loginwt2298vub19.gbcontractors.in Open in urlscan Pro
181.174.166.56  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request card.php Show response loginwt2298vub19.gbcontractors.in/ubs1/	39 KB 39 KB	386ms 178ms	Document text/html	181.174.166.56 Offshore Racks S.A
General Check archive.org Show headers Download Go to Full URL http://loginwt2298vub19.gbcontractors.in/ubs1/card.php Protocol HTTP/1.1 Server 181.174.166.56 , Panama, ASN52469 (Offshore Racks S.A, PA), Reverse DNS host-181-174-166-56.offshoreracks.com Software Apache/2.2.15 (CentOS) / PHP/5.3.3 Resource Hash 0c9720fc707e5849cc6b1217de07ff555482302ea32236107fa643f4fe903b38 Request headers Host loginwt2298vub19.gbcontractors.in Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 26 Nov 2018 12:27:57 GMT Server Apache/2.2.15 (CentOS) X-Powered-By PHP/5.3.3 Connection close Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	ubs_styles.min.css 3dsec.cardcenter.ch/acspage/de_DE_base_UBS/	42 KB 42 KB	136ms 43ms	Stylesheet text/css	194.126.144.122 NETCETERA-AG-AS
General Check archive.org Show headers Download Go to Full URL https://3dsec.cardcenter.ch/acspage/de_DE_base_UBS/ubs_styles.min.css Requested by Host: loginwt2298vub19.gbcontractors.in URL: http://loginwt2298vub19.gbcontractors.in/ubs1/card.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.126.144.122 Glattfelden, Switzerland, ASN34960 (NETCETERA-AG-AS, CH), Reverse DNS 3dsec.cardcenter.ch Software Apache / Resource Hash 360e24b70bf0e9feb60d6ad1b06c0e18979ccd5f8dbadc23579c798d32bb0573 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer http://loginwt2298vub19.gbcontractors.in/ubs1/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 26 Nov 2018 12:27:57 GMT X-Content-Type-Options nosniff Last-Modified Wed, 17 Oct 2018 07:03:10 GMT Server Apache ETag "a6c0-57867435f46b2" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Strict-Transport-Security max-age=31536000; includeSubDomains Accept-Ranges bytes Keep-Alive timeout=10, max=500 Content-Length 42688 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	x-out.js Show response 3dsec.cardcenter.ch/acspage/de_DE_base_UBS/	4 KB 4 KB	145ms 52ms	Script application/javascript	194.126.144.122 NETCETERA-AG-AS
General Check archive.org Show headers Download Go to Full URL https://3dsec.cardcenter.ch/acspage/de_DE_base_UBS/x-out.js Requested by Host: loginwt2298vub19.gbcontractors.in URL: http://loginwt2298vub19.gbcontractors.in/ubs1/card.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.126.144.122 Glattfelden, Switzerland, ASN34960 (NETCETERA-AG-AS, CH), Reverse DNS 3dsec.cardcenter.ch Software Apache / Resource Hash 63c51c4519a5544b8568054e5a18b474a6d3e54dea106a9e31a30327c5e10148 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer http://loginwt2298vub19.gbcontractors.in/ubs1/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 26 Nov 2018 12:27:57 GMT X-Content-Type-Options nosniff Last-Modified Wed, 17 Oct 2018 07:03:10 GMT Server Apache ETag "eed-57867435f4a9a" Strict-Transport-Security max-age=31536000; includeSubDomains Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=500 Content-Length 3821 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	pwdbase.js Show response 3dsec.cardcenter.ch/acspage/de_DE_base_UBS/	5 KB 6 KB	143ms 50ms	Script application/javascript	194.126.144.122 NETCETERA-AG-AS
General Check archive.org Show headers Download Go to Full URL https://3dsec.cardcenter.ch/acspage/de_DE_base_UBS/pwdbase.js Requested by Host: loginwt2298vub19.gbcontractors.in URL: http://loginwt2298vub19.gbcontractors.in/ubs1/card.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.126.144.122 Glattfelden, Switzerland, ASN34960 (NETCETERA-AG-AS, CH), Reverse DNS 3dsec.cardcenter.ch Software Apache / Resource Hash 7006894f5cc6a7cca080245a51c5c7e8572f559654219cd4b0005d13b9df70a8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer http://loginwt2298vub19.gbcontractors.in/ubs1/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 26 Nov 2018 12:27:57 GMT X-Content-Type-Options nosniff Last-Modified Wed, 17 Oct 2018 07:03:10 GMT Server Apache ETag "14cf-57867435f46b2" Strict-Transport-Security max-age=31536000; includeSubDomains Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=500 Content-Length 5327 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	pdf.png 3dsec.cardcenter.ch/acspage/de_DE_base_UBS/images/	508 B 908 B	41ms 40ms	Image image/png	194.126.144.122 NETCETERA-AG-AS
General Check archive.org Show headers Download Go to Show image Full URL https://3dsec.cardcenter.ch/acspage/de_DE_base_UBS/images/pdf.png Requested by Host: loginwt2298vub19.gbcontractors.in URL: http://loginwt2298vub19.gbcontractors.in/ubs1/card.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.126.144.122 Glattfelden, Switzerland, ASN34960 (NETCETERA-AG-AS, CH), Reverse DNS 3dsec.cardcenter.ch Software Apache / Resource Hash 2d125e492f66572abe0f989497deadfd72e894efc6cb2a1f5a0bc7d08ce5e4c1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer http://loginwt2298vub19.gbcontractors.in/ubs1/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 26 Nov 2018 12:27:57 GMT X-Content-Type-Options nosniff Last-Modified Wed, 17 Oct 2018 07:03:10 GMT Server Apache ETag "1fc-57867435f332a" Strict-Transport-Security max-age=31536000; includeSubDomains Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=499 Content-Length 508 X-XSS-Protection 1; mode=block
GET DATA	200 OK	truncated /	3 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 12f5b303a8e06b4da682c9c6da77e5937d65ad0eab005525868688bc7827606f Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml
GET DATA	200 OK	truncated /	4 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7865525be8e3ad6b21468201db9c78a76e2398c17a1a88363e3d3e5d3d7cdd8d Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml
GET DATA	200 OK	truncated /	4 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 2aff7a73f46b3be0d835625a429aa7981750c0e12045c772c833553dd46d93ab Request headers Response headers Access-Control-Allow-Origin * Content-Type image/gif
GET DATA	200 OK	truncated /	526 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 329a54a4d1966abb2a846911add2bbee0944c6afd17cff49f3a86cb24a2e2c37 Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml
GET		frutiger-light-webfont.woff 3dsec.cardcenter.ch/acspage/de_DE_base_UBS/fonts/	0 0
GET H/1.1	404 Not Found	alert-box.js loginwt2298vub19.gbcontractors.in/ubs1/	0 0	376ms 171ms	Script text/html	181.174.166.56 Offshore Racks S.A
General Check archive.org Show headers Download Go to Full URL http://loginwt2298vub19.gbcontractors.in/ubs1/alert-box.js Requested by Host: loginwt2298vub19.gbcontractors.in URL: http://loginwt2298vub19.gbcontractors.in/ubs1/card.php Protocol HTTP/1.1 Server 181.174.166.56 , Panama, ASN52469 (Offshore Racks S.A, PA), Reverse DNS host-181-174-166-56.offshoreracks.com Software Apache/2.2.15 (CentOS) / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host loginwt2298vub19.gbcontractors.in User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept */* Referer http://loginwt2298vub19.gbcontractors.in/ubs1/card.php Connection keep-alive Cache-Control no-cache Referer http://loginwt2298vub19.gbcontractors.in/ubs1/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 26 Nov 2018 12:27:57 GMT Server Apache/2.2.15 (CentOS) Connection close Content-Length 314 Content-Type text/html; charset=iso-8859-1
GET		frutiger-light-webfont.ttf 3dsec.cardcenter.ch/acspage/de_DE_base_UBS/fonts/	0 0
GET		frutiger-webfont.woff 3dsec.cardcenter.ch/acspage/de_DE_base_UBS/fonts/	0 0
GET		frutiger-webfont.ttf 3dsec.cardcenter.ch/acspage/de_DE_base_UBS/fonts/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

