u-h-x.com Open in urlscan Pro
142.44.163.33 Malicious Activity! Public Scan

URL:
https://u-h-x.com/td/
Submission: On September 12 via manual (September 12th 2018, 7:12:33 pm UTC) from RU

Summary HTTP 18 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 18 HTTP transactions. The main IP is 142.44.163.33, located in Victoria, Canada and belongs to OVH, FR. The main domain is u-h-x.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 10th 2018. Valid for: 3 months.

This is the only time u-h-x.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: TD Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
18	142.44.163.33 142.44.163.33		16276 (OVH) (OVH)
18	1

18 142.44.163.33 (Victoria, Canada)

ASN16276 (OVH, FR)
PTR: 33.ip-142-44-163.net

u-h-x.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	u-h-x.com u-h-x.com	472 KB
18	1

	Domain	Requested by
18	u-h-x.com	u-h-x.com
18	1

This site contains links to these domains. Also see Links.

Domain
1interact-online-refund.com
easyweb.td.com

Subject Issuer	Validity	Valid
u-h-x.com cPanel, Inc. Certification Authority	`2018-09-10` - `2018-12-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://u-h-x.com/td/
Frame ID: BD048AD9CDD767A7C04FF32C64E0D687
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

472 kB
Transfer

469 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: http://1interact-online-refund.com/payment.receive/td/Login.php?sslchannel=true&sessionid=ppGsEsROTTxonloXptRtKC7hspsp6kLvKsYoVPdPIKd55C2v6UYQx57ZuApBVb7FD54zUhoD2CJ8eMDl
Title: Skip to main content

