www-banking-ch2-ubs.com Open in urlscan Pro
2606:4700:3036::ac43:b3bb Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://https64.redirect-ch2-ubs.com/adab2cb831a5998ba8484e5eb76f2d02?=ok
Effective URL:
https://www-banking-ch2-ubs.com/de/workbench/login.php
Submission Tags: 7514076
Submission: On May 12 via api (May 12th 2022, 8:57:40 am UTC) from US — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 2606:4700:3036::ac43:b3bb, located in United States and belongs to CLOUDFLARENET, US. The main domain is www-banking-ch2-ubs.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 11th 2022. Valid for: a year.

This is the only time www-banking-ch2-ubs.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UBS (Banking)

Domain & IP information

	IP Address	AS Autonomous System
4 4	2606:4700:303... 2606:4700:3035::ac43:b43c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 12	2606:4700:303... 2606:4700:3036::ac43:b3bb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2

4 2606:4700:3035::ac43:b43c (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

https64.redirect-ch2-ubs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:3036::ac43:b3bb (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

www-banking-ch2-ubs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	www-banking-ch2-ubs.com 3 redirects www-banking-ch2-ubs.com	236 KB
4	redirect-ch2-ubs.com 4 redirects https64.redirect-ch2-ubs.com	2 KB
9	2

	Domain	Requested by
12	www-banking-ch2-ubs.com	3 redirects www-banking-ch2-ubs.com
4	https64.redirect-ch2-ubs.com	4 redirects
9	2

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-11` - `2023-05-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www-banking-ch2-ubs.com/de/workbench/login.php
Frame ID: 3F190C21CB2AD0E8C0E19C9C7E302B61
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

UBS E-Banking Login | UBS Schweiz

Page URL History Show full URLs

https://https64.redirect-ch2-ubs.com/adab2cb831a5998ba8484e5eb76f2d02?=ok HTTP 301
http://https64.redirect-ch2-ubs.com/adab2cb831a5998ba8484e5eb76f2d02/?=ok HTTP 301
https://https64.redirect-ch2-ubs.com/adab2cb831a5998ba8484e5eb76f2d02/?=ok HTTP 302
https://https64.redirect-ch2-ubs.com/ubs.php HTTP 302
https://www-banking-ch2-ubs.com/de/workbench/e.php?email= HTTP 302
https://www-banking-ch2-ubs.com/de/workbench/index.php HTTP 302
https://www-banking-ch2-ubs.com/de/workbench/.index.php HTTP 302
https://www-banking-ch2-ubs.com/de/workbench/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