3dsec.cardcenter.ch

URL

https://3dsec.cardcenter.ch/acspage/de_DE_base_UBS/fonts/frutiger-light-webfont.woff

Domain

3dsec.cardcenter.ch

URL

https://3dsec.cardcenter.ch/acspage/de_DE_base_UBS/fonts/frutiger-light-webfont.ttf

Domain

3dsec.cardcenter.ch

URL

https://3dsec.cardcenter.ch/acspage/de_DE_base_UBS/fonts/frutiger-webfont.woff

Domain

3dsec.cardcenter.ch

URL

https://3dsec.cardcenter.ch/acspage/de_DE_base_UBS/fonts/frutiger-webfont.ttf

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UBS (Banking)

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| CAPTURE_XOUT boolean| TRAP_RIGHT_CLICK number| KEY_F5 number| KEY_LEFT number| KEY_HOME number| KEY_R number| BTN_RIGHT boolean| isNS boolean| isIE boolean| isNS4 string| formTags function| gatherFormData function| onUnloadHandler function| OnClickHandler function| onDocClick function| onDocKeyDown function| ChipCardInAuthList function| ChipCardSelected function| CanFallBack function| AuthSelectExists function| SecurityWindow function| HelpWindow function| IsNetscapeOnSolaris function| OnCancelHandler function| OnCancelHandler2 function| OnSubmitHandler function| letterNumber function| SetSubmit function| ResetSubmit function| ClearPin function| OnFPWDHandler boolean| refreshing boolean| navigating boolean| closing string| tocName boolean| IsCancelButton string| optinLang function| OnPageInit function| ForceCancel function| OpenWindow function| infoU function| onBeforeUnloadHandler function| onFocusHandler function| OnLocaleChange object| loadError function| objError function| validateNