www.ulster.updated.one Open in urlscan Pro
20.77.106.190 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.ulster.updated.one/
Submission: On August 11 via automatic, source certstream-suspicious (August 11th 2022, 2:26:09 pm UTC) — Scanned from GB

Summary HTTP 24 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 24 HTTP transactions. The main IP is 20.77.106.190, located in London, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.ulster.updated.one.
TLS certificate: Issued by R3 on August 11th 2022. Valid for: 3 months.

This is the only time www.ulster.updated.one was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ulster Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
23	20.77.106.190 20.77.106.190		8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
24	2

23 20.77.106.190 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.ulster.updated.one	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	updated.one www.ulster.updated.one	214 KB
0	ulsterbank.co.uk Failed www.anytimebanking.ulsterbank.co.uk Failed
24	2

	Domain	Requested by
23	www.ulster.updated.one	www.ulster.updated.one
0	www.anytimebanking.ulsterbank.co.uk Failed	www.ulster.updated.one
24	2

This site contains links to these domains. Also see Links.

Domain
www.anytimebanking.ulsterbank.co.uk
www.ulsterbank.co.uk

Subject Issuer	Validity	Valid
ulster.updated.one R3	`2022-08-11` - `2022-11-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.ulster.updated.one/
Frame ID: 9CA559FA86D0050615C22DC2663EC3C1
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log in to Ulster Bank Anytime Internet Banking

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

24
Requests

96 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

214 kB
Transfer

670 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.anytimebanking.ulsterbank.co.uk/cookiesPolicy.aspx
Title: Privacy & Cookies

Search URL Search Domain Scan URL

URL: https://www.ulsterbank.co.uk/FSCSbrochure

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png HTTP 307
https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png

