www-banking-ubs-ch2.com Open in urlscan Pro
2606:4700:3031::ac43:c335  Malicious Activity! Public Scan

Submitted URL: https://www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8?=ok
Effective URL: https://www-banking-ubs-ch2.com/de/workbench/login.php
Submission: On May 26 via automatic, source phishtank — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 2606:4700:3031::ac43:c335, located in United States and belongs to CLOUDFLARENET, US. The main domain is www-banking-ubs-ch2.com.
TLS certificate: Issued by E1 on May 26th 2022. Valid for: 3 months.
This is the only time www-banking-ubs-ch2.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UBS (Banking)

Domain & IP information

IP Address AS Autonomous System
4 4 2606:4700:303... 13335 (CLOUDFLAR...)
3 12 2606:4700:303... 13335 (CLOUDFLAR...)
9 2
Apex Domain
Subdomains
Transfer
12 www-banking-ubs-ch2.com
www-banking-ubs-ch2.com
235 KB
4 redirect-ubs-ch2.com
www50.redirect-ubs-ch2.com
2 KB
9 2
Domain Requested by
12 www-banking-ubs-ch2.com 3 redirects www-banking-ubs-ch2.com
4 www50.redirect-ubs-ch2.com 4 redirects
9 2

This site contains no links.

Subject Issuer Validity Valid
*.www-banking-ubs-ch2.com
E1
2022-05-26 -
2022-08-24
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www-banking-ubs-ch2.com/de/workbench/login.php
Frame ID: 8134B4A41D92B13EDC68C623AB52942C
Requests: 14 HTTP requests in this frame

Screenshot

Page Title

UBS E-Banking Login | UBS Schweiz

Page URL History Show full URLs

  1. https://www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8?=ok HTTP 301
    http://www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8/?=ok HTTP 301
    https://www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8/?=ok HTTP 302
    https://www50.redirect-ubs-ch2.com/ubs.php HTTP 302
    https://www-banking-ubs-ch2.com/de/workbench/e.php?email= HTTP 302
    https://www-banking-ubs-ch2.com/de/workbench/index.php HTTP 302
    https://www-banking-ubs-ch2.com/de/workbench/.index.php HTTP 302
    https://www-banking-ubs-ch2.com/de/workbench/login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

9
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

233 kB
Transfer

460 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8?=ok HTTP 301
    http://www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8/?=ok HTTP 301
    https://www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8/?=ok HTTP 302
    https://www50.redirect-ubs-ch2.com/ubs.php HTTP 302
    https://www-banking-ubs-ch2.com/de/workbench/e.php?email= HTTP 302
    https://www-banking-ubs-ch2.com/de/workbench/index.php HTTP 302
    https://www-banking-ubs-ch2.com/de/workbench/.index.php HTTP 302
    https://www-banking-ubs-ch2.com/de/workbench/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login.php
www-banking-ubs-ch2.com/de/workbench/
Redirect Chain
  • https://www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8?=ok
  • http://www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8/?=ok
  • https://www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8/?=ok
  • https://www50.redirect-ubs-ch2.com/ubs.php
  • https://www-banking-ubs-ch2.com/de/workbench/e.php?email=
  • https://www-banking-ubs-ch2.com/de/workbench/index.php
  • https://www-banking-ubs-ch2.com/de/workbench/.index.php
  • https://www-banking-ubs-ch2.com/de/workbench/login.php
13 KB
4 KB
Document
General
Full URL
https://www-banking-ubs-ch2.com/de/workbench/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c335 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.2.18 PleskLin
Resource Hash
90c49bf19ed86f2c58756a99c3799e9c937c377a9501b166db137bcce822698d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7117ca4e08109b6e-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 26 May 2022 16:12:04 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Thu, 19 Nov 1981 08:52:00 GMT
ms-author-via
DAV
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DdYAEymTPqZSIji9Y3jClfiblsf%2F%2BJ6Iy3CruBbXHUdbCqQgH%2BPj9IMniWPXHCWcPNTj6SGwlCHVdLuOudX27L7U66heRcnQ3hf2Go6lAx%2BrIAjLgp%2BEruGgyZ9riERNFbb6hiKd616Oy%2FmqfBv3tyFLALP3QQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.2.18 PleskLin

