ubx.tfa.mybluehost.me Open in urlscan Pro
162.241.224.98 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.ang.gob.mx/
Effective URL:
https://ubx.tfa.mybluehost.me/sbb/fss/signin.php
Submission: On December 03 via api (December 3rd 2024, 10:44:53 am UTC) from US — Scanned from CH

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 11 HTTP transactions. The main IP is 162.241.224.98, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is ubx.tfa.mybluehost.me.
TLS certificate: Issued by R10 on November 4th 2024. Valid for: 3 months.

This is the only time ubx.tfa.mybluehost.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Schweizerische Bundesbahnen (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
2	198.59.144.26 198.59.144.26	17378 (AS17378) (AS17378)
2 9	162.241.224.98 162.241.224.98	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	2a06:98c1:320... 2a06:98c1:3200::90:80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.67.66.204 3.67.66.204	16509 (AMAZON-02) (AMAZON-02)
11	4

2 198.59.144.26 (United States)

ASN17378 (AS17378, US)
PTR: svgr275.serverneubox.com.mx

www.ang.gob.mx	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 162.241.224.98 (United States) 2 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5175.bluehost.com

ubx.tfa.mybluehost.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3200::90:80 (United States)

ASN13335 (CLOUDFLARENET, US)

resources.swisspass.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.67.66.204 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-67-66-204.eu-central-1.compute.amazonaws.com

cdn.app.sbb.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	mybluehost.me 2 redirects ubx.tfa.mybluehost.me	193 KB
2	ang.gob.mx www.ang.gob.mx	549 B
1	sbb.ch cdn.app.sbb.ch — Cisco Umbrella Rank: 433694	14 KB
1	swisspass.ch resources.swisspass.ch	197 KB
11	4

	Domain	Requested by
9	ubx.tfa.mybluehost.me	2 redirects ubx.tfa.mybluehost.me
2	www.ang.gob.mx
1	cdn.app.sbb.ch	ubx.tfa.mybluehost.me
1	resources.swisspass.ch	ubx.tfa.mybluehost.me
11	4

This site contains no links.

Subject Issuer	Validity	Valid
ang.gob.mx R11	`2024-11-02` - `2025-01-31`	3 months	crt.sh
cpanel.ubx.tfa.mybluehost.me R10	`2024-11-04` - `2025-02-02`	3 months	crt.sh
swisspass.ch SwissSign RSA TLS DV ICA 2022 - 1	`2024-03-14` - `2025-03-14`	a year	crt.sh
*.app.sbb.ch Amazon RSA 2048 M02	`2024-07-16` - `2025-08-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ubx.tfa.mybluehost.me/sbb/fss/signin.php
Frame ID: 370581F7ABFFC6D3F368D237D7A7EC0B
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

SwissPass

Page URL History Show full URLs

https://www.ang.gob.mx/ Page URL
https://ubx.tfa.mybluehost.me/sbb/ HTTP 302
https://ubx.tfa.mybluehost.me/sbb/fss/index.php HTTP 302
https://ubx.tfa.mybluehost.me/sbb/fss/signin.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

11
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

404 kB
Transfer

560 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.ang.gob.mx/ Page URL
https://ubx.tfa.mybluehost.me/sbb/ HTTP 302
https://ubx.tfa.mybluehost.me/sbb/fss/index.php HTTP 302
https://ubx.tfa.mybluehost.me/sbb/fss/signin.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
www.ang.gob.mx/ 155 B
374 B 1337ms
146ms Document
text/html 198.59.144.26
AS17378

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ang.gob.mx/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.59.144.26 , United States, ASN17378 (AS17378, US),

Reverse DNS

svgr275.serverneubox.com.mx

Software

Apache / PHP/8.1.30

Resource Hash

ff6178c7195ae29bb02fc15b561b1ab89ea6e1e1ebd8f8930cb00da6e59c4b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

content-encoding: gzip
content-length: 140
content-type: text/html; charset=UTF-8
date: Tue, 03 Dec 2024 10:44:46 GMT
referrer-policy: no-referrer-when-downgrade
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: PHP/8.1.30
x-xss-protection: 1

GET
H2

200

Primary Request signin.php Show response
ubx.tfa.mybluehost.me/sbb/fss/
Redirect Chain

https://ubx.tfa.mybluehost.me/sbb/
https://ubx.tfa.mybluehost.me/sbb/fss/index.php
https://ubx.tfa.mybluehost.me/sbb/fss/signin.php