9
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

235 kB
Transfer

463 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://https64.redirect-ch2-ubs.com/adab2cb831a5998ba8484e5eb76f2d02?=ok HTTP 301
http://https64.redirect-ch2-ubs.com/adab2cb831a5998ba8484e5eb76f2d02/?=ok HTTP 301
https://https64.redirect-ch2-ubs.com/adab2cb831a5998ba8484e5eb76f2d02/?=ok HTTP 302
https://https64.redirect-ch2-ubs.com/ubs.php HTTP 302
https://www-banking-ch2-ubs.com/de/workbench/e.php?email= HTTP 302
https://www-banking-ch2-ubs.com/de/workbench/index.php HTTP 302
https://www-banking-ch2-ubs.com/de/workbench/.index.php HTTP 302
https://www-banking-ch2-ubs.com/de/workbench/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
5 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request login.php Show response www-banking-ch2-ubs.com/de/workbench/ Redirect Chain https://https64.redirect-ch2-ubs.com/adab2cb831a5998ba8484e5eb76f2d02?=ok http://https64.redirect-ch2-ubs.com/adab2cb831a5998ba8484e5eb76f2d02/?=ok https://https64.redirect-ch2-ubs.com/adab2cb831a5998ba8484e5eb76f2d02/?=ok https://https64.redirect-ch2-ubs.com/ubs.php https://www-banking-ch2-ubs.com/de/workbench/e.php?email= https://www-banking-ch2-ubs.com/de/workbench/index.php https://www-banking-ch2-ubs.com/de/workbench/.index.php https://www-banking-ch2-ubs.com/de/workbench/login.php	13 KB 4 KB	116ms 115ms	Document text/html	2606:4700:3036::ac43:b3bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www-banking-ch2-ubs.com/de/workbench/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:b3bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.2.18 PleskLin Resource Hash `ae6f81ee4307cbf57755a91b4a4ade0ed1ee4e1f43772af3ff3b2945b7a44d95` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 70a1f2a17e4783be-MXP content-encoding br content-type text/html; charset=UTF-8 date Thu, 12 May 2022 08:57:36 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yrlp862I%2B0Lnq9ms%2F7Tra9JXjbH1%2FD%2FsUMqZAdSu3MAOZdZdACyv6gBZeux60V0SXse%2F7YMow3XVm5K%2B76ueb9vfUXRw9lb4uuDydhUoeZXOSZb2jZuMg9ohM5aJIthyyNnaJsE5OVznLqn%2F9fO3KGLCjybhRA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/7.2.18 PleskLin Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 70a1f2a0bc3f83be-MXP content-type text/html; charset=UTF-8 date Thu, 12 May 2022 08:57:36 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" expires Thu, 19 Nov 1981 08:52:00 GMT location ./login.php nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZqF7kw0UE0EKEttid3UTeCnBYGeFWA6GVMVXZ7PCu%2Fc%2F9rXVwFbtLDYsl1sAN81PqkEqV22stjfTRupHwlXp7V7K6KM1bqbyvZihC1a%2BqaNYmmpL3wIGArJmCl3cE2LLFKO%2BsdHdTVy8IC%2FEIyqTI3a7sPoqkw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.2.18 PleskLin
GET H3	200	uwr.css www-banking-ch2-ubs.com/de/workbench/Schweiz_files/	186 KB 42 KB	37ms 37ms	Stylesheet text/css	2606:4700:3036::ac43:b3bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www-banking-ch2-ubs.com/de/workbench/Schweiz_files/uwr.css Requested by Host: www-banking-ch2-ubs.com URL: https://www-banking-ch2-ubs.com/de/workbench/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:b3bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `7dcadd6979668d8e3eadf973bc8d9a8a9dcce4eabf275f6275a7cad54676664c` Request headers accept-language de-DE,de;q=0.9 Referer https://www-banking-ch2-ubs.com/de/workbench/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Thu, 12 May 2022 08:57:36 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2595 x-powered-by PleskLin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Thu, 05 May 2022 21:44:52 GMT server cloudflare etag W/"62744554-2e737" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RehGUlfjY51fARBZeZn2eV47z7FKq1HP%2FC8mOEVaR6IWCGbv5EWYJf%2Bd26jkNXU5bpFLsSznr8sBQdimKyhZCX1yHWoDpSfP%2F0fMvd9%2FeDTO7MyUZvkMwx%2BZOcDKdDRcEBYDtQ21a38OTopOHI8toBHBj3xVtA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 70a1f2a2990883be-MXP
GET H3	200	default.css www-banking-ch2-ubs.com/de/workbench/Schweiz_files/	39 KB 12 KB	76ms 75ms	Stylesheet text/css	2606:4700:3036::ac43:b3bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www-banking-ch2-ubs.com/de/workbench/Schweiz_files/default.css Requested by Host: www-banking-ch2-ubs.com URL: https://www-banking-ch2-ubs.com/de/workbench/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:b3bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `08798db0058ad9a53d71bbb3e986f665392a4f564e69090077c9d875cd424a40` Request headers accept-language de-DE,de;q=0.9 Referer https://www-banking-ch2-ubs.com/de/workbench/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Thu, 12 May 2022 08:57:36 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2595 x-powered-by PleskLin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Thu, 05 May 2022 21:44:52 GMT server cloudflare etag W/"62744554-9d1c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N5zGTE5QWrvfuJ3tj%2BpvFJl5Q44mgKzsWBo4CophhPJYhLx7MbRxk8RDy9rWouX%2FxG4Z%2FgxpTbwCsiNAUjIEA3EQaB2Zb4tvvDSBvUGr5WZiQk9fmdR%2BM7BtqPPL9uvWFPl91Km%2FQbplOuOl2AKJ9OJRkhAraA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 70a1f2a2990a83be-MXP
