gama-aa.ba Open in urlscan Pro
80.65.85.142 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://preradekombija.rs/finn.html
Effective URL:
https://gama-aa.ba/finance/inde.html
Submission: On December 29 via api (December 29th 2023, 1:49:10 pm UTC) — Scanned from CH

Summary HTTP 25 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 3 domains to perform 25 HTTP transactions. The main IP is 80.65.85.142, located in Sarajevo, Bosnia & Herzegovina and belongs to BIHNET BIHNET Autonomus System, BA. The main domain is gama-aa.ba.
TLS certificate: Issued by R3 on December 19th 2023. Valid for: 3 months.

This is the only time gama-aa.ba was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PostFinance (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	217.195.152.155 217.195.152.155	395092 (SHOCK-1) (SHOCK-1)
1 20	80.65.85.142 80.65.85.142	9146 (BIHNET BI...) (BIHNET BIHNET Autonomus System)
1	194.41.226.13 194.41.226.13	12511 (CH-POSTNE...) (CH-POSTNETZ Post CH AG)
3	194.41.226.34 194.41.226.34	12511 (CH-POSTNE...) (CH-POSTNETZ Post CH AG)
25	5

1 217.195.152.155 (Amsterdam, Netherlands)

ASN395092 (SHOCK-1, US)
PTR: nl-s1.serverpanel.net

preradekombija.rs	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 80.65.85.142 (Sarajevo, Bosnia & Herzegovina) 1 redirects

ASN9146 (BIHNET BIHNET Autonomus System, BA)
PTR: web02.hosting.bhtelecom.ba

gama-aa.ba	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 194.41.226.13 (Bern, Switzerland)

ASN12511 (CH-POSTNETZ Post CH AG, CH)

bqztzw.postfinance.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 194.41.226.34 (Bern, Switzerland)

ASN12511 (CH-POSTNETZ Post CH AG, CH)

www.postfinance.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	gama-aa.ba 1 redirects gama-aa.ba	159 KB
4	postfinance.ch bqztzw.postfinance.ch — Cisco Umbrella Rank: 678904 www.postfinance.ch — Cisco Umbrella Rank: 402614	367 KB
1	preradekombija.rs preradekombija.rs	327 B
25	3

	Domain	Requested by
20	gama-aa.ba	1 redirects gama-aa.ba
3	www.postfinance.ch	gama-aa.ba
1	bqztzw.postfinance.ch	gama-aa.ba
1	preradekombija.rs
25	4

This site contains no links.

Subject Issuer	Validity	Valid
*.preradekombija.rs R3	`2023-11-06` - `2024-02-04`	3 months	crt.sh
gama-aa.ba R3	`2023-12-19` - `2024-03-18`	3 months	crt.sh
bqztzw.postfinance.ch SwissSign RSA TLS OV ICA 2021 - 1	`2023-08-08` - `2024-08-08`	a year	crt.sh
postfinance.ch SwissSign RSA TLS EV ICA 2022 - 1	`2023-10-24` - `2024-10-24`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://gama-aa.ba/finance/inde.html
Frame ID: 86D19127053651BC2A758C09258423F1
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PostFinance - E-Finance

Page URL History Show full URLs

https://preradekombija.rs/finn.html Page URL
https://gama-aa.ba/finance/ HTTP 302
https://gama-aa.ba/finance/inde.html Page URL

Page Statistics

25
Requests

96 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

5
IPs

3
Countries

526 kB
Transfer

1339 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://preradekombija.rs/finn.html Page URL
https://gama-aa.ba/finance/ HTTP 302
https://gama-aa.ba/finance/inde.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 finn.html Show response
preradekombija.rs/ 81 B
327 B 298ms
54ms Document
text/html 217.195.152.155
SHOCK-1

General

Check archive.org

Show headers Download Go to

Full URL: https://preradekombija.rs/finn.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 217.195.152.155 Amsterdam, Netherlands, ASN395092 (SHOCK-1, US),
Reverse DNS: nl-s1.serverpanel.net
Software: LiteSpeed /
Resource Hash: d38fb6527b86ba59eeff616ee0e84662b611831d4ae0e395d48ebc111ecdb651

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 81
content-type: text/html
date: Fri, 29 Dec 2023 13:49:05 GMT
last-modified: Fri, 29 Dec 2023 12:58:28 GMT
server: LiteSpeed
vary: User-Agent

