secure.htb-uk.com Open in urlscan Pro
199.188.200.49 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://secure.htb-uk.com/verify/register.php
Submission: On December 04 via automatic, source phishtank (December 4th 2018, 11:42:12 am UTC)

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 15 HTTP transactions. The main IP is 199.188.200.49, located in Los Angeles, United States and belongs to NAMECHEAP-NET - Namecheap, Inc., US. The main domain is secure.htb-uk.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on October 28th 2018. Valid for: a year.

This is the only time secure.htb-uk.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Banking (Banking)

Domain & IP information

	IP Address		AS Autonomous System
15	199.188.200.49 199.188.200.49		22612 (NAMECHEAP...) (NAMECHEAP-NET - Namecheap)
15	1

15 199.188.200.49 (Los Angeles, United States)

ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
PTR: server239-4.web-hosting.com

secure.htb-uk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	htb-uk.com secure.htb-uk.com	383 KB
15	1

	Domain	Requested by
15	secure.htb-uk.com	secure.htb-uk.com
15	1

This site contains no links.

Subject Issuer	Validity	Valid
secure.htb-uk.com COMODO RSA Domain Validation Secure Server CA	`2018-10-28` - `2019-10-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://secure.htb-uk.com/verify/register.php
Frame ID: 7E56ACF27D03F4922F8DEFF409FA1A52
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