GET H3	200	invisible.js Show response www-banking-ch2-ubs.com/cdn-cgi/challenge-platform/h/b/scripts/	44 KB 16 KB	76ms 75ms	Script application/javascript	2606:4700:3036::ac43:b3bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www-banking-ch2-ubs.com/cdn-cgi/challenge-platform/h/b/scripts/invisible.js?ts=1652342400 Requested by Host: www-banking-ch2-ubs.com URL: https://www-banking-ch2-ubs.com/de/workbench/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:b3bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e82a0d205c7e7a2e69e4d9f378b2f0ffc6d1d86a49ada5a7758823eb8b78b5f1` Request headers accept-language de-DE,de;q=0.9 Referer https://www-banking-ch2-ubs.com/de/workbench/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Thu, 12 May 2022 08:57:36 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=72l5RqWOJ76OiU3oFKfigB6XtyvjISa97p2Bl558sXL7KIgChwI06oKS3qtirfqZalvncTXKQW3%2F%2BqTfChYNX5aXABFbK24n8fYaI0n6Zsty90H6Ehn2e4LCRsxsp97ctFlBaHHBl7fN6sa9thAsZ9p294lFgQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=604800, public x-control-type-options nosniff cf-ray 70a1f2a2990c83be-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET DATA	200 OK	truncated /	6 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `167d91249d9000e337cbaaaa58a6f446f0beba3fa2b62eaef0fddd2a82f82263` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	526 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `329a54a4d1966abb2a846911add2bbee0944c6afd17cff49f3a86cb24a2e2c37` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	526 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `80a57ce9e47761df90463391c2fb538c0da1e24b8da19df8d7970ed72d75663f` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Content-Type image/svg+xml
GET H3	200	409b4bec-c67e-4764-a141-054db8df81d2.woff www-banking-ch2-ubs.com/de/workbench/Schweiz_files/widgets/Common/fonts/ubs-latin-extended/	59 KB 59 KB	31ms 31ms	Font application/x-font-woff	2606:4700:3036::ac43:b3bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www-banking-ch2-ubs.com/de/workbench/Schweiz_files/widgets/Common/fonts/ubs-latin-extended/409b4bec-c67e-4764-a141-054db8df81d2.woff Requested by Host: www-banking-ch2-ubs.com URL: https://www-banking-ch2-ubs.com/de/workbench/Schweiz_files/uwr.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:b3bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `337ec17f70f0041ed0e70bfd10cac161da800980036a66342791091c10bf22d1` Request headers Referer https://www-banking-ch2-ubs.com/de/workbench/Schweiz_files/uwr.css Origin https://www-banking-ch2-ubs.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Thu, 12 May 2022 08:57:36 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2595 x-powered-by PleskLin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 60260 last-modified Thu, 05 May 2022 21:44:52 GMT server cloudflare etag "62744554-eb64" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=psPImX7Yqpi3Aw46RWOxj0Q8PpmBbltcjvCJEFOez245EnKdEk%2FZiDPfGV4cIkFayNZuobgVZKrZW%2BANXBTGYTZLTu4%2F0lvJE%2FQH9UxLaMegbSnLXdG4HTPzxhQMMe9whYCx7hfAk5%2Fwz3cB%2B19HLAYjvq3EcQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-font-woff cache-control max-age=14400 accept-ranges bytes cf-ray 70a1f2a32a8083be-MXP
GET DATA	200 OK	truncated /	533 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b1484e7fd1898dd79dfa52a93cc617ed4e31c8c22829413d8b5d5b56f8c5fff6` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	269 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a5b6ae766d573afb8cae66dffd417ef3bd34e8615f714c79f4668474bf49436d` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Content-Type image/png
GET H3	200	illustrations-login_keychain.png www-banking-ch2-ubs.com/de/workbench/images/	20 KB 20 KB	45ms 45ms	Image image/png	2606:4700:3036::ac43:b3bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www-banking-ch2-ubs.com/de/workbench/images/illustrations-login_keychain.png Requested by Host: www-banking-ch2-ubs.com URL: https://www-banking-ch2-ubs.com/de/workbench/Schweiz_files/default.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:b3bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `2192281c5f07f6a11781f3f980f4cc3542ca6cbf29c417c0eb5d1636c84863a4` Request headers accept-language de-DE,de;q=0.9 Referer https://www-banking-ch2-ubs.com/de/workbench/Schweiz_files/default.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Thu, 12 May 2022 08:57:36 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2595 x-powered-by PleskLin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 20174 last-modified Wed, 23 Mar 2022 19:22:46 GMT server cloudflare etag "623b7386-4ece" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EG%2Fv%2BGGTVsW6uckPX0w4hCAlKPVT6BjJ16L%2Bf579sEPYjZv0oRlPZoUSdm%2Bv8s9qS6O9cvLRp%2FP2X0%2Bc5udLRFGdN%2FbJzA%2F%2FN8bWRUCL6LfJyZ2hKRpqgEwVhPJAi7uFWLgzA%2Fu%2F1LYzPQaMIefqh3vzj7W%2BBw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 70a1f2a32a9583be-MXP