24 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.ulster.updated.one/	32 KB 6 KB	5444ms 5317ms	Document text/html	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.ulster.updated.one/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PHP/8.0.22 PleskLin Resource Hash `90375d0567bd807227fe6b83b7659f48cd5c6b77a1d3a2e30db92e059de06966` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 6250 content-type text/html; charset=UTF-8 date Thu, 11 Aug 2022 14:26:05 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server nginx vary Accept-Encoding x-powered-by PHP/8.0.22 PleskLin
GET H2	200	jquery.js Show response www.ulster.updated.one/js/	87 KB 30 KB	182ms 179ms	Script application/javascript	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.ulster.updated.one/js/jquery.js Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT content-encoding br etag W/"60f39902-15d9d" last-modified Sun, 18 Jul 2021 02:59:14 GMT server nginx x-powered-by PleskLin content-type application/javascript
GET H2	404	0881902459ab200056d2f50a63cb029a7f83d058e41dcc8140f3429d5d17e52f32d142c039b93ea4 www.ulster.updated.one/TSPD/	0 0	182ms 179ms	Script text/html	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.ulster.updated.one/TSPD/0881902459ab200056d2f50a63cb029a7f83d058e41dcc8140f3429d5d17e52f32d142c039b93ea4?type=17 Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / Resource Hash Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT content-encoding br last-modified Thu, 11 Aug 2022 00:54:41 GMT server nginx etag W/"328-5e5ec9c530115" content-type text/html
GET H2	200	master.css www.ulster.updated.one/files/	259 KB 45 KB	125ms 122ms	Stylesheet text/css	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.ulster.updated.one/files/master.css Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `de863d7d066d3438e1c8cb51ba10db9196369b8f9181434789cdbe80356a8ba5` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT content-encoding br etag W/"60f38618-40bfe" last-modified Sun, 18 Jul 2021 01:38:32 GMT server nginx x-powered-by PleskLin content-type text/css
GET H2	200	dpc.css www.ulster.updated.one/files/	47 KB 10 KB	179ms 177ms	Stylesheet text/css	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.ulster.updated.one/files/dpc.css Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `ecf9d34240c5226d8ec5a28653df365f73a750f89ea1bf4dcee746c566440bc2` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT content-encoding br etag W/"60f389bf-baae" last-modified Sun, 18 Jul 2021 01:54:07 GMT server nginx x-powered-by PleskLin content-type text/css
GET H2	200	ubr.css www.ulster.updated.one/files/	24 KB 6 KB	180ms 178ms	Stylesheet text/css	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.ulster.updated.one/files/ubr.css Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `6d9e7fca29e269a1dd3703882205db0190a40810983bb03f92593b721426c781` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT content-encoding br etag W/"60f38475-5f22" last-modified Sun, 18 Jul 2021 01:31:33 GMT server nginx x-powered-by PleskLin content-type text/css
GET H2	200	ubn.css www.ulster.updated.one/files/	6 KB 2 KB	181ms 179ms	Stylesheet text/css	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.ulster.updated.one/files/ubn.css Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `17f81d38208e8d3fd578a2ef065f7e56b3940602ae2f2c9abf30755793345a1e` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT content-encoding br etag W/"60f37287-1642" last-modified Sun, 18 Jul 2021 00:15:03 GMT server nginx x-powered-by PleskLin content-type text/css
GET H2	200	overlayPromptMaster.css www.ulster.updated.one/files/	1 KB 600 B	180ms 178ms	Stylesheet text/css	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.ulster.updated.one/files/overlayPromptMaster.css Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `42e70c32efffee33a1d8bddf152d6b754fa8abb83c6166444b8d41b217d9dae6` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT content-encoding br etag W/"60f37296-562" last-modified Sun, 18 Jul 2021 00:15:18 GMT server nginx x-powered-by PleskLin content-type text/css
GET H2	200	overlayPrompt.css www.ulster.updated.one/files/	39 B 207 B	179ms 178ms	Stylesheet text/css	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.ulster.updated.one/files/overlayPrompt.css Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `bcd8fe9f5c64fb55d16e65eaf8090ff5c51f417f65e7e52546ad0f21f6ecb824` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT content-encoding br last-modified Sun, 18 Jul 2021 00:15:38 GMT x-accel-version 0.01 x-powered-by PleskLin etag W/"27-5c75ab8627e80" content-type text/css server nginx
GET H2	200	mobile-master.css www.ulster.updated.one/files/	55 KB 13 KB	69ms 68ms	Stylesheet text/css	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.ulster.updated.one/files/mobile-master.css Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `adc679d2873b0dc94544775b6bd1603c4b9be656cd48523e03c93322e87ac6ec` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT content-encoding br etag W/"60f38622-dd7b" last-modified Sun, 18 Jul 2021 01:38:42 GMT server nginx x-powered-by PleskLin content-type text/css
GET H2	200	jquery.js Show response www.ulster.updated.one/files/	87 KB 30 KB	180ms 179ms	Script application/javascript	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.ulster.updated.one/files/jquery.js Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT content-encoding br etag W/"60f38086-15d9d" last-modified Sun, 18 Jul 2021 01:14:46 GMT server nginx x-powered-by PleskLin content-type application/javascript
GET H2	200	logo_ulster_bank.png www.ulster.updated.one/files/	3 KB 4 KB	59ms 58ms	Image image/png	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://www.ulster.updated.one/files/logo_ulster_bank.png Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `10ce268edf1ba191e66ab132d096f256e77fd67ca55e0c68aef2a9bc3c26d8c6` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT last-modified Sun, 18 Jul 2021 00:20:19 GMT server nginx x-powered-by PleskLin etag "60f373c3-d9b" content-type image/png accept-ranges bytes content-length 3483
GET H2	200	ubni-security-banner-vishing-194x443.gif www.ulster.updated.one/files/	14 KB 14 KB	58ms 58ms	Image image/gif	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://www.ulster.updated.one/files/ubni-security-banner-vishing-194x443.gif Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `819cef75d4acd620941b2533d3af0d474c9a366b61e415fc6ddd019a42527065` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT last-modified Sun, 18 Jul 2021 00:20:49 GMT server nginx x-powered-by PleskLin etag "60f373e1-387e" content-type image/gif accept-ranges bytes content-length 14462
GET H2	200	FSCS_Protected_Logo.png www.ulster.updated.one/files/	6 KB 6 KB	58ms 58ms	Image image/png	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://www.ulster.updated.one/files/FSCS_Protected_Logo.png Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT last-modified Sun, 18 Jul 2021 00:22:58 GMT server nginx x-powered-by PleskLin etag "60f37462-162f" content-type image/png accept-ranges bytes content-length 5679
GET		error-marker.png www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/ Redirect Chain https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png	0 0