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7117ca4d4e3c9b6e-FRA
content-type
text/html; charset=UTF-8
date
Thu, 26 May 2022 16:12:04 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
./login.php
ms-author-via
DAV
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hYQkLcvLVCu63D5gIXYFcq8vzE4CMMYSqC8pQG%2Bs%2FBUiipVVm2HcJWBoM7s8rEIPFQHwd1WAJRyc2O42p1hmt%2BXoZfdd5J%2BQ0vlkWeW%2FmL8VQvTgpsajnn8qVwQ%2BRjeZurwQEOcSPrIFLi3V5PfBtx534f3NqA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.2.18 PleskLin
uwr.css
www-banking-ubs-ch2.com/de/workbench/Schweiz_files/
186 KB
42 KB
Stylesheet
General
Full URL
https://www-banking-ubs-ch2.com/de/workbench/Schweiz_files/uwr.css
Requested by
Host: www-banking-ubs-ch2.com
URL: https://www-banking-ubs-ch2.com/de/workbench/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c335 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
7dcadd6979668d8e3eadf973bc8d9a8a9dcce4eabf275f6275a7cad54676664c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www-banking-ubs-ch2.com/de/workbench/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 26 May 2022 16:12:04 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6231
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 18 May 2022 06:28:11 GMT
server
cloudflare
etag
W/"628491fb-2e737"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DucBGItgfmXDbiEDq%2FS3Orxri5Wbi7LTGY9vLwZwwhyn6KKE4mEHl7zccae5acLQ1bVfLd3BGpn9XlCqbxO429nkMP5ebyq10ls6gyAN3ktSM8QCft%2Bm5RoxApCs9XkuIvHAaag5Byh9RXKqF9AU4mGpFyZCtw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
7117ca4eb98f9b6e-FRA
default.css
www-banking-ubs-ch2.com/de/workbench/Schweiz_files/
39 KB
12 KB
Stylesheet
General
Full URL
https://www-banking-ubs-ch2.com/de/workbench/Schweiz_files/default.css
Requested by
Host: www-banking-ubs-ch2.com
URL: https://www-banking-ubs-ch2.com/de/workbench/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c335 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
08798db0058ad9a53d71bbb3e986f665392a4f564e69090077c9d875cd424a40

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www-banking-ubs-ch2.com/de/workbench/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 26 May 2022 16:12:04 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6231
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 18 May 2022 06:28:11 GMT
server
cloudflare
etag
W/"628491fb-9d1c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2%2BOuhk%2BgGylQpyqGqfYZYCn9X9Mb4f2CdtF5gsTwo09JBZpXNSbnnD1OjcA2d3WzQjLuiz4oTUrpCzSU0NyrYk%2BEvm06kKFxBEdUpoefIfJFrOoyw8USKfBijtG%2FJdZlyz%2Buv%2FqOD9iTfOfSQB2JQrZaodK83A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
7117ca4eb9939b6e-FRA
invisible.js
www-banking-ubs-ch2.com/cdn-cgi/challenge-platform/h/b/scripts/
45 KB
16 KB
Script
General
Full URL
https://www-banking-ubs-ch2.com/cdn-cgi/challenge-platform/h/b/scripts/invisible.js?ts=1653580800
Requested by
Host: www-banking-ubs-ch2.com
URL: https://www-banking-ubs-ch2.com/de/workbench/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c335 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ef79dc74bd174dd756863f437ab74e7cf82290eb20f9717d47ae53b79dd97bf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www-banking-ubs-ch2.com/de/workbench/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 26 May 2022 16:12:04 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FC%2F9JHalauVHw81X1WhUNc4oA7V647%2BhuttCZR481rEfgk6O%2FCnHTFaZgoxcuTGcLLzqpvLipYCmLcBAu9o%2B3AmC8D00NVgmCfLpR6aGXhhR99gPH4h3ycWGzmcAutswMmN76boHFMt3HNJhEjgWS22PRzy39w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
7117ca4eea109b6e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
truncated
/
6 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
167d91249d9000e337cbaaaa58a6f446f0beba3fa2b62eaef0fddd2a82f82263