GET H3	200	59d9a83f-4045-4d43-af46-655f845461ee.woff www-banking-ch2-ubs.com/de/workbench/Schweiz_files/widgets/Common/fonts/ubs-latin-extended/	70 KB 71 KB	45ms 45ms	Font application/x-font-woff	2606:4700:3036::ac43:b3bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www-banking-ch2-ubs.com/de/workbench/Schweiz_files/widgets/Common/fonts/ubs-latin-extended/59d9a83f-4045-4d43-af46-655f845461ee.woff Requested by Host: www-banking-ch2-ubs.com URL: https://www-banking-ch2-ubs.com/de/workbench/Schweiz_files/uwr.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:b3bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `31b67d268afc10ee4a23749d1c406633589e64272a8e151f97a50cd1a34802a2` Request headers Referer https://www-banking-ch2-ubs.com/de/workbench/Schweiz_files/uwr.css Origin https://www-banking-ch2-ubs.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Thu, 12 May 2022 08:57:36 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2595 x-powered-by PleskLin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 71616 last-modified Thu, 05 May 2022 21:44:52 GMT server cloudflare etag "62744554-117c0" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KRMjanaSCKF6VSKWA4urN51MCBqbk0nRlMdfLHscVhgJO%2B4FZleGoR7%2BS7l%2FvMl213WIf0DLVUV3Z%2B3yBhMwcXb0AeWzosrC5kbd1%2BoYK%2BV2Vndd%2FH0unXKTLgMViCIvLPJDUQanptmkifafr86Bpu9kn%2B6ssA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-font-woff cache-control max-age=14400 accept-ranges bytes cf-ray 70a1f2a32a9883be-MXP
GET H3	200	pica.js www-banking-ch2-ubs.com/cdn-cgi/challenge-platform/h/b/scripts/	25 KB 9 KB	43ms 43ms	Other application/javascript	2606:4700:3036::ac43:b3bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www-banking-ch2-ubs.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js Requested by Host: www-banking-ch2-ubs.com URL: https://www-banking-ch2-ubs.com/de/workbench/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:b3bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `189fae186982db9c00826fb8489667088c07cea513e6bdfd3d5f329af8fbcb00` Request headers accept-language de-DE,de;q=0.9 Referer https://www-banking-ch2-ubs.com/de/workbench/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Thu, 12 May 2022 08:57:36 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D4DonJN03UQewECB91o8Q%2FjHxVVFSYR7XfpFLRfgjG0aKwOX1u9MrZ1ndD1w5j0rj0dVwWlqqwIj4e%2FKCmfoTwBSTRJUrpywsG3yrJHzpQKvJATIpgvVB2TxJJuw4sNxAcI%2BKPBtLJQBymE31XFcNuMxWA8paQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=604800, public x-control-type-options nosniff cf-ray 70a1f2a34ada83be-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST H3	200	70a1f2a17e4783be Show response www-banking-ch2-ubs.com/cdn-cgi/challenge-platform/h/b/cv/result/	2 B 739 B	59ms 59ms	XHR text/plain	2606:4700:3036::ac43:b3bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www-banking-ch2-ubs.com/cdn-cgi/challenge-platform/h/b/cv/result/70a1f2a17e4783be Requested by Host: www-banking-ch2-ubs.com URL: https://www-banking-ch2-ubs.com/cdn-cgi/challenge-platform/h/b/scripts/invisible.js?ts=1652342400 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:b3bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df` Request headers Referer https://www-banking-ch2-ubs.com/de/workbench/login.php accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Content-Type application/json Response headers date Thu, 12 May 2022 08:57:36 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=srjBJa9nphe6VblnQ9i0kCIPF7pAKpeKVNjzd%2F8o3UhsAvc4HrOd5PkdzkYD4HlJQ6912aB1bO3yj8B6avYnH6CWn9rp1jDxdIIpTO3NnCi%2B4JY7HRm3S4EOmQEMDpW%2Fyz44QXmwQCSIda5FWX38ltdJafO48g%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 cf-ray 70a1f2a5b9c083be-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UBS (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
https64.redirect-ch2-ubs.com/adab2cb831a5998ba8484e5eb76f2d02	1970-01-23 18:35:05	Name: link_mail Value: ok
www-banking-ch2-ubs.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: j1s10m3nuls9m687uunc862sg4
.www-banking-ch2-ubs.com/	1970-01-20 02:59:07	Name: __cf_bm Value: pT63bBeKUxPpSFMpDUMIT24s6ZFYaZEOHnk_cfBhJmM-1652345856-0-AURbSsgI6xQL60NbvxG7+YUcB6c3ql0RCPVN9tNaPMisbcy+4gEhVADFn/6nqP3sw269clWiLz3I/H3L/w2U7GoQXyTns4n1/qvact4/liSWR6CMSNsLkA7uO8dWosGA/Q==