Search URL Search Domain Scan URL

URL: https://easyweb.td.com/waw/idp/login.htm?execution=e1s1
Title: Remember me

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response u-h-x.com/td/	35 KB 35 KB	289ms 96ms	Document text/html	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Full URL https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `0ee05882414e66190bdad594144843bcc8e45c48accc5f35091c5220ffea1c4d` Request headers Host u-h-x.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id BD048AD9CDD767A7C04FF32C64E0D687 Response headers Date Wed, 12 Sep 2018 19:12:20 GMT Server Apache Last-Modified Mon, 09 Oct 2017 12:49:04 GMT Accept-Ranges bytes Content-Length 35557 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	cip_14_3.css u-h-x.com/td/files/	20 KB 20 KB	195ms 102ms	Stylesheet text/css	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Full URL https://u-h-x.com/td/files/cip_14_3.css Requested by Host: u-h-x.com URL: https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `c1ef1df288218693bdfa9e2c01c449dfb455d2db012dd3d781c8780c5407d601` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer https://u-h-x.com/td/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/td/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:21 GMT Last-Modified Mon, 09 Oct 2017 12:49:12 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 20120
GET H/1.1	200 OK	ew_theme_14_3_en.css u-h-x.com/td/files/	11 KB 11 KB	282ms 93ms	Stylesheet text/css	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Full URL https://u-h-x.com/td/files/ew_theme_14_3_en.css Requested by Host: u-h-x.com URL: https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `b2d9c957b9168e10e8e752e1a9a6197b3e7a1ba95d33f70cf9bd1119c8a137e1` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer https://u-h-x.com/td/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/td/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:21 GMT Last-Modified Mon, 09 Oct 2017 12:49:08 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 10800
GET H/1.1	200 OK	evergreen_theme_14_3.css u-h-x.com/td/files/	104 KB 104 KB	294ms 98ms	Stylesheet text/css	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Full URL https://u-h-x.com/td/files/evergreen_theme_14_3.css Requested by Host: u-h-x.com URL: https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `f3e70b9486f1f521021b79bdc167963bb9566ca6de1861ec5d3fd70cabe3b0ae` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer https://u-h-x.com/td/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/td/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:21 GMT Last-Modified Mon, 09 Oct 2017 12:49:10 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 106131
GET H/1.1	200 OK	default.css u-h-x.com/td/files/	246 KB 247 KB	295ms 99ms	Stylesheet text/css	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Full URL https://u-h-x.com/td/files/default.css Requested by Host: u-h-x.com URL: https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `e8c8f0dec058cce2bc71ed4c89b95dd168ad94326b44ce3bf7d07cbbb1e049ba` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer https://u-h-x.com/td/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/td/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:21 GMT Last-Modified Mon, 09 Oct 2017 12:49:06 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 252249
GET H/1.1	200 OK	td_shield_nowhitespace.gif u-h-x.com/td/files/	1 KB 2 KB	96ms 95ms	Image image/gif	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/td/files/td_shield_nowhitespace.gif Requested by Host: u-h-x.com URL: https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `7fa7af429485271c7dc4dfad0ce08e74f0d683b39ae00c4738b03f8d92b5615c` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/td/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/td/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:21 GMT Last-Modified Mon, 09 Oct 2017 12:49:06 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1523
GET H/1.1	200 OK	transp.gif u-h-x.com/td/files/	49 B 289 B	95ms 95ms	Image image/gif	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/td/files/transp.gif Requested by Host: u-h-x.com URL: https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `3c5b83e390d046c3623c4b8e35b58aaf64a7481bb2372fb51ae2e0e7818f7407` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/td/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/td/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:21 GMT Last-Modified Mon, 09 Oct 2017 12:49:08 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 49
GET H/1.1	200 OK	close.png u-h-x.com/td/files/	3 KB 3 KB	120ms 119ms	Image image/png	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/td/files/close.png Requested by Host: u-h-x.com URL: https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `251245923e7870e797383091be01a92336f54a74648855f0616ffc571c8440ac` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/td/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/td/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:21 GMT Last-Modified Mon, 09 Oct 2017 12:49:10 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 2961
GET H/1.1	200 OK	td-tablet-bythelake.jpg u-h-x.com/td/files/	13 KB 13 KB	99ms 98ms	Image image/jpeg	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/td/files/td-tablet-bythelake.jpg Requested by Host: u-h-x.com URL: https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `f822125542840ee739ef56f5473a2e08320af27b42ad433bcc8f77bcfd6a26da` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/td/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/td/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:21 GMT Last-Modified Mon, 09 Oct 2017 12:49:08 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 13022
GET H/1.1	200 OK	mbanner.jpg u-h-x.com/td/files/	32 KB 32 KB	98ms 97ms	Image image/jpeg	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/td/files/mbanner.jpg Requested by Host: u-h-x.com URL: https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `c5107a4a2ef17a9e45f0df64edc6ec46933e1151f66e3ce8d1e592a1a3918a72` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/td/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/td/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:21 GMT Last-Modified Mon, 09 Oct 2017 12:49:10 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 32900
GET H/1.1	200 OK	td-icon-info.png u-h-x.com/td/files/	3 KB 3 KB	100ms 100ms	Image image/png	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/td/files/td-icon-info.png Requested by Host: u-h-x.com URL: https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `4b83d3e9c912d758763ff09149bcabafeffccd8d1a93b2055e92e301fb9e4e88` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/td/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/td/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:21 GMT Last-Modified Mon, 09 Oct 2017 12:49:10 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2702
GET H/1.1	404 Not Found	icon-expand.gif u-h-x.com/td/img/	339 B 339 B	98ms 95ms	Image text/html	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/td/img/icon-expand.gif Requested by Host: u-h-x.com URL: https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `9b73501dc5ea50954d5d7ad5db2dea12c01595d3795fda622e51c9dc354f9680` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/td/files/default.css Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/td/files/default.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:21 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 339 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	lock.jpg u-h-x.com/td/assets/img/	339 B 339 B	280ms 95ms	Image text/html	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/td/assets/img/lock.jpg Requested by Host: u-h-x.com URL: https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `1c27bb5e2c7a522df0727ccacede06fdbf5bd2215a39c696fca9e9712335d066` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/td/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/td/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:22 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 339 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	icon-link-secondary.png u-h-x.com/td/assets/img/	354 B 354 B	178ms 97ms	Image text/html	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/td/assets/img/icon-link-secondary.png Requested by Host: u-h-x.com URL: https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `86440fe3e42ef9351d8a15331c9f8638154ae39ca4735fafbacbbf7efdcf0f90` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/td/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/td/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:21 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 354 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	level2-bgHome.gif u-h-x.com/td/img/	341 B 341 B	180ms 96ms	Image text/html	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/td/img/level2-bgHome.gif Requested by Host: u-h-x.com URL: https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `aae0877032f5b5850fb44f766b5d32658b72389f6d6583ef95b3344bbe4dd307` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/td/files/default.css Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/td/files/default.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:21 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=96 Content-Length 341 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	icon-magnifyingglass.gif u-h-x.com/td/img/	348 B 348 B	179ms 95ms	Image text/html	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/td/img/icon-magnifyingglass.gif Requested by Host: u-h-x.com URL: https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `f2d835738025a2903b803b0066d1295e43e2305b8cfacabe698f294c35d0c189` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/td/files/default.css Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/td/files/default.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:21 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 348 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	icon-link-list.png u-h-x.com/td/img/	342 B 342 B	179ms 93ms	Image text/html	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/td/img/icon-link-list.png Requested by Host: u-h-x.com URL: https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `fb23ddce1ec9cef27da31750095d2e0b97297da5812e43258c4a801a1c47b2ea` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/td/files/default.css Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/td/files/default.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:21 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 342 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	icon-arrow-green.gif u-h-x.com/td/img/	344 B 344 B	96ms 95ms	Image text/html	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/td/img/icon-arrow-green.gif Requested by Host: u-h-x.com URL: https://u-h-x.com/td/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `425ed986faea26f5f74cf993cef97d97d45cb3f1ff32f9ef0239f379c7ffbd9b` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/td/files/default.css Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/td/files/default.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:22 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 344 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: TD Bank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| Check