GET
H2

200

Primary Request inde.html Show response
gama-aa.ba/finance/
Redirect Chain

https://gama-aa.ba/finance/
https://gama-aa.ba/finance/inde.html

48 KB
10 KB

73ms
72ms

Document
text/html

80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/finance/inde.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: 6446272287a915e6e3a7e32d18b23fb39b4ecde0fab37b7c59405c066602e49f

Request headers

Referer: https://preradekombija.rs/finn.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 9803
content-type: text/html
date: Fri, 29 Dec 2023 13:49:06 GMT
etag: "be55-60d6ba9a3a5c0-gzip"
last-modified: Tue, 26 Dec 2023 15:51:59 GMT
server: Apache
vary: Accept-Encoding

Redirect headers

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 29 Dec 2023 13:49:05 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: inde.html
pragma: no-cache
server: Apache

GET
H2 200 bs.js Show response
gama-aa.ba/finance/ 2 KB
768 B 112ms
112ms Script
application/javascript 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/finance/bs.js
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: cac601b469b32b46a2c83cb456699a55d5a51a7ce2046ec08b52c2b36249d468

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gama-aa.ba/finance/inde.html
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:06 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 12:37:30 GMT
server: Apache
etag: "6c0-60c3b327e3680-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 674

GET
H2 200 styles.6d93793434522e02.css
gama-aa.ba/finance/ 202 KB
27 KB 102ms
101ms Stylesheet
text/css 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/finance/styles.6d93793434522e02.css
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: ccfcc6b2aa4ba16d68e65a657e21d6b1f24a3e440d8d778087f9ba467e4ca67b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gama-aa.ba/finance/inde.html
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:06 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 12:37:44 GMT
server: Apache
etag: "32981-60c3b3353d600-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 27713

GET
H2 200 unblu.integration.component.js Show response
gama-aa.ba/finance/ 153 KB
23 KB 85ms
81ms Script
application/javascript 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/finance/unblu.integration.component.js
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: 35be2af0206d71ad92bbdc9e6c8d3be3aa3e8630c48786ecffb6bf3fcb2845a2

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gama-aa.ba/finance/inde.html
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:07 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 12:38:08 GMT
server: Apache
etag: "26250-60c3b34c20c00-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 23925

GET
H2 200 ib9157483.js Show response
bqztzw.postfinance.ch/ap/ga/bb/ 199 KB
200 KB 484ms
56ms Script
text/javascript 194.41.226.13
CH-POSTNETZ Post ...

General

Check archive.org

Show headers Download Go to

Full URL

https://bqztzw.postfinance.ch/ap/ga/bb/ib9157483.js

Requested by

Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

194.41.226.13 Bern, Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),

Reverse DNS

Software

Resource Hash

d666c3369b84c63460a4fd141b8976627f94578a39d021fa863e7fc984db91b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gama-aa.ba/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:07 GMT
x-correlation-id: 1008bc74-6996-4799-8cf1-384bb3761d00
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=1800
access-control-allow-headers: Content-Type,Authorization
content-length: 204276
x-request-id: c15179f28eb8560b77b85b53a5178c65

GET
H2 200 statistics Show response
gama-aa.ba/finance/ 0
17 B 662ms
659ms Script
text/html 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/finance/statistics?p_page=993
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gama-aa.ba/finance/inde.html
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:07 GMT
server: Apache
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 stats Show response
gama-aa.ba/finance/ 0
17 B 663ms
660ms Script
text/html 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/finance/stats?p_page=993
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gama-aa.ba/finance/inde.html
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:07 GMT
server: Apache
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 unblu.interceptor.min.js Show response
gama-aa.ba/finance/ 4 KB
2 KB 75ms
72ms Script
application/javascript 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/finance/unblu.interceptor.min.js
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: 1786ce9f0c0aa876657cde31946b9d158d051b77bd700c968fb7f95cd9953083

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gama-aa.ba/finance/inde.html
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:07 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 12:32:58 GMT
server: Apache
etag: "1067-60c3b2247d280-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 1628

GET
H2 200 visitor.js Show response
gama-aa.ba/ap/ga/ub/ 0
17 B 662ms
659ms Script
text/html 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/ap/ga/ub/visitor.js?x-unblu-apikey=MZsy5sFESYqU7MawXZgR_w
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gama-aa.ba/finance/inde.html
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:07 GMT
server: Apache
content-length: 0
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK Initializer.min.js Show response
www.postfinance.ch/ap/ga/ub/static/js/wp/xmd1702022856570/ 7 KB
4 KB 516ms
91ms Script
application/javascript 194.41.226.34
CH-POSTNETZ Post ...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.postfinance.ch/ap/ga/ub/static/js/wp/xmd1702022856570/Initializer.min.js