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

https64.redirect-ch2-ubs.com
www-banking-ch2-ubs.com
2606:4700:3035::ac43:b43c
2606:4700:3036::ac43:b3bb
08798db0058ad9a53d71bbb3e986f665392a4f564e69090077c9d875cd424a40
167d91249d9000e337cbaaaa58a6f446f0beba3fa2b62eaef0fddd2a82f82263
189fae186982db9c00826fb8489667088c07cea513e6bdfd3d5f329af8fbcb00
2192281c5f07f6a11781f3f980f4cc3542ca6cbf29c417c0eb5d1636c84863a4
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
31b67d268afc10ee4a23749d1c406633589e64272a8e151f97a50cd1a34802a2
329a54a4d1966abb2a846911add2bbee0944c6afd17cff49f3a86cb24a2e2c37
337ec17f70f0041ed0e70bfd10cac161da800980036a66342791091c10bf22d1
7dcadd6979668d8e3eadf973bc8d9a8a9dcce4eabf275f6275a7cad54676664c
80a57ce9e47761df90463391c2fb538c0da1e24b8da19df8d7970ed72d75663f
a5b6ae766d573afb8cae66dffd417ef3bd34e8615f714c79f4668474bf49436d
ae6f81ee4307cbf57755a91b4a4ade0ed1ee4e1f43772af3ff3b2945b7a44d95
b1484e7fd1898dd79dfa52a93cc617ed4e31c8c22829413d8b5d5b56f8c5fff6
e82a0d205c7e7a2e69e4d9f378b2f0ffc6d1d86a49ada5a7758823eb8b78b5f1

www-banking-ch2-ubs.com Open in urlscan Pro 2606:4700:3036::ac43:b3bb Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

235 kBTransfer

463 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

3 Cookies

Indicators

www-banking-ch2-ubs.com Open in urlscan Pro
2606:4700:3036::ac43:b3bb Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

235 kB
Transfer

463 kB
Size

3
Cookies

9 HTTP transactions
5 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!