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
526 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
329a54a4d1966abb2a846911add2bbee0944c6afd17cff49f3a86cb24a2e2c37

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
526 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
80a57ce9e47761df90463391c2fb538c0da1e24b8da19df8d7970ed72d75663f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
409b4bec-c67e-4764-a141-054db8df81d2.woff
www-banking-ubs-ch2.com/de/workbench/Schweiz_files/widgets/Common/fonts/ubs-latin-extended/
59 KB
59 KB
Font
General
Full URL
https://www-banking-ubs-ch2.com/de/workbench/Schweiz_files/widgets/Common/fonts/ubs-latin-extended/409b4bec-c67e-4764-a141-054db8df81d2.woff
Requested by
Host: www-banking-ubs-ch2.com
URL: https://www-banking-ubs-ch2.com/de/workbench/Schweiz_files/uwr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c335 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
337ec17f70f0041ed0e70bfd10cac161da800980036a66342791091c10bf22d1

Request headers

Referer
https://www-banking-ubs-ch2.com/de/workbench/Schweiz_files/uwr.css
Origin
https://www-banking-ubs-ch2.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 26 May 2022 16:12:04 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6231
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
60260
last-modified
Wed, 18 May 2022 06:28:11 GMT
server
cloudflare
etag
"628491fb-eb64"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ejG%2Bfyu4MvQMvYyhV0byNBgv9Q44Y4Gq3%2FzsPOFHP65xd%2BxEpXwvhtCuq32t6M0dgYFX0YFAz8Iw82xd4BfKxe94MhtE8mrxoxMWZFBT9UkQoIIi0KeBbxwivIMKZrPx99BORADiIGxx8pzDpyqM30lUxR24AA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/x-font-woff
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7117ca4f1abc9b6e-FRA
truncated
/
533 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1484e7fd1898dd79dfa52a93cc617ed4e31c8c22829413d8b5d5b56f8c5fff6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
269 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a5b6ae766d573afb8cae66dffd417ef3bd34e8615f714c79f4668474bf49436d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/png
illustrations-login_keychain.png
www-banking-ubs-ch2.com/de/workbench/images/
20 KB
20 KB
Image
General
Full URL
https://www-banking-ubs-ch2.com/de/workbench/images/illustrations-login_keychain.png
Requested by
Host: www-banking-ubs-ch2.com
URL: https://www-banking-ubs-ch2.com/de/workbench/Schweiz_files/default.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c335 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
2192281c5f07f6a11781f3f980f4cc3542ca6cbf29c417c0eb5d1636c84863a4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www-banking-ubs-ch2.com/de/workbench/Schweiz_files/default.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 26 May 2022 16:12:04 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6231
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
20174
last-modified
Wed, 18 May 2022 06:28:12 GMT
server
cloudflare
etag
"628491fc-4ece"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HZLXZ4bjxCxdoe7Zi%2F0%2Bape7UDGbH4rX3bR%2FY1EIXrX%2Fwk1pMPF%2B7nDwcmP%2FcaEr6KseSDyGmbfnFnE6uHzg7qKTxC77qmVLmuP%2B7xg7WwLuz0%2FVKXxcOAT2%2FGz6q7GoWRv%2FvbktI9nRNQ1vCyjaUukALIDhFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7117ca4f1ad69b6e-FRA
59d9a83f-4045-4d43-af46-655f845461ee.woff
www-banking-ubs-ch2.com/de/workbench/Schweiz_files/widgets/Common/fonts/ubs-latin-extended/
70 KB
71 KB
Font
General
Full URL
https://www-banking-ubs-ch2.com/de/workbench/Schweiz_files/widgets/Common/fonts/ubs-latin-extended/59d9a83f-4045-4d43-af46-655f845461ee.woff
Requested by
Host: www-banking-ubs-ch2.com
URL: https://www-banking-ubs-ch2.com/de/workbench/Schweiz_files/uwr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c335 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
31b67d268afc10ee4a23749d1c406633589e64272a8e151f97a50cd1a34802a2

