wordpress-1252280-4492354.cloudwaysapps.com
Open in
urlscan Pro
104.248.3.131
Malicious Activity!
Public Scan
Effective URL: https://wordpress-1252280-4492354.cloudwaysapps.com/ch/files/index.html
Submission: On April 17 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 27th 2023. Valid for: a year.
This is the only time wordpress-1252280-4492354.cloudwaysapps.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PostFinance (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 23 | 104.248.3.131 104.248.3.131 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
2 4 | 2a00:17c9:0:1... 2a00:17c9:0:103::205 | 12511 (CH-POSTNE...) (CH-POSTNETZ Post CH AG) | |
27 | 3 |
ASN14061 (DIGITALOCEAN-ASN, US)
PTR: 1252280.cloudwaysapps.com
wordpress-1252280-4492354.cloudwaysapps.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
23 |
cloudwaysapps.com
2 redirects
wordpress-1252280-4492354.cloudwaysapps.com |
38 KB |
4 |
postfinance.ch
2 redirects
www.postfinance.ch — Cisco Umbrella Rank: 593053 |
1 MB |
27 | 2 |
Domain | Requested by | |
---|---|---|
23 | wordpress-1252280-4492354.cloudwaysapps.com |
2 redirects
wordpress-1252280-4492354.cloudwaysapps.com
|
4 | www.postfinance.ch |
2 redirects
wordpress-1252280-4492354.cloudwaysapps.com
|
27 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.postfinance.ch |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.cloudwaysapps.com Sectigo RSA Domain Validation Secure Server CA |
2023-04-27 - 2024-05-27 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://wordpress-1252280-4492354.cloudwaysapps.com/ch/files/index.html
Frame ID: 63873E7A8EEC6E56647E41491A87A9AB
Requests: 27 HTTP requests in this frame
Screenshot
Page Title
PostFinance - E-FinancePage URL History Show full URLs
-
https://wordpress-1252280-4492354.cloudwaysapps.com/ch
HTTP 301
http://wordpress-1252280-4492354.cloudwaysapps.com/ch/ HTTP 307
https://wordpress-1252280-4492354.cloudwaysapps.com/ch/ HTTP 302
https://wordpress-1252280-4492354.cloudwaysapps.com/ch/files/index.html Page URL
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: GoToHome header.help.label.PostFinance Home
Search URL Search Domain Scan URL
Title: Live-Support
Search URL Search Domain Scan URL
Title: Rechtliches und Barrierefreiheit
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://wordpress-1252280-4492354.cloudwaysapps.com/ch
HTTP 301
http://wordpress-1252280-4492354.cloudwaysapps.com/ch/ HTTP 307
https://wordpress-1252280-4492354.cloudwaysapps.com/ch/ HTTP 302
https://wordpress-1252280-4492354.cloudwaysapps.com/ch/files/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- https://www.postfinance.ch/ap/ga/ob/html/preload/main.js HTTP 302
- https://www.postfinance.ch/cc/ob/html/main.72965e282eadc0cb.js
- https://www.postfinance.ch/ap/ga/ob/html/preload/styles.css HTTP 302
- https://www.postfinance.ch/cc/ob/html/styles.258f7fc42065f2e8.css
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.html
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/ Redirect Chain
|
58 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bs.js.t%C3%A9l%C3%A9charger
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.6d93793434522e02.css
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
202 KB 27 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
unblu.integration.component.js.t%C3%A9l%C3%A9charger
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
unblu.interceptor.min.js.t%C3%A9l%C3%A9charger
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ib9157483.js.t%C3%A9l%C3%A9charger
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
statistics
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stats
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
visitor.js.t%C3%A9l%C3%A9charger
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Initializer.min.js.t%C3%A9l%C3%A9charger
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SiteIntegrationLazyMain.cfg.t%C3%A9l%C3%A9charger
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SiteIntegrationLazyMain.min.js.t%C3%A9l%C3%A9charger
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
runtime.d3b0b5b6084b7b79.js.t%C3%A9l%C3%A9charger
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfills.80561a7bd696d7a6.js.t%C3%A9l%C3%A9charger
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.0c0f274de970d187.js.t%C3%A9l%C3%A9charger
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.72965e282eadc0cb.js
www.postfinance.ch/cc/ob/html/ Redirect Chain
|
0 1 MB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.258f7fc42065f2e8.css
www.postfinance.ch/cc/ob/html/ Redirect Chain
|
0 30 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
menu.9e673858d384d2a88ba2.svg
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/assets/sprites/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application.ce995d22237219656e3a.svg
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/assets/sprites/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FrutigerNeueLTW06-Light.23770ae90a0ac3d5.woff2
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FrutigerNeueLTW05-Medium.58a0ff866e7c76b1.woff2
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FrutigerNeueLTW06-Light.16eb43da28f5fe57.woff
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FrutigerNeueLTW05-Medium.3497822aa79c4753.woff
wordpress-1252280-4492354.cloudwaysapps.com/ch/files/1_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon.ico
www.postfinance.ch/cc/ok/lr/assets/favicons/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon-32px.png
www.postfinance.ch/cc/ok/lr/assets/favicons/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon-16px.png
www.postfinance.ch/cc/ok/lr/assets/favicons/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon-96px.png
www.postfinance.ch/cc/ok/lr/assets/favicons/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.postfinance.ch
- URL
- https://www.postfinance.ch/cc/ok/lr/assets/favicons/favicon.ico
- Domain
- www.postfinance.ch
- URL
- https://www.postfinance.ch/cc/ok/lr/assets/favicons/favicon-32px.png
- Domain
- www.postfinance.ch
- URL
- https://www.postfinance.ch/cc/ok/lr/assets/favicons/favicon-16px.png
- Domain
- www.postfinance.ch
- URL
- https://www.postfinance.ch/cc/ok/lr/assets/favicons/favicon-96px.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PostFinance (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
wordpress-1252280-4492354.cloudwaysapps.com/ | Name: PHPSESSID Value: b3fa8p74a3s0m9gudlkf18i7k4 |
24 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
wordpress-1252280-4492354.cloudwaysapps.com
www.postfinance.ch
www.postfinance.ch
104.248.3.131
2a00:17c9:0:103::205
93ebcb30eedea6ad370aba97420cfc0ebe3a5bd0b1ead5f6be6f1260d49c7c50
ccfcc6b2aa4ba16d68e65a657e21d6b1f24a3e440d8d778087f9ba467e4ca67b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855