383 kB
Transfer

541 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request register.php Show response secure.htb-uk.com/verify/	14 KB 3 KB	513ms 172ms	Document text/html	199.188.200.49 Namecheap
General Check archive.org Show headers Download Go to Full URL https://secure.htb-uk.com/verify/register.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.188.200.49 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US), Reverse DNS server239-4.web-hosting.com Software Apache / PHP/5.6.38 Resource Hash `13aad1e033b70ba9265978c23953be732f0df5e03f9d40f514f68db1c93f9449` Request headers :method GET :authority secure.htb-uk.com :scheme https :path /verify/register.php pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 accept-encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 200 date Tue, 04 Dec 2018 11:41:55 GMT server Apache x-powered-by PHP/5.6.38 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache set-cookie PHPSESSID=tk944gfhijs882d7qct2c0fue0; path=/ vary Accept-Encoding content-encoding gzip content-length 2649 content-type text/html; charset=UTF-8
GET H2	200	admin.css secure.htb-uk.com/verify/css/	7 KB 1 KB	628ms 626ms	Stylesheet text/css	199.188.200.49 Namecheap
General Check archive.org Show headers Download Go to Full URL https://secure.htb-uk.com/verify/css/admin.css Requested by Host: secure.htb-uk.com URL: https://secure.htb-uk.com/verify/register.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.188.200.49 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US), Reverse DNS server239-4.web-hosting.com Software Apache / Resource Hash `241650dec32e7c3371b7c03a221f0a716fd3324a5b3b620005ce135e4cea0455` Request headers :path /verify/css/admin.css pragma no-cache cookie PHPSESSID=tk944gfhijs882d7qct2c0fue0 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority secure.htb-uk.com referer https://secure.htb-uk.com/verify/register.php :scheme https :method GET Referer https://secure.htb-uk.com/verify/register.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 04 Dec 2018 11:41:55 GMT content-encoding gzip last-modified Wed, 14 Feb 2018 23:53:24 GMT server Apache accept-language bytes vary Accept-Encoding content-type text/css status 200 content-length 1164
GET H2	200	styles.css secure.htb-uk.com/verify/css/	8 KB 1 KB	1410ms 1408ms	Stylesheet text/css	199.188.200.49 Namecheap
General Check archive.org Show headers Download Go to Full URL https://secure.htb-uk.com/verify/css/styles.css Requested by Host: secure.htb-uk.com URL: https://secure.htb-uk.com/verify/register.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.188.200.49 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US), Reverse DNS server239-4.web-hosting.com Software Apache / Resource Hash `9d3c229b4a94a10767f8cc099e4dfef7ef6618676acf450899daa68f7879c7b5` Request headers :path /verify/css/styles.css pragma no-cache cookie PHPSESSID=tk944gfhijs882d7qct2c0fue0 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority secure.htb-uk.com referer https://secure.htb-uk.com/verify/register.php :scheme https :method GET Referer https://secure.htb-uk.com/verify/register.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 04 Dec 2018 11:41:55 GMT content-encoding gzip last-modified Wed, 14 Feb 2018 23:53:24 GMT server Apache accept-language bytes vary Accept-Encoding content-type text/css status 200 content-length 905
GET H2	200	SpryValidationTextField.css secure.htb-uk.com/verify/library/spry/textfieldvalidation/	3 KB 1 KB	473ms 471ms	Stylesheet text/css	199.188.200.49 Namecheap
General Check archive.org Show headers Download Go to Full URL https://secure.htb-uk.com/verify/library/spry/textfieldvalidation/SpryValidationTextField.css Requested by Host: secure.htb-uk.com URL: https://secure.htb-uk.com/verify/register.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.188.200.49 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US), Reverse DNS server239-4.web-hosting.com Software Apache / Resource Hash `fe66e1ac55db34d0e5cee989abca4fd8f56fecbd48d207a448c3ebbc7f3f53a5` Request headers :path /verify/library/spry/textfieldvalidation/SpryValidationTextField.css pragma no-cache cookie PHPSESSID=tk944gfhijs882d7qct2c0fue0 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority secure.htb-uk.com referer https://secure.htb-uk.com/verify/register.php :scheme https :method GET Referer https://secure.htb-uk.com/verify/register.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 04 Dec 2018 11:41:55 GMT content-encoding gzip last-modified Wed, 14 Feb 2018 23:53:24 GMT server Apache accept-language bytes vary Accept-Encoding content-type text/css status 200 content-length 1052
GET H2	200	SpryValidationTextField.js Show response secure.htb-uk.com/verify/library/spry/textfieldvalidation/	76 KB 17 KB	1410ms 1409ms	Script application/javascript	199.188.200.49 Namecheap
General Check archive.org Show headers Download Go to Full URL https://secure.htb-uk.com/verify/library/spry/textfieldvalidation/SpryValidationTextField.js Requested by Host: secure.htb-uk.com URL: https://secure.htb-uk.com/verify/register.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.188.200.49 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US), Reverse DNS server239-4.web-hosting.com Software Apache / Resource Hash `8afc9e8be90a0dade9144c614be204ff1d24161b022697d0c0dfdf54b25b74dd` Request headers :path /verify/library/spry/textfieldvalidation/SpryValidationTextField.js pragma no-cache cookie PHPSESSID=tk944gfhijs882d7qct2c0fue0 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority secure.htb-uk.com referer https://secure.htb-uk.com/verify/register.php :scheme https :method GET Referer https://secure.htb-uk.com/verify/register.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 04 Dec 2018 11:41:55 GMT content-encoding gzip last-modified Tue, 02 Oct 2018 18:58:28 GMT server Apache accept-language bytes vary Accept-Encoding content-type application/javascript status 200 content-length 17141
GET H2	200	SpryValidationPassword.css secure.htb-uk.com/verify/library/spry/passwordvalidation/	2 KB 1 KB	1409ms 1407ms	Stylesheet text/css	199.188.200.49 Namecheap