18 KB
6 KB

199ms
199ms

Document
text/html

162.241.224.98
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ubx.tfa.mybluehost.me/sbb/fss/signin.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.224.98 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5175.bluehost.com
Software: nginx/1.25.5 /
Resource Hash: 2ec440268944bf1318d5a03d4ffa70f96d8812557b512cd868d56b39e663dc33

Request headers

Referer: https://www.ang.gob.mx/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 5979
content-type: text/html; charset=UTF-8
date: Tue, 03 Dec 2024 10:44:47 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
pragma: no-cache
server: nginx/1.25.5
vary: Accept-Encoding
x-endurance-cache-level: 2
x-newfold-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: false

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 03 Dec 2024 10:44:46 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
location: signin.php
pragma: no-cache
server: nginx/1.25.5
x-endurance-cache-level: 2
x-newfold-cache-level: 2
x-nginx-cache: WordPress
x-proxy-cache: MISS
x-server-cache: true

GET
H2 200 favicon.ico
www.ang.gob.mx/ 155 B
175 B 146ms
146ms Other
text/html 198.59.144.26
AS17378

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ang.gob.mx/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.59.144.26 , United States, ASN17378 (AS17378, US),

Reverse DNS

svgr275.serverneubox.com.mx

Software

Apache / PHP/8.1.30

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://www.ang.gob.mx/

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
content-length: 140
x-xss-protection: 1
date: Tue, 03 Dec 2024 10:44:46 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.1.30
vary: Accept-Encoding,User-Agent
server: Apache
x-frame-options: SAMEORIGIN

GET
H2 200 sso.min-20200819.css
ubx.tfa.mybluehost.me/sbb/fss/Login%20_%20SwissPass_files/ 180 KB
34 KB 618ms
617ms Stylesheet
text/css 162.241.224.98
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ubx.tfa.mybluehost.me/sbb/fss/Login%20_%20SwissPass_files/sso.min-20200819.css
Requested by: Host: ubx.tfa.mybluehost.me
URL: https://ubx.tfa.mybluehost.me/sbb/fss/signin.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.224.98 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5175.bluehost.com
Software: Apache /
Resource Hash: da86a8f910323e36049f6fee7c877d53f9f5020f2031efdfabaec371476e1b5a

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://ubx.tfa.mybluehost.me/sbb/fss/signin.php

Response headers

x-nginx-cache: WordPress
server: Apache
cache-control: max-age=2592000
x-newfold-cache-level: 2
content-encoding: gzip
expires: Thu, 02 Jan 2025 10:44:47 GMT
accept-ranges: bytes
date: Tue, 03 Dec 2024 10:44:47 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Sun, 26 Nov 2023 17:05:34 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
content-type: text/css

GET
H2 200 logo_text_de-20200819.svg
ubx.tfa.mybluehost.me/sbb/fss/ 137 KB
137 KB 312ms
311ms Image
image/svg+xml 162.241.224.98
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ubx.tfa.mybluehost.me/sbb/fss/logo_text_de-20200819.svg
Requested by: Host: ubx.tfa.mybluehost.me
URL: https://ubx.tfa.mybluehost.me/sbb/fss/signin.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.224.98 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5175.bluehost.com
Software: Apache /
Resource Hash: c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://ubx.tfa.mybluehost.me/sbb/fss/signin.php

Response headers

x-nginx-cache: WordPress
cache-control: max-age=21600
x-newfold-cache-level: 2
expires: Tue, 03 Dec 2024 16:44:47 GMT
accept-ranges: bytes
content-length: 139971
date: Tue, 03 Dec 2024 10:44:47 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Sun, 26 Nov 2023 17:05:34 GMT
x-endurance-cache-level: 2
server: Apache
content-type: image/svg+xml

GET
H2 200 logo-20200819.svg
ubx.tfa.mybluehost.me/sbb/fss/ 7 KB
7 KB 617ms
617ms Image
image/svg+xml 162.241.224.98
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ubx.tfa.mybluehost.me/sbb/fss/logo-20200819.svg
Requested by: Host: ubx.tfa.mybluehost.me
URL: https://ubx.tfa.mybluehost.me/sbb/fss/signin.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.224.98 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5175.bluehost.com
Software: Apache /
Resource Hash: deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://ubx.tfa.mybluehost.me/sbb/fss/signin.php