Request headers

Referer
https://www-banking-ubs-ch2.com/de/workbench/Schweiz_files/uwr.css
Origin
https://www-banking-ubs-ch2.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 26 May 2022 16:12:04 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6231
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
71616
last-modified
Wed, 18 May 2022 06:28:11 GMT
server
cloudflare
etag
"628491fb-117c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RTUaYGFYQJ1uUXWAsxOHXEdJ6ErtbRvBWMvRScxBNwPG70bgzG4kcDP7fpK6vv6kunwddpFLHVUoGYhnTS3mt%2B2lQVLYzYnxCAARNzH0mx5TgIlweumZBDwOOLDDyrWRSitjTAR0UjO2aeSRbOeai%2FYPcjEHoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/x-font-woff
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7117ca4f1ad89b6e-FRA
pica.js
www-banking-ubs-ch2.com/cdn-cgi/challenge-platform/h/b/scripts/
20 KB
7 KB
Other
General
Full URL
https://www-banking-ubs-ch2.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Requested by
Host: www-banking-ubs-ch2.com
URL: https://www-banking-ubs-ch2.com/de/workbench/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c335 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67bfb6f91f25f99e4b43477239b21b5f6ab4cfbc68ed04fc3e9188f3fa5cb3f3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www-banking-ubs-ch2.com/de/workbench/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 26 May 2022 16:12:04 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NocQiEcSWu%2BCa6FbZVH5W%2BnGn2BPG2GhmiB5JQkrFkQjlHqupMntoglPcbXtSi0l4uCZ1lXJMNUt%2BVJ%2FCbI97T7HdXVXTCnZB%2B0y8%2F%2BjdNf7P2joS72ikK9btlJbQv71FNm3FqIhKv3fX4ZW%2B4EOf1SMajxfTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=604800, public
x-control-type-options
nosniff
cf-ray
7117ca4f4b339b6e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
7117ca4e08109b6e
www-banking-ubs-ch2.com/cdn-cgi/challenge-platform/h/b/cv/result/
2 B
741 B
XHR
General
Full URL
https://www-banking-ubs-ch2.com/cdn-cgi/challenge-platform/h/b/cv/result/7117ca4e08109b6e
Requested by
Host: www-banking-ubs-ch2.com
URL: https://www-banking-ubs-ch2.com/cdn-cgi/challenge-platform/h/b/scripts/invisible.js?ts=1653580800
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c335 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://www-banking-ubs-ch2.com/de/workbench/login.php
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 26 May 2022 16:12:04 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6TILatyyQJ1GKi%2F2Bekdk9%2F63317WLkTmeg9ntt7FZNsKhKUkTQdBTLt6t0ZungMjiFkPhw3i02Nq923Zu8psl8QCu35Ex%2F3LeNqlhU4gE%2BZ1%2BNJsFl6F8agE8gjFyhA0croo8TUmJ6elPOQIA13UTC6pARqKg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
7117ca520a519b6e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UBS (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| __CF$cv$params

3 Cookies

Domain/Path Name / Value
www50.redirect-ubs-ch2.com/1c126e9993e874a06dba214d1193b6b8 Name: link_mail
Value: ok
www-banking-ubs-ch2.com/ Name: PHPSESSID
Value: 6560voan33irg34489hon8503c
.www-banking-ubs-ch2.com/ Name: __cf_bm
Value: w.NOBJG9FMNTHjPI7GFtp0BrchiDHPW2vOarK.CEuaA-1653581524-0-AeV8oerr5132grQHE4t2Kvf2IIvqE7uULiXmc4r4OvRRR8Ljp3URvFMTNDQukvg77rVbXGQ31Cw5jzK1aGCgNYx2MQpml//qblrT2RIL/Wc9xzvGh2IfUz7U7HY7exGXhw==