General Check archive.org Show headers Download Go to Full URL https://secure.htb-uk.com/verify/library/spry/passwordvalidation/SpryValidationPassword.css Requested by Host: secure.htb-uk.com URL: https://secure.htb-uk.com/verify/register.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.188.200.49 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US), Reverse DNS server239-4.web-hosting.com Software Apache / Resource Hash `7d126481b896a3891781af58b7c2d44550203fc5614cf0bca6115e89409288d9` Request headers :path /verify/library/spry/passwordvalidation/SpryValidationPassword.css pragma no-cache cookie PHPSESSID=tk944gfhijs882d7qct2c0fue0 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority secure.htb-uk.com referer https://secure.htb-uk.com/verify/register.php :scheme https :method GET Referer https://secure.htb-uk.com/verify/register.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 04 Dec 2018 11:41:55 GMT content-encoding gzip last-modified Wed, 14 Feb 2018 23:53:24 GMT server Apache accept-language bytes vary Accept-Encoding content-type text/css status 200 content-length 868
GET H2	200	SpryValidationPassword.js Show response secure.htb-uk.com/verify/library/spry/passwordvalidation/	20 KB 5 KB	1409ms 1407ms	Script application/javascript	199.188.200.49 Namecheap
General Check archive.org Show headers Download Go to Full URL https://secure.htb-uk.com/verify/library/spry/passwordvalidation/SpryValidationPassword.js Requested by Host: secure.htb-uk.com URL: https://secure.htb-uk.com/verify/register.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.188.200.49 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US), Reverse DNS server239-4.web-hosting.com Software Apache / Resource Hash `6198d16a073378770a0b3fb554bba0a882e0846a2b8ce25db0e69ccf1a92623a` Request headers :path /verify/library/spry/passwordvalidation/SpryValidationPassword.js pragma no-cache cookie PHPSESSID=tk944gfhijs882d7qct2c0fue0 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority secure.htb-uk.com referer https://secure.htb-uk.com/verify/register.php :scheme https :method GET Referer https://secure.htb-uk.com/verify/register.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 04 Dec 2018 11:41:55 GMT content-encoding gzip last-modified Wed, 14 Feb 2018 23:53:24 GMT server Apache accept-language bytes vary Accept-Encoding content-type application/javascript status 200 content-length 4838
GET H2	200	SpryValidationSelect.css secure.htb-uk.com/verify/library/spry/selectvalidation/	2 KB 932 B	1408ms 1407ms	Stylesheet text/css	199.188.200.49 Namecheap
General Check archive.org Show headers Download Go to Full URL https://secure.htb-uk.com/verify/library/spry/selectvalidation/SpryValidationSelect.css Requested by Host: secure.htb-uk.com URL: https://secure.htb-uk.com/verify/register.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.188.200.49 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US), Reverse DNS server239-4.web-hosting.com Software Apache / Resource Hash `7fa4d0280c78f67c10e0dd5f6abf78e4e8f85f9f64792658160f4430cc5788cb` Request headers :path /verify/library/spry/selectvalidation/SpryValidationSelect.css pragma no-cache cookie PHPSESSID=tk944gfhijs882d7qct2c0fue0 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority secure.htb-uk.com referer https://secure.htb-uk.com/verify/register.php :scheme https :method GET Referer https://secure.htb-uk.com/verify/register.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 04 Dec 2018 11:41:55 GMT content-encoding gzip last-modified Wed, 14 Feb 2018 23:53:24 GMT server Apache accept-language bytes vary Accept-Encoding content-type text/css status 200 content-length 776
GET H2	200	SpryValidationSelect.js Show response secure.htb-uk.com/verify/library/spry/selectvalidation/	16 KB 4 KB	1410ms 1408ms	Script application/javascript	199.188.200.49 Namecheap
General Check archive.org Show headers Download Go to Full URL https://secure.htb-uk.com/verify/library/spry/selectvalidation/SpryValidationSelect.js Requested by Host: secure.htb-uk.com URL: https://secure.htb-uk.com/verify/register.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.188.200.49 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US), Reverse DNS server239-4.web-hosting.com Software Apache / Resource Hash `f0fc093fb8d9870e2ddf9913a6b9e66325b6fabdc6c0aa4a390285652fa3fe65` Request headers :path /verify/library/spry/selectvalidation/SpryValidationSelect.js pragma no-cache cookie PHPSESSID=tk944gfhijs882d7qct2c0fue0 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority secure.htb-uk.com referer https://secure.htb-uk.com/verify/register.php :scheme https :method GET Referer https://secure.htb-uk.com/verify/register.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 04 Dec 2018 11:41:55 GMT content-encoding gzip last-modified Wed, 14 Feb 2018 23:53:24 GMT server Apache accept-language bytes vary Accept-Encoding content-type application/javascript status 200 content-length 4155
GET H2	200	SpryValidationTextarea.css secure.htb-uk.com/verify/library/spry/textareavalidation/	3 KB 1 KB	1408ms 1407ms	Stylesheet text/css	199.188.200.49 Namecheap
General Check archive.org Show headers Download Go to Full URL https://secure.htb-uk.com/verify/library/spry/textareavalidation/SpryValidationTextarea.css Requested by Host: secure.htb-uk.com URL: https://secure.htb-uk.com/verify/register.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.188.200.49 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US), Reverse DNS server239-4.web-hosting.com Software Apache / Resource Hash `4e11da955344e6d9a37daf03b3153cebdb6faba73956843fb1bc4c853aef8f6f` Request headers :path /verify/library/spry/textareavalidation/SpryValidationTextarea.css pragma no-cache cookie PHPSESSID=tk944gfhijs882d7qct2c0fue0 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority secure.htb-uk.com referer https://secure.htb-uk.com/verify/register.php :scheme https :method GET Referer https://secure.htb-uk.com/verify/register.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 04 Dec 2018 11:41:55 GMT content-encoding gzip last-modified Wed, 14 Feb 2018 23:53:24 GMT server Apache accept-language bytes vary Accept-Encoding content-type text/css status 200 content-length 977
GET H2	200	SpryValidationTextarea.js Show response secure.htb-uk.com/verify/library/spry/textareavalidation/	37 KB 8 KB	1409ms 1408ms	Script application/javascript	199.188.200.49 Namecheap