Response headers

x-nginx-cache: WordPress
cache-control: max-age=21600
x-newfold-cache-level: 2
expires: Tue, 03 Dec 2024 16:44:47 GMT
accept-ranges: bytes
content-length: 7374
date: Tue, 03 Dec 2024 10:44:47 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Sun, 26 Nov 2023 17:05:34 GMT
x-endurance-cache-level: 2
server: Apache
content-type: image/svg+xml

GET
H2 200 loader-20200819.png
ubx.tfa.mybluehost.me/sbb/fss/Login%20_%20SwissPass_files/ 272 B
351 B 623ms
622ms Image
image/png 162.241.224.98
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ubx.tfa.mybluehost.me/sbb/fss/Login%20_%20SwissPass_files/loader-20200819.png
Requested by: Host: ubx.tfa.mybluehost.me
URL: https://ubx.tfa.mybluehost.me/sbb/fss/signin.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.224.98 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5175.bluehost.com
Software: Apache /
Resource Hash: f766c7457c6ec463eaa85778aa47261344f1772e0b7cf1987ad212f889f472f5

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://ubx.tfa.mybluehost.me/sbb/fss/signin.php

Response headers

x-nginx-cache: WordPress
cache-control: max-age=31536000
x-newfold-cache-level: 2
expires: Wed, 03 Dec 2025 10:44:47 GMT
accept-ranges: bytes
content-length: 272
date: Tue, 03 Dec 2024 10:44:47 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Sun, 26 Nov 2023 17:05:34 GMT
x-endurance-cache-level: 2
server: Apache
content-type: image/png

GET
H2 200 login_bg.jpg
resources.swisspass.ch/content/dam/swisspass/co-branding/swiss_ch/ 196 KB
197 KB 172ms
51ms Image
image/jpeg 2a06:98c1:3200::90:80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://resources.swisspass.ch/content/dam/swisspass/co-branding/swiss_ch/login_bg.jpg

Requested by

Host: ubx.tfa.mybluehost.me
URL: https://ubx.tfa.mybluehost.me/sbb/fss/signin.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3200::90:80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

58a037c0bde953b48561826f3df16031f7ddfce33c4018619d3f39c6af6eec1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://ubx.tfa.mybluehost.me/

Response headers

cf-bgj: h2pri
etag: "310e5-628584f002698"
age: 5877
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Tue, 03 Dec 2024 16:44:47 GMT
x-url: /content/dam/swisspass/co-branding/swiss_ch/login_bg.jpg
x-varnish: 574135348
x-cache: MISS
date: Tue, 03 Dec 2024 10:44:47 GMT
content-type: image/jpeg
last-modified: Tue, 03 Dec 2024 07:06:47 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=16070400; includeSubDomains
cache-control: public, max-age=21600
referrer-policy: same-origin
cf-ray: 8ec2f6a76b541545-CDG
accept-ranges: bytes
content-length: 200933
x-plattform: cprod
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 SBBWeb-Light.woff2
cdn.app.sbb.ch/fonts/v1_6_subset/ 14 KB
14 KB 95ms
42ms Font
application/font-woff2 3.67.66.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Light.woff2
Requested by: Host: ubx.tfa.mybluehost.me
URL: https://ubx.tfa.mybluehost.me/sbb/fss/Login%20_%20SwissPass_files/sso.min-20200819.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.67.66.204 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-67-66-204.eu-central-1.compute.amazonaws.com
Software: nginx/1.27.3 /
Resource Hash: 5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Origin: https://ubx.tfa.mybluehost.me
Referer: https://ubx.tfa.mybluehost.me/

Response headers

access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With
cache-control: max-age=31536000, public, private
content-encoding: br
etag: W/"6745a85c-3784"
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
expires: Wed, 03 Dec 2025 10:44:47 GMT
access-control-allow-origin: *
date: Tue, 03 Dec 2024 10:44:47 GMT
content-type: application/font-woff2
last-modified: Tue, 26 Nov 2024 10:52:12 GMT
server: nginx/1.27.3
vary: Accept-Encoding

