
286 KB 287 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.validate.min.js
mein-postfinance.com/ch-de/b2ac2d8/style/js/ |
49 KB 49 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.js
mein-postfinance.com/ch-de/b2ac2d8/style/js/ |
18 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.hv.mobile.min.css
mein-postfinance.com/ch-de/b2ac2d8/style/ |
608 KB 609 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
mein-postfinance.com/ch-de/b2ac2d8/style/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
53 KB 53 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons--sprite.png
mein-postfinance.com/ch-de/b2ac2d8/style/ |
119 KB 119 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
input-border-left.png
mein-postfinance.com/ch-de/b2ac2d8/style// |
942 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
38 KB 38 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Where_Page.php
mein-postfinance.com/ch-de/b2ac2d8/Account/auto_system/ |
6 B 251 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Where_Page.php
mein-postfinance.com/ch-de/b2ac2d8/Account/auto_system/ |
6 B 204 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- region1.google-analytics.com
- URL
- https://region1.google-analytics.com/g/collect?v=2&tid=G-1B3H44VW9G>m=45je35h0&_p=2092646040&cid=1213469321.1684848623&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=2&sid=1684848622&sct=1&seg=0&dl=https%3A%2F%2Fshre.ink%2FPF15219&dt=Encurtador%20de%20link%20gr%C3%A1tis%20%7C%20URL%20Gr%C3%A1tis&en=user_engagement&ep.debug_mode=false&_et=1102
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PostFinance (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| angular function| $ function| jQuery4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
shre.ink/ | Name: i18n_redirected Value: default |
|
.shre.ink/ | Name: _ga Value: GA1.1.1213469321.1684848623 |
|
.shre.ink/ | Name: _ga_1B3H44VW9G Value: GS1.1.1684848622.1.0.1684848623.0.0.0 |
|
mein-postfinance.com/ | Name: PHPSESSID Value: 1d1fc20167159ab0e8b12069aa0e53ca |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.shre.ink
fonts.googleapis.com
hef.zmc.mybluehost.me
mein-postfinance.com
region1.google-analytics.com
securepubads.g.doubleclick.net
shre.ink
www.googletagmanager.com
region1.google-analytics.com
162.241.24.197
2001:4860:4802:34::36
217.160.0.63
2606:4700:3030::ac43:8cbb
2606:4700:3032::6815:211c
2a00:1450:4001:809::2008
2a00:1450:4001:80e::2002
2a00:1450:4001:82f::200a
34.233.240.217
02eb02cdb556defb1b4e160fff6868045f5d2f83fb7da6f8bb6b9b8dda23bb58
055ebfa8368e99942256a553ef6f5ed45b4eae0e6bd62de36459e7eb3377f163
09b9eb573734e1d1346e1c66cd2342c41612a53e5b1bcf30dd97c57090958679
0d21bd52022ca7f7e97109d28d327da1e68cc0bedd9713b2dc2b49d3aa104392
11f0e563d8ab6662d3a09b56f257365516a91e6660a0dcff18a8d1a531504b61
389a84a134d55df849d82277804aca8c69572db0d1f564a298ea4c1f36aaded1
56357c655153f3e1fa0b40233b0aaadedaa0293479322c33f8bf2de499278c7d
692d421d5c163409a5918e802f507abbaa6bec90baa454c5252977a5b3b7ff0d
6e2341a524af81d8b9362e829287bede024d49eb00f2983f39ef3e8675614ac6
70915fd662f474adb298b46fd6dc63d5b7167d5dae73afce1e335fcea227b13f
7eebe8e04352af4b7afbc2fb6c7b5413ec8cfc4567fb50cc2f411324e0958edb
8c50aa8567731858e81bcfd2027718d9a7c8fd7bf54cf496499adbf5da5741b9
8e7874d6597637018b91f5e69e240450e3f644bef5d0675d383fa0dbcef9b6eb
9032ab886a442930a17bd528238616ebd63a6d63712c4b2eda518f84cb2fe4cb
98b2729855b2bb5f1ba5a1873ee019b01fde1e56500d2d83677556f0df3f346b
b8fa37a532bd17eb5ee05838fa82dae74b8ad285627a1c9bab4577faff1416ae
c3af6d3d6078e73686473d771702059ee76520e1e9734d98b9c5bc3b2e6bd290
c909c28a92bf7b48807218b7eb333d2e6700bd123064a9625b63e36764ae3d91
cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a
d8e8637b61ccad3568add2c4863d9c0d9dc893f643c69e10336780b64502aff8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f696a6194a7c208a54b467d45f76580b9f03f9132150241bb4aa67f476bca6ed
f7ab85d108404ce04f57561886170bb64f90ca6ffc0de468508483c52d99171c
f8d106006e9c65e2e9192aa3852e8ca9506984b7ed89940cfbfaeb84cc0e08d3