General Check archive.org Show headers Download Go to Full URL https://secure.htb-uk.com/verify/library/spry/textareavalidation/SpryValidationTextarea.js Requested by Host: secure.htb-uk.com URL: https://secure.htb-uk.com/verify/register.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.188.200.49 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US), Reverse DNS server239-4.web-hosting.com Software Apache / Resource Hash `b7046c7aa47a828838eb033a267eeb25fa405bceba8cb5d441d281e14e9f9169` Request headers :path /verify/library/spry/textareavalidation/SpryValidationTextarea.js pragma no-cache cookie PHPSESSID=tk944gfhijs882d7qct2c0fue0 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority secure.htb-uk.com referer https://secure.htb-uk.com/verify/register.php :scheme https :method GET Referer https://secure.htb-uk.com/verify/register.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 04 Dec 2018 11:41:55 GMT content-encoding gzip last-modified Wed, 14 Feb 2018 23:53:24 GMT server Apache accept-language bytes vary Accept-Encoding content-type application/javascript status 200 content-length 8358
GET H2	200	SpryValidationConfirm.css secure.htb-uk.com/verify/library/spry/confirmvalidation/	2 KB 925 B	162ms 161ms	Stylesheet text/css	199.188.200.49 Namecheap
General Check archive.org Show headers Download Go to Full URL https://secure.htb-uk.com/verify/library/spry/confirmvalidation/SpryValidationConfirm.css Requested by Host: secure.htb-uk.com URL: https://secure.htb-uk.com/verify/register.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.188.200.49 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US), Reverse DNS server239-4.web-hosting.com Software Apache / Resource Hash `a13539eeddcf30f44d29ebaac8e689b2cf3ec6b4bf86af7e82f6baa0d7f78c91` Request headers :path /verify/library/spry/confirmvalidation/SpryValidationConfirm.css pragma no-cache cookie PHPSESSID=tk944gfhijs882d7qct2c0fue0 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority secure.htb-uk.com referer https://secure.htb-uk.com/verify/register.php :scheme https :method GET Referer https://secure.htb-uk.com/verify/register.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 04 Dec 2018 11:41:55 GMT content-encoding gzip last-modified Wed, 14 Feb 2018 23:53:24 GMT server Apache accept-language bytes vary Accept-Encoding content-type text/css status 200 content-length 769
GET H2	200	SpryValidationConfirm.js Show response secure.htb-uk.com/verify/library/spry/confirmvalidation/	17 KB 4 KB	1407ms 1406ms	Script application/javascript	199.188.200.49 Namecheap
General Check archive.org Show headers Download Go to Full URL https://secure.htb-uk.com/verify/library/spry/confirmvalidation/SpryValidationConfirm.js Requested by Host: secure.htb-uk.com URL: https://secure.htb-uk.com/verify/register.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.188.200.49 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US), Reverse DNS server239-4.web-hosting.com Software Apache / Resource Hash `621990ee882d48f1fd7096b6bc4617bb86f05fbf3b3262c18f60a1d759e3fe31` Request headers :path /verify/library/spry/confirmvalidation/SpryValidationConfirm.js pragma no-cache cookie PHPSESSID=tk944gfhijs882d7qct2c0fue0 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority secure.htb-uk.com referer https://secure.htb-uk.com/verify/register.php :scheme https :method GET Referer https://secure.htb-uk.com/verify/register.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 04 Dec 2018 11:41:55 GMT content-encoding gzip last-modified Wed, 14 Feb 2018 23:53:24 GMT server Apache accept-language bytes vary Accept-Encoding content-type application/javascript status 200 content-length 4198
GET H2	200	logo.png secure.htb-uk.com/verify/images/	303 KB 303 KB	316ms 316ms	Image image/png	199.188.200.49 Namecheap
General Check archive.org Show headers Download Go to Show image Full URL https://secure.htb-uk.com/verify/images/logo.png Requested by Host: secure.htb-uk.com URL: https://secure.htb-uk.com/verify/register.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.188.200.49 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US), Reverse DNS server239-4.web-hosting.com Software Apache / Resource Hash `f484418680e5ddaf5475043eab4a66f27e82074fc73d96c50b3177e153392623` Request headers :path /verify/images/logo.png pragma no-cache cookie PHPSESSID=tk944gfhijs882d7qct2c0fue0 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority secure.htb-uk.com referer https://secure.htb-uk.com/verify/register.php :scheme https :method GET Referer https://secure.htb-uk.com/verify/register.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 200 date Tue, 04 Dec 2018 11:41:55 GMT last-modified Mon, 29 Oct 2018 02:00:40 GMT server Apache accept-language bytes content-length 310393 content-type image/png
GET H2	200	bnk1.png secure.htb-uk.com/verify/images/	30 KB 30 KB	1443ms 1442ms	Image image/png	199.188.200.49 Namecheap
General Check archive.org Show headers Download Go to Show image Full URL https://secure.htb-uk.com/verify/images/bnk1.png Requested by Host: secure.htb-uk.com URL: https://secure.htb-uk.com/verify/register.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.188.200.49 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US), Reverse DNS server239-4.web-hosting.com Software Apache / Resource Hash `c320e6fc6ebd7083576c89b5ed4121f595015c5b7f24ffe7d49f415a30734566` Request headers :path /verify/images/bnk1.png pragma no-cache cookie PHPSESSID=tk944gfhijs882d7qct2c0fue0 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority secure.htb-uk.com referer https://secure.htb-uk.com/verify/register.php :scheme https :method GET Referer https://secure.htb-uk.com/verify/register.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 200 date Tue, 04 Dec 2018 11:41:55 GMT last-modified Mon, 29 Oct 2018 02:07:28 GMT server Apache accept-language bytes content-length 30807 content-type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Banking (Banking)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			secure.htb-uk.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: tk944gfhijs882d7qct2c0fue0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