GET
H2 200 icomoon.woff2
ubx.tfa.mybluehost.me/sbb/fss/ 7 KB
7 KB 164ms
164ms Font
font/woff2 162.241.224.98
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ubx.tfa.mybluehost.me/sbb/fss/icomoon.woff2
Requested by: Host: ubx.tfa.mybluehost.me
URL: https://ubx.tfa.mybluehost.me/sbb/fss/signin.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.224.98 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5175.bluehost.com
Software: Apache /
Resource Hash: 78a4a776506b173ae79fd021d0e9003c7d653ca204ea1d69bea4d553f92f787d

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Origin: https://ubx.tfa.mybluehost.me
Referer: https://ubx.tfa.mybluehost.me/sbb/fss/signin.php

Response headers

x-nginx-cache: WordPress
cache-control: max-age=21600
x-newfold-cache-level: 2
expires: Tue, 03 Dec 2024 16:44:47 GMT
accept-ranges: bytes
content-length: 6676
date: Tue, 03 Dec 2024 10:44:47 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Sun, 26 Nov 2023 17:05:34 GMT
x-endurance-cache-level: 2
server: Apache
content-type: font/woff2

GET
H2 200 favicon.ico
ubx.tfa.mybluehost.me/sbb/fss/Login%20_%20SwissPass_files/ 1 KB
1 KB 195ms
195ms Other
image/x-icon 162.241.224.98
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ubx.tfa.mybluehost.me/sbb/fss/Login%20_%20SwissPass_files/favicon.ico?v=20140709-1126
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.224.98 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5175.bluehost.com
Software: nginx/1.25.5 /
Resource Hash: 7c1925da382279a72f94990d0a1456f78918619f35780ea0905e4ae0db684677

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://ubx.tfa.mybluehost.me/sbb/fss/signin.php

Response headers

x-nginx-cache: WordPress
cache-control: max-age=31536000
x-newfold-cache-level: 2
expires: Wed, 03 Dec 2025 10:44:48 GMT
accept-ranges: bytes
x-server-cache: false
content-length: 1150
date: Tue, 03 Dec 2024 10:44:48 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/x-icon
last-modified: Sun, 26 Nov 2023 17:05:34 GMT
server: nginx/1.25.5
x-endurance-cache-level: 2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Schweizerische Bundesbahnen (Transportation)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| validateForm

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ubx.tfa.mybluehost.me/	1969-12-31 23:59:59	Name: PHPSESSID Value: 4b32391f2ae5c40907be1884807ed090
			.swisspass.ch/	1970-01-21 01:27:04	Name: __cf_bm Value: 8xsm5oyup0o_aSFS7lhktYIeAnYydKra.I0hg2X5kCc-1733222687-1.0.1.1-KCEdeG9c4mnkLeaMLO3kzXol29PVAt.To7eXh9jObMLXzSh.ryTeLKsCAUpA3wH_GF_WCHg7xo41gGDqQPIBwg

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	warning	URL: https://ubx.tfa.mybluehost.me/sbb/fss/signin.php Message: [DOM] Found 2 elements with non-unique id #login_button: (More info: https://goo.gl/9p2vKq) %o %o
recommendation	verbose	URL: https://ubx.tfa.mybluehost.me/sbb/fss/signin.php Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.app.sbb.ch
resources.swisspass.ch
ubx.tfa.mybluehost.me
www.ang.gob.mx
162.241.224.98
198.59.144.26
2a06:98c1:3200::90:80
3.67.66.204
2ec440268944bf1318d5a03d4ffa70f96d8812557b512cd868d56b39e663dc33
58a037c0bde953b48561826f3df16031f7ddfce33c4018619d3f39c6af6eec1b
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf
78a4a776506b173ae79fd021d0e9003c7d653ca204ea1d69bea4d553f92f787d
7c1925da382279a72f94990d0a1456f78918619f35780ea0905e4ae0db684677
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
da86a8f910323e36049f6fee7c877d53f9f5020f2031efdfabaec371476e1b5a
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909
f766c7457c6ec463eaa85778aa47261344f1772e0b7cf1987ad212f889f472f5
ff6178c7195ae29bb02fc15b561b1ab89ea6e1e1ebd8f8930cb00da6e59c4b44

ubx.tfa.mybluehost.me Open in urlscan Pro 162.241.224.98 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

404 kBTransfer

560 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

2 Console Messages

Security Headers

Indicators

ubx.tfa.mybluehost.me Open in urlscan Pro
162.241.224.98 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

404 kB
Transfer

560 kB
Size

2
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!