Requested by

Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

194.41.226.34 Bern, Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),

Reverse DNS

Software

Apache /

Resource Hash

7cf7825c4360c4faf04d7203f332303a48e419cf461c3260bc6ad68344e39133

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gama-aa.ba/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Fri, 29 Dec 2023 13:49:07 GMT
Content-encoding: gzip
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains; preload
X_OK_TRID: 55c3f01c-317df2-15ac2051-18cb5d5f5fa-007284a3-51790
Connection: Keep-Alive
Content-Length: 2732
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-modified: Tue, 25 Jul 2023 19:13:10 GMT
Server: Apache
Expect-CT: enforce,max-age=2592000,report-uri="https://universal.postfinance.ch/report"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript;charset=utf-8
Cache-control: max-age=315619200,public
Accept-ranges: bytes
Keep-Alive: timeout=5, max=50
Expires: Tue, 27 Dec 2033 07:33:32 GMT

GET
H/1.1 200
OK SiteIntegrationLazyMain.cfg Show response
www.postfinance.ch/ap/ga/ub/config/xmd1702313364676/all/fr/null/fr-FR/https$www.postfinance.ch/MZsy5sFESYqU7MawXZgR_w/null/null/null/ 19 KB
5 KB 540ms
115ms Script
application/javascript 194.41.226.34
CH-POSTNETZ Post ...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.postfinance.ch/ap/ga/ub/config/xmd1702313364676/all/fr/null/fr-FR/https$www.postfinance.ch/MZsy5sFESYqU7MawXZgR_w/null/null/null/SiteIntegrationLazyMain.cfg

Requested by

Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

194.41.226.34 Bern, Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),

Reverse DNS

Software

Apache /

Resource Hash

f6778c2ad273998e0e258aa2fe6b1fb069f2e0996a40cbe712eca8bba3115bfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gama-aa.ba/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Fri, 29 Dec 2023 13:49:07 GMT
Content-encoding: gzip
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains; preload
X_OK_TRID: 55c3f01c-317df2-15ac2051-18cb5d5f5fa-007284a1-51791
Connection: Keep-Alive
Content-Length: 4502
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-modified: Thu, 28 Dec 2023 12:01:59 GMT
Server: Apache
Expect-CT: enforce,max-age=2592000,report-uri="https://universal.postfinance.ch/report"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript;charset=utf-8
Cache-control: max-age=315619200,private
Keep-Alive: timeout=5, max=50
Expires: Thu, 29 Dec 2033 13:49:07 GMT

GET
H/1.1 200
OK SiteIntegrationLazyMain.min.js Show response
www.postfinance.ch/ap/ga/ub/static/js/wp/xmd1702022856570/ 588 KB
158 KB 518ms
93ms Script
application/javascript 194.41.226.34
CH-POSTNETZ Post ...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.postfinance.ch/ap/ga/ub/static/js/wp/xmd1702022856570/SiteIntegrationLazyMain.min.js

Requested by

Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

194.41.226.34 Bern, Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),

Reverse DNS

Software

Apache /

Resource Hash

ff2d4788ab5e3fef46e66d718255252b2b3118240138236e7937081f380513a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gama-aa.ba/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Fri, 29 Dec 2023 13:49:07 GMT
Content-encoding: gzip
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains; preload
Transfer-Encoding: chunked
X_OK_TRID: 55c3f01c-317df2-15ac2051-18cb5d5f5fa-007284a2-51789
Connection: Keep-Alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-modified: Tue, 25 Jul 2023 19:13:10 GMT
Server: Apache
Expect-CT: enforce,max-age=2592000,report-uri="https://universal.postfinance.ch/report"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript;charset=utf-8
Cache-control: max-age=315619200,public
Keep-Alive: timeout=5, max=50
Expires: Tue, 27 Dec 2033 07:34:27 GMT

GET
H2 200 unblu.interceptor.min.js Show response
gama-aa.ba/ap/ga/ub/pfstatic/js/ 0
17 B 660ms
658ms Script
text/html 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/ap/ga/ub/pfstatic/js/unblu.interceptor.min.js
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gama-aa.ba/finance/inde.html
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:07 GMT
server: Apache
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 runtime.d3b0b5b6084b7b79.js Show response
gama-aa.ba/finance/ 2 KB
972 B 112ms
112ms Script
application/javascript 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/finance/runtime.d3b0b5b6084b7b79.js
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: 72f4b91c8eaf270558a20a1dc1813b253286c98e3ccad79d907353dc77e3a420

