post.financemobapp.com

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 139.59.132.8, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is post.financemobapp.com.
TLS certificate: Issued by R3 on February 24th 2024. Valid for: 3 months.

This is the only time post.financemobapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PostFinance (Banking)

Domain & IP information

	IP Address		AS Autonomous System
6	139.59.132.8 139.59.132.8		14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
6	1

6 139.59.132.8 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

post.financemobapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	financemobapp.com post.financemobapp.com	177 KB
6	1

	Domain	Requested by
6	post.financemobapp.com	post.financemobapp.com
6	1

This site contains links to these domains. Also see Links.

Domain
www.postfinance.ch

Subject Issuer	Validity	Valid
post.financemobapp.com R3	`2024-02-24` - `2024-05-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://post.financemobapp.com/
Frame ID: 2ECC7FC8F8F0C43292E419CFB2D27917
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Detected technologies

Laravel (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Livewire (Web frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]{1,512}\bwire:
livewire(?:\.min)?\.js

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

177 kB
Transfer

470 kB
Size

2
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.postfinance.ch/ap/ba/ob/html/finance/home?login&pwreset
Title: Mot de passe oublié?

Search URL Search Domain Scan URL

URL: https://www.postfinance.ch/efinloginprocedurefr
Title: Aide aux procédures de login

Search URL Search Domain Scan URL

URL: https://www.postfinance.ch/demoefinloginfr
Title: Version démo e-finance

Search URL Search Domain Scan URL

URL: https://www.postfinance.ch/commander-ef
Title: Commander e-finance

Search URL Search Domain Scan URL

URL: https://www.postfinance.ch/
Title: Vers postfinance.ch

Search URL Search Domain Scan URL

URL: https://www.postfinance.ch/legalfr
Title: Mentions légales et accessibilité

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response post.financemobapp.com/	19 KB 6 KB	55ms 28ms	Document text/html	139.59.132.8 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://post.financemobapp.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 139.59.132.8 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.24.0 (Ubuntu) / Resource Hash `136b78fea71c3580eee5760aeafa28a0f273afb37961996d77fcde3ccbaba3cd` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control max-age=0, must-revalidate, no-cache, no-store, private Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Sat, 24 Feb 2024 17:26:09 GMT Expires Fri, 01 Jan 1990 00:00:00 GMT Pragma no-cache Server nginx/1.24.0 (Ubuntu) Transfer-Encoding chunked Vary Accept-Encoding
GET H/1.1	200 OK	app-Crk9bycB.css post.financemobapp.com/build/assets/	19 KB 5 KB	10ms 9ms	Stylesheet text/css	139.59.132.8 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://post.financemobapp.com/build/assets/app-Crk9bycB.css Requested by Host: post.financemobapp.com URL: https://post.financemobapp.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 139.59.132.8 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.24.0 (Ubuntu) / Resource Hash `c66d1bf50ce271a9618816ee96dddc206d50fac14c28d714e7f445d7b15ae78e` Request headers accept-language de-DE,de;q=0.9 Referer https://post.financemobapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Sat, 24 Feb 2024 17:26:09 GMT Content-Encoding gzip Last-Modified Sat, 24 Feb 2024 04:36:40 GMT Server nginx/1.24.0 (Ubuntu) ETag "4d50-61219390a4c30-gzip" Vary Accept-Encoding Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 4560
GET H/1.1	200 OK	app-DpXf7RNL.js Show response post.financemobapp.com/build/assets/	30 KB 12 KB	21ms 10ms	Script text/javascript	139.59.132.8 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://post.financemobapp.com/build/assets/app-DpXf7RNL.js Requested by Host: post.financemobapp.com URL: https://post.financemobapp.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 139.59.132.8 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.24.0 (Ubuntu) / Resource Hash `66305bcdd98d93c2ccdf110d616142c34c7254138f5800beed8ec498fae3816b` Request headers Referer https://post.financemobapp.com/ Origin https://post.financemobapp.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Sat, 24 Feb 2024 17:26:09 GMT Content-Encoding gzip Last-Modified Sat, 24 Feb 2024 04:36:40 GMT Server nginx/1.24.0 (Ubuntu) ETag "7938-61219390a4c30-gzip" Vary Accept-Encoding Content-Type text/javascript Connection keep-alive Accept-Ranges bytes Content-Length 12315
GET H/1.1	200 OK	livewire.js Show response post.financemobapp.com/livewire/	318 KB 71 KB	57ms 33ms	Script application/javascript	139.59.132.8 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://post.financemobapp.com/livewire/livewire.js?id=a27c4ca2 Requested by Host: post.financemobapp.com URL: https://post.financemobapp.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 139.59.132.8 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.24.0 (Ubuntu) / Resource Hash `67aa6ed707de7c454602976c0ea4dff169d0366409d44eeffad1f01d64134930` Request headers accept-language de-DE,de;q=0.9 Referer https://post.financemobapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Sat, 24 Feb 2024 17:26:09 GMT Content-Encoding gzip Last-Modified Sun, 28 Jan 2024 19:07:11 GMT Server nginx/1.24.0 (Ubuntu) Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=utf-8 Cache-Control max-age=31536000, public Connection keep-alive Accept-Ranges bytes Expires Mon, 24 Feb 2025 17:26:09 GMT
GET H/1.1	200 OK	light-DNCMwyHk.woff2 post.financemobapp.com/build/assets/	42 KB 42 KB	8ms 8ms	Font font/woff2	139.59.132.8 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://post.financemobapp.com/build/assets/light-DNCMwyHk.woff2 Requested by Host: post.financemobapp.com URL: https://post.financemobapp.com/build/assets/app-Crk9bycB.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 139.59.132.8 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.24.0 (Ubuntu) / Resource Hash `d57f0454f106eff11c18b45792a1be05ca0cd79ea653a201a37939e8235eff73` Request headers Referer https://post.financemobapp.com/build/assets/app-Crk9bycB.css Origin https://post.financemobapp.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Sat, 24 Feb 2024 17:26:09 GMT Last-Modified Sat, 24 Feb 2024 04:36:40 GMT Server nginx/1.24.0 (Ubuntu) ETag "a7a8-61219390a4c30" Content-Type font/woff2 Connection keep-alive Accept-Ranges bytes Content-Length 42920
GET H/1.1	200 OK	medium-LkBzPKBY.woff2 post.financemobapp.com/build/assets/	41 KB 41 KB	9ms 9ms	Font font/woff2	139.59.132.8 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://post.financemobapp.com/build/assets/medium-LkBzPKBY.woff2 Requested by Host: post.financemobapp.com URL: https://post.financemobapp.com/build/assets/app-Crk9bycB.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 139.59.132.8 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.24.0 (Ubuntu) / Resource Hash `ddcf221f9ba32ec5d0bd05ad2207e370e7d399e7dd348ea1fee2c0e7c1135c0d` Request headers Referer https://post.financemobapp.com/build/assets/app-Crk9bycB.css Origin https://post.financemobapp.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Sat, 24 Feb 2024 17:26:09 GMT Last-Modified Sat, 24 Feb 2024 04:36:40 GMT Server nginx/1.24.0 (Ubuntu) ETag "a358-61219390a3c90" Content-Type font/woff2 Connection keep-alive Accept-Ranges bytes Content-Length 41816