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

u-h-x.com
142.44.163.33
0ee05882414e66190bdad594144843bcc8e45c48accc5f35091c5220ffea1c4d
1c27bb5e2c7a522df0727ccacede06fdbf5bd2215a39c696fca9e9712335d066
251245923e7870e797383091be01a92336f54a74648855f0616ffc571c8440ac
3c5b83e390d046c3623c4b8e35b58aaf64a7481bb2372fb51ae2e0e7818f7407
425ed986faea26f5f74cf993cef97d97d45cb3f1ff32f9ef0239f379c7ffbd9b
4b83d3e9c912d758763ff09149bcabafeffccd8d1a93b2055e92e301fb9e4e88
7fa7af429485271c7dc4dfad0ce08e74f0d683b39ae00c4738b03f8d92b5615c
86440fe3e42ef9351d8a15331c9f8638154ae39ca4735fafbacbbf7efdcf0f90
9b73501dc5ea50954d5d7ad5db2dea12c01595d3795fda622e51c9dc354f9680
aae0877032f5b5850fb44f766b5d32658b72389f6d6583ef95b3344bbe4dd307
b2d9c957b9168e10e8e752e1a9a6197b3e7a1ba95d33f70cf9bd1119c8a137e1
c1ef1df288218693bdfa9e2c01c449dfb455d2db012dd3d781c8780c5407d601
c5107a4a2ef17a9e45f0df64edc6ec46933e1151f66e3ce8d1e592a1a3918a72
e8c8f0dec058cce2bc71ed4c89b95dd168ad94326b44ce3bf7d07cbbb1e049ba
f2d835738025a2903b803b0066d1295e43e2305b8cfacabe698f294c35d0c189
f3e70b9486f1f521021b79bdc167963bb9566ca6de1861ec5d3fd70cabe3b0ae
f822125542840ee739ef56f5473a2e08320af27b42ad433bcc8f77bcfd6a26da
fb23ddce1ec9cef27da31750095d2e0b97297da5812e43258c4a801a1c47b2ea

u-h-x.com Open in urlscan Pro 142.44.163.33 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

472 kBTransfer

469 kBSize

0 Cookies

3 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

u-h-x.com Open in urlscan Pro
142.44.163.33 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

472 kB
Transfer

469 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!