www-banking-ubs-ch2.com
Open in
urlscan Pro
2606:4700:3031::ac43:c335
Malicious Activity!
Public Scan
Effective URL: https://www-banking-ubs-ch2.com/de/workbench/login.php
Submission: On May 26 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by E1 on May 26th 2022. Valid for: 3 months.
This is the only time www-banking-ubs-ch2.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UBS (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 4 | 2606:4700:303... 2606:4700:3037::6815:118d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 12 | 2606:4700:303... 2606:4700:3031::ac43:c335 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
www-banking-ubs-ch2.com
3 redirects
www-banking-ubs-ch2.com |
235 KB |
4 |
redirect-ubs-ch2.com
4 redirects
www50.redirect-ubs-ch2.com |
2 KB |
9 | 2 |
Domain | Requested by | |
---|---|---|
12 | www-banking-ubs-ch2.com |
3 redirects
www-banking-ubs-ch2.com
|
4 | www50.redirect-ubs-ch2.com | 4 redirects |
9 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.www-banking-ubs-ch2.com E1 |
2022-05-26 - 2022-08-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www-banking-ubs-ch2.com/de/workbench/login.php
Frame ID: 8134B4A41D92B13EDC68C623AB52942C
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
UBS E-Banking Login | UBS SchweizPage URL History Show full URLs
-
https://www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8?=ok
HTTP 301
http://www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8/?=ok HTTP 301
https://www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8/?=ok HTTP 302
https://www50.redirect-ubs-ch2.com/ubs.php HTTP 302
https://www-banking-ubs-ch2.com/de/workbench/e.php?email= HTTP 302
https://www-banking-ubs-ch2.com/de/workbench/index.php HTTP 302
https://www-banking-ubs-ch2.com/de/workbench/.index.php HTTP 302
https://www-banking-ubs-ch2.com/de/workbench/login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8?=ok
HTTP 301
http://www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8/?=ok HTTP 301
https://www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8/?=ok HTTP 302
https://www50.redirect-ubs-ch2.com/ubs.php HTTP 302
https://www-banking-ubs-ch2.com/de/workbench/e.php?email= HTTP 302
https://www-banking-ubs-ch2.com/de/workbench/index.php HTTP 302
https://www-banking-ubs-ch2.com/de/workbench/.index.php HTTP 302
https://www-banking-ubs-ch2.com/de/workbench/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
login.php
www-banking-ubs-ch2.com/de/workbench/ Redirect Chain
|
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
uwr.css
www-banking-ubs-ch2.com/de/workbench/Schweiz_files/ |
186 KB 42 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
default.css
www-banking-ubs-ch2.com/de/workbench/Schweiz_files/ |
39 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
invisible.js
www-banking-ubs-ch2.com/cdn-cgi/challenge-platform/h/b/scripts/ |
45 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
526 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
526 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
409b4bec-c67e-4764-a141-054db8df81d2.woff
www-banking-ubs-ch2.com/de/workbench/Schweiz_files/widgets/Common/fonts/ubs-latin-extended/ |
59 KB 59 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
533 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
269 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
illustrations-login_keychain.png
www-banking-ubs-ch2.com/de/workbench/images/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
59d9a83f-4045-4d43-af46-655f845461ee.woff
www-banking-ubs-ch2.com/de/workbench/Schweiz_files/widgets/Common/fonts/ubs-latin-extended/ |
70 KB 71 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pica.js
www-banking-ubs-ch2.com/cdn-cgi/challenge-platform/h/b/scripts/ |
20 KB 7 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
7117ca4e08109b6e
www-banking-ubs-ch2.com/cdn-cgi/challenge-platform/h/b/cv/result/ |
2 B 741 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UBS (Banking)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| __CF$cv$params3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8 | Name: link_mail Value: ok |
|
www-banking-ubs-ch2.com/ | Name: PHPSESSID Value: 6560voan33irg34489hon8503c |
|
.www-banking-ubs-ch2.com/ | Name: __cf_bm Value: w.NOBJG9FMNTHjPI7GFtp0BrchiDHPW2vOarK.CEuaA-1653581524-0-AeV8oerr5132grQHE4t2Kvf2IIvqE7uULiXmc4r4OvRRR8Ljp3URvFMTNDQukvg77rVbXGQ31Cw5jzK1aGCgNYx2MQpml//qblrT2RIL/Wc9xzvGh2IfUz7U7HY7exGXhw== |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www-banking-ubs-ch2.com
www50.redirect-ubs-ch2.com
2606:4700:3031::ac43:c335
2606:4700:3037::6815:118d
08798db0058ad9a53d71bbb3e986f665392a4f564e69090077c9d875cd424a40
167d91249d9000e337cbaaaa58a6f446f0beba3fa2b62eaef0fddd2a82f82263
2192281c5f07f6a11781f3f980f4cc3542ca6cbf29c417c0eb5d1636c84863a4
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
31b67d268afc10ee4a23749d1c406633589e64272a8e151f97a50cd1a34802a2
329a54a4d1966abb2a846911add2bbee0944c6afd17cff49f3a86cb24a2e2c37
337ec17f70f0041ed0e70bfd10cac161da800980036a66342791091c10bf22d1
67bfb6f91f25f99e4b43477239b21b5f6ab4cfbc68ed04fc3e9188f3fa5cb3f3
7dcadd6979668d8e3eadf973bc8d9a8a9dcce4eabf275f6275a7cad54676664c
7ef79dc74bd174dd756863f437ab74e7cf82290eb20f9717d47ae53b79dd97bf
80a57ce9e47761df90463391c2fb538c0da1e24b8da19df8d7970ed72d75663f
90c49bf19ed86f2c58756a99c3799e9c937c377a9501b166db137bcce822698d
a5b6ae766d573afb8cae66dffd417ef3bd34e8615f714c79f4668474bf49436d
b1484e7fd1898dd79dfa52a93cc617ed4e31c8c22829413d8b5d5b56f8c5fff6