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PostFinance (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| Livewire object| Alpine function| axios

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			post.financemobapp.com/	1970-01-20 18:40:02	Name: XSRF-TOKEN Value: eyJpdiI6Ik9RRWtRQkFqZkl2eUxBRGF1MUkxWGc9PSIsInZhbHVlIjoiNXliak9IeVh4SzBSaDBGOUhZdndFeGxlY3NLUEY1YkNYTTdHVXlrWUdZdjhyTVR0ell4RGcwOGcyaG1xd2pnQ3pjQThlN1AzL0VsUCtiVlpFZ2Y3UEczQ0tZMENGZlpYTnZUVG1SU3VOMmhDUzlmaW12U3ZsYWFEc3NXa09ETzEiLCJtYWMiOiI2MGZiOWRiZmRhMTUyMDE2ZjU3NjM4ZWNiZTE4ZDBiYmRmMWIyZTM3YWJkNDdiYTU3NWI2MTMyNTc5OGY2MjY0IiwidGFnIjoiIn0%3D
			post.financemobapp.com/	1970-01-20 18:40:02	Name: laravel_session Value: eyJpdiI6ImovQWpSL1QvTTIyazhkYXlPNWtEVlE9PSIsInZhbHVlIjoiQ24rSGZOb0t2QVJwN0VYMk9KRSswekgybCtBcGk2UlU5RWlyQWdpd0pFUzBzaFV5d3FFcUJIYS92SjNYRWtKYVEvaW1CQXpKN291dzhFUVBYRnlrc2ZBMVZMZzRqVmVXYnR5ak0ySFFUTFVpM1pMTDZLcTZJVUZzaVhiTlNRNzEiLCJtYWMiOiJlODk2MmNhMDhhNmIwYTQ1OTQzMTc4MGJkMTNkNjVjMDg2ZWJjNzA3NGJhMTUwYzUxMmRiM2QyNzI2NWQ1ODQwIiwidGFnIjoiIn0%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

post.financemobapp.com
139.59.132.8
136b78fea71c3580eee5760aeafa28a0f273afb37961996d77fcde3ccbaba3cd
66305bcdd98d93c2ccdf110d616142c34c7254138f5800beed8ec498fae3816b
67aa6ed707de7c454602976c0ea4dff169d0366409d44eeffad1f01d64134930
c66d1bf50ce271a9618816ee96dddc206d50fac14c28d714e7f445d7b15ae78e
d57f0454f106eff11c18b45792a1be05ca0cd79ea653a201a37939e8235eff73
ddcf221f9ba32ec5d0bd05ad2207e370e7d399e7dd348ea1fee2c0e7c1135c0d

post.financemobapp.com Open in urlscan Pro 139.59.132.8 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

177 kBTransfer

470 kBSize

2 Cookies

6 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

2 Cookies

Indicators

post.financemobapp.com Open in urlscan Pro
139.59.132.8 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

177 kB
Transfer

470 kB
Size

2
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!