Request headers

Referer: https://gama-aa.ba/finance/inde.html
Origin: https://gama-aa.ba
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:06 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 12:33:44 GMT
server: Apache
etag: "672-60c3b2505ba00-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 896

GET
H2 200 polyfills.80561a7bd696d7a6.js Show response
gama-aa.ba/finance/ 33 KB
12 KB 119ms
119ms Script
application/javascript 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/finance/polyfills.80561a7bd696d7a6.js
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: af20a3d0479f53f4878fd50868306ef8ac29c86f34753f28e85c4d85db4d3439

Request headers

Referer: https://gama-aa.ba/finance/inde.html
Origin: https://gama-aa.ba
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:06 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 12:33:38 GMT
server: Apache
etag: "8423-60c3b24aa2c80-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 11985

GET
H2 200 main.0c0f274de970d187.js Show response
gama-aa.ba/finane/ 0
17 B 691ms
690ms Script
text/html 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/finane/main.0c0f274de970d187.js
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gama-aa.ba/finance/inde.html
Origin: https://gama-aa.ba
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:06 GMT
server: Apache
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 main.js
gama-aa.ba/ap/ga/ob/html/preload/ 0
17 B 692ms
691ms Other
text/html 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/ap/ga/ob/html/preload/main.js
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gama-aa.ba/finance/inde.html
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:07 GMT
server: Apache
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 styles.css
gama-aa.ba/ap/ga/ob/html/preload/ 0
17 B 1150ms
1149ms Other
text/html 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/ap/ga/ob/html/preload/styles.css
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gama-aa.ba/finance/inde.html
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:07 GMT
server: Apache
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 menu.9e673858d384d2a88ba2.svg
gama-aa.ba/finance/assets/sprites/ 0
17 B 692ms
691ms Other
text/html 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/finance/assets/sprites/menu.9e673858d384d2a88ba2.svg
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gama-aa.ba/finance/inde.html
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:07 GMT
server: Apache
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 application.ce995d22237219656e3a.svg
gama-aa.ba/finance/assets/sprites/ 0
17 B 691ms
690ms Other
text/html 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/finance/assets/sprites/application.ce995d22237219656e3a.svg
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/inde.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gama-aa.ba/finance/inde.html
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:07 GMT
server: Apache
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 FrutigerNeueLTW06-Light.23770ae90a0ac3d5.woff2
gama-aa.ba/finance/ 42 KB
42 KB 107ms
107ms Font
font/woff2 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/finance/FrutigerNeueLTW06-Light.23770ae90a0ac3d5.woff2
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/styles.6d93793434522e02.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: d57f0454f106eff11c18b45792a1be05ca0cd79ea653a201a37939e8235eff73

Request headers

Referer: https://gama-aa.ba/finance/styles.6d93793434522e02.css
Origin: https://gama-aa.ba
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:07 GMT
last-modified: Tue, 26 Dec 2023 13:01:03 GMT
server: Apache
accept-ranges: bytes
etag: "a7a8-60d69465581c0"
content-length: 42920
content-type: font/woff2

GET
H2 200 FrutigerNeueLTW05-Medium.58a0ff866e7c76b1.woff2
gama-aa.ba/finance/ 41 KB
41 KB 107ms
107ms Font
font/woff2 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/finance/FrutigerNeueLTW05-Medium.58a0ff866e7c76b1.woff2
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/styles.6d93793434522e02.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: ddcf221f9ba32ec5d0bd05ad2207e370e7d399e7dd348ea1fee2c0e7c1135c0d

Request headers

Referer: https://gama-aa.ba/finance/styles.6d93793434522e02.css
Origin: https://gama-aa.ba
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:07 GMT
last-modified: Tue, 26 Dec 2023 13:01:07 GMT
server: Apache
accept-ranges: bytes
etag: "a358-60d6946928ac0"
content-length: 41816
content-type: font/woff2

GET
H2 200 efinanceuserinfo Show response
gama-aa.ba/pfch/rest-okaut/api-vs/ 0
17 B 648ms
648ms Fetch
text/html 80.65.85.142
BIHNET BIHNET Aut...