secure.htb-uk.com
199.188.200.49
13aad1e033b70ba9265978c23953be732f0df5e03f9d40f514f68db1c93f9449
241650dec32e7c3371b7c03a221f0a716fd3324a5b3b620005ce135e4cea0455
4e11da955344e6d9a37daf03b3153cebdb6faba73956843fb1bc4c853aef8f6f
6198d16a073378770a0b3fb554bba0a882e0846a2b8ce25db0e69ccf1a92623a
621990ee882d48f1fd7096b6bc4617bb86f05fbf3b3262c18f60a1d759e3fe31
7d126481b896a3891781af58b7c2d44550203fc5614cf0bca6115e89409288d9
7fa4d0280c78f67c10e0dd5f6abf78e4e8f85f9f64792658160f4430cc5788cb
8afc9e8be90a0dade9144c614be204ff1d24161b022697d0c0dfdf54b25b74dd
9d3c229b4a94a10767f8cc099e4dfef7ef6618676acf450899daa68f7879c7b5
a13539eeddcf30f44d29ebaac8e689b2cf3ec6b4bf86af7e82f6baa0d7f78c91
b7046c7aa47a828838eb033a267eeb25fa405bceba8cb5d441d281e14e9f9169
c320e6fc6ebd7083576c89b5ed4121f595015c5b7f24ffe7d49f415a30734566
f0fc093fb8d9870e2ddf9913a6b9e66325b6fabdc6c0aa4a390285652fa3fe65
f484418680e5ddaf5475043eab4a66f27e82074fc73d96c50b3177e153392623
fe66e1ac55db34d0e5cee989abca4fd8f56fecbd48d207a448c3ebbc7f3f53a5

secure.htb-uk.com Open in urlscan Pro 199.188.200.49 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

383 kBTransfer

541 kBSize

1 Cookies

0 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

1 Cookies

Indicators

secure.htb-uk.com Open in urlscan Pro
199.188.200.49 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

383 kB
Transfer

541 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!