GET H2	200	error-marker.png www.ulster.updated.one/files/	1 KB 1 KB	59ms 59ms	Image image/png	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://www.ulster.updated.one/files/error-marker.png Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `27f324f2ad60091d5e8f76adfef83f9122dc8aa8df29d0a8d970bfe06aaa5005` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT last-modified Sun, 18 Jul 2021 00:21:13 GMT server nginx x-powered-by PleskLin etag "60f373f9-442" content-type image/png accept-ranges bytes content-length 1090
GET H2	200	logged-in.svg www.ulster.updated.one/files/	521 B 694 B	58ms 58ms	Image image/svg+xml	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://www.ulster.updated.one/files/logged-in.svg Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/files/dpc.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `1ff7cebb66f03f7dcd94f88c1f390719cd7ea584eb625b1d63940224848614ff` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/files/dpc.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT etag "209-5c75ae87c5640" last-modified Sun, 18 Jul 2021 00:29:05 GMT server nginx x-powered-by PleskLin content-type image/svg+xml x-accel-version 0.01 accept-ranges bytes content-length 521
GET H2	200	RNHouseSansW05-Regular.woff2 www.ulster.updated.one/files/	21 KB 21 KB	58ms 58ms	Font font/woff2	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.ulster.updated.one/files/RNHouseSansW05-Regular.woff2 Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/files/master.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `9be8b2c42ad2d6f7327f62a7d03995a5a4615770154941d59493473186e5140c` Request headers Referer https://www.ulster.updated.one/files/master.css Origin https://www.ulster.updated.one accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT last-modified Sun, 18 Jul 2021 00:52:23 GMT server nginx x-powered-by PleskLin etag "60f37b47-5444" content-type font/woff2 accept-ranges bytes content-length 21572
GET H2	200	radio-selected.png www.ulster.updated.one/files/	2 KB 2 KB	68ms 67ms	Image image/png	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://www.ulster.updated.one/files/radio-selected.png Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/files/dpc.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `d81db57832f4742b67755f90f8c3d37735cb9f58dbb10e312f931343d27552c6` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/files/dpc.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT last-modified Sun, 18 Jul 2021 00:31:59 GMT server nginx x-powered-by PleskLin etag "60f3767f-661" content-type image/png accept-ranges bytes content-length 1633
GET H2	200	combined-shape.png www.ulster.updated.one/files/	359 B 528 B	69ms 67ms	Image image/png	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://www.ulster.updated.one/files/combined-shape.png Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/files/dpc.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `d1c878b4e69d9da5292c53b1f46708de74c435144895bdfd697208406466a814` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/files/dpc.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT etag "167-5c75af6041500" last-modified Sun, 18 Jul 2021 00:32:52 GMT server nginx x-powered-by PleskLin content-type image/png x-accel-version 0.01 accept-ranges bytes content-length 359
GET H2	200	radio-normal.png www.ulster.updated.one/files/	1 KB 1 KB	65ms 64ms	Image image/png	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://www.ulster.updated.one/files/radio-normal.png Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/files/dpc.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `1ec277d20cb0b2b9d72322f3cc32d988435978a6a8f72b28e0f8ac8b1bf17a72` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/files/dpc.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT last-modified Sun, 18 Jul 2021 00:31:46 GMT server nginx x-powered-by PleskLin etag "60f37672-525" content-type image/png accept-ranges bytes content-length 1317
GET H2	200	check-box.png www.ulster.updated.one/files/	157 B 325 B	69ms 69ms	Image image/png	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://www.ulster.updated.one/files/check-box.png Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/files/dpc.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `d2955b58d801a021737f025d1716a68fd2a143ddac3e0b749fcc053deba6e082` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/files/dpc.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT etag "9d-5c75c0f68d340" last-modified Sun, 18 Jul 2021 01:51:33 GMT server nginx x-powered-by PleskLin content-type image/png x-accel-version 0.01 accept-ranges bytes content-length 157
GET H2	200	down-chevron.png www.ulster.updated.one/files/	295 B 464 B	69ms 68ms	Image image/png	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://www.ulster.updated.one/files/down-chevron.png Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/files/ubr.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `4f5a022467e927b5b385cc335e58434a49bad0520ed018fc059075069d695c79` Request headers accept-language en-GB,en;q=0.9 Referer https://www.ulster.updated.one/files/ubr.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT etag "127-5c75bcaaf7100" last-modified Sun, 18 Jul 2021 01:32:20 GMT server nginx x-powered-by PleskLin content-type image/png x-accel-version 0.01 accept-ranges bytes content-length 295
GET H2	200	RNHouseSansW05-Bold.woff2 www.ulster.updated.one/files/	22 KB 22 KB	67ms 66ms	Font font/woff2	20.77.106.190 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.ulster.updated.one/files/RNHouseSansW05-Bold.woff2 Requested by Host: www.ulster.updated.one URL: https://www.ulster.updated.one/files/master.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.77.106.190 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / PleskLin Resource Hash `ce64c0d35d4ad8fd2fa79ecd45d6db37982940958b7f51448b697bad342ce55b` Request headers Referer https://www.ulster.updated.one/files/master.css Origin https://www.ulster.updated.one accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Thu, 11 Aug 2022 14:26:05 GMT last-modified Sun, 18 Jul 2021 00:51:14 GMT server nginx x-powered-by PleskLin etag "60f37b02-56a8" content-type font/woff2 accept-ranges bytes content-length 22184