General

Check archive.org

Show headers Download Go to

Full URL: https://gama-aa.ba/pfch/rest-okaut/api-vs/efinanceuserinfo
Requested by: Host: gama-aa.ba
URL: https://gama-aa.ba/finance/polyfills.80561a7bd696d7a6.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 80.65.85.142 Sarajevo, Bosnia & Herzegovina, ASN9146 (BIHNET BIHNET Autonomus System, BA),
Reverse DNS: web02.hosting.bhtelecom.ba
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gama-aa.ba/finance/inde.html
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 29 Dec 2023 13:49:07 GMT
server: Apache
content-length: 0
content-type: text/html; charset=UTF-8

POST prolong
bqztzw.postfinance.ch/ap/ga/bb/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: bqztzw.postfinance.ch
URL: https://bqztzw.postfinance.ch/ap/ga/bb/prolong?sid=whgD49LgYKmBTge9VKqT1qY863nURW2w&tc9g=pkY7sOW8pg3GfdoaM4IRhZm6RxMmXUjc

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PostFinance (Banking)

152 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| unblu object| unbluIntegrationComponent string| eventObf function| cls object| _unblu_572F594F_21AA_4D30_8081_40F2793592AF object| webpackChunkcom_unblu_meta_server_webpack object| webpackChunkoklr function| Zone function| __zone_symbol__Promise function| __zone_symbol__fetch function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforexrselectpatched boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononbeforeinputpatched boolean| __zone_symbol__ononbeforetogglepatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontextlostpatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__ononcontextrestoredpatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__ononformdatapatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononsecuritypolicyviolationpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononslotchangepatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointerrawupdatepatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononmessageerrorpatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononbeforematchpatched boolean| __zone_symbol__ononcontentvisibilityautostatechangepatched boolean| __zone_symbol__ononscrollendpatched function| __zone_symbol__queueMicrotask object| __zone_symbol__unloadfalse object| w function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener undefined| __zone_symbol__eventListeners undefined| __zone_symbol__removeAllListeners function| eventListeners function| removeAllListeners

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
gama-aa.ba/	1969-12-31 23:59:59	Name: PHPSESSID Value: jaidq5aaodn161nelj2ojds9a0
gama-aa.ba/	1970-01-20 17:17:44	Name: EF001BFGvc3 Value: whgD49LgYKmBTge9VKqT1qY863nURW2w
gama-aa.ba/	1970-01-21 00:29:34	Name: EF001BF27rF Value: pkY7sOW8pg3GfdoaM4IRhZm6RxMmXUjc

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://gama-aa.ba/finane/main.0c0f274de970d187.js Message: Failed to load module script: Expected a JavaScript module script but the server responded with a MIME type of "text/html". Strict MIME type checking is enforced for module scripts per HTML spec.
other	warning	URL: https://bqztzw.postfinance.ch/ap/ga/bb/ib9157483.js(Line 68) Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bqztzw.postfinance.ch
gama-aa.ba
preradekombija.rs
www.postfinance.ch
bqztzw.postfinance.ch
194.41.226.13
194.41.226.34
217.195.152.155
80.65.85.142
1786ce9f0c0aa876657cde31946b9d158d051b77bd700c968fb7f95cd9953083
35be2af0206d71ad92bbdc9e6c8d3be3aa3e8630c48786ecffb6bf3fcb2845a2
6446272287a915e6e3a7e32d18b23fb39b4ecde0fab37b7c59405c066602e49f
72f4b91c8eaf270558a20a1dc1813b253286c98e3ccad79d907353dc77e3a420
7cf7825c4360c4faf04d7203f332303a48e419cf461c3260bc6ad68344e39133
af20a3d0479f53f4878fd50868306ef8ac29c86f34753f28e85c4d85db4d3439
cac601b469b32b46a2c83cb456699a55d5a51a7ce2046ec08b52c2b36249d468
ccfcc6b2aa4ba16d68e65a657e21d6b1f24a3e440d8d778087f9ba467e4ca67b
d38fb6527b86ba59eeff616ee0e84662b611831d4ae0e395d48ebc111ecdb651
d57f0454f106eff11c18b45792a1be05ca0cd79ea653a201a37939e8235eff73
d666c3369b84c63460a4fd141b8976627f94578a39d021fa863e7fc984db91b6
ddcf221f9ba32ec5d0bd05ad2207e370e7d399e7dd348ea1fee2c0e7c1135c0d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f6778c2ad273998e0e258aa2fe6b1fb069f2e0996a40cbe712eca8bba3115bfb
ff2d4788ab5e3fef46e66d718255252b2b3118240138236e7937081f380513a7

gama-aa.ba Open in urlscan Pro 80.65.85.142 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

25 Requests

96 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

5 IPs

3 Countries

526 kBTransfer

1339 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

152 JavaScript Global Variables

3 Cookies

2 Console Messages

Indicators

gama-aa.ba Open in urlscan Pro
80.65.85.142 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

96 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

5
IPs

3
Countries

526 kB
Transfer

1339 kB
Size

3
Cookies

25 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!