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.anytimebanking.ulsterbank.co.uk
URL: https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ulster Bank (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.ulster.updated.one/	1969-12-31 23:59:59	Name: PHPSESSID Value: ep3p05r3rj7tvo8btkbibi3dq5

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.ulster.updated.one/TSPD/0881902459ab200056d2f50a63cb029a7f83d058e41dcc8140f3429d5d17e52f32d142c039b93ea4?type=17 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.anytimebanking.ulsterbank.co.uk/Brands/UBN/images/error-marker.png Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.anytimebanking.ulsterbank.co.uk
www.ulster.updated.one
www.anytimebanking.ulsterbank.co.uk
20.77.106.190
10ce268edf1ba191e66ab132d096f256e77fd67ca55e0c68aef2a9bc3c26d8c6
17f81d38208e8d3fd578a2ef065f7e56b3940602ae2f2c9abf30755793345a1e
1ec277d20cb0b2b9d72322f3cc32d988435978a6a8f72b28e0f8ac8b1bf17a72
1ff7cebb66f03f7dcd94f88c1f390719cd7ea584eb625b1d63940224848614ff
27f324f2ad60091d5e8f76adfef83f9122dc8aa8df29d0a8d970bfe06aaa5005
42e70c32efffee33a1d8bddf152d6b754fa8abb83c6166444b8d41b217d9dae6
4f5a022467e927b5b385cc335e58434a49bad0520ed018fc059075069d695c79
6d9e7fca29e269a1dd3703882205db0190a40810983bb03f92593b721426c781
819cef75d4acd620941b2533d3af0d474c9a366b61e415fc6ddd019a42527065
90375d0567bd807227fe6b83b7659f48cd5c6b77a1d3a2e30db92e059de06966
9be8b2c42ad2d6f7327f62a7d03995a5a4615770154941d59493473186e5140c
adc679d2873b0dc94544775b6bd1603c4b9be656cd48523e03c93322e87ac6ec
bcd8fe9f5c64fb55d16e65eaf8090ff5c51f417f65e7e52546ad0f21f6ecb824
ce64c0d35d4ad8fd2fa79ecd45d6db37982940958b7f51448b697bad342ce55b
d1c878b4e69d9da5292c53b1f46708de74c435144895bdfd697208406466a814
d2955b58d801a021737f025d1716a68fd2a143ddac3e0b749fcc053deba6e082
d81db57832f4742b67755f90f8c3d37735cb9f58dbb10e312f931343d27552c6
de863d7d066d3438e1c8cb51ba10db9196369b8f9181434789cdbe80356a8ba5
ecf9d34240c5226d8ec5a28653df365f73a750f89ea1bf4dcee746c566440bc2
f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.ulster.updated.one Open in urlscan Pro 20.77.106.190 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

24 Requests

96 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

214 kBTransfer

670 kBSize

1 Cookies

2 Outgoing links

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

www.ulster.updated.one Open in urlscan Pro
20.77.106.190 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

96 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

214 kB
Transfer

670 kB
Size

1
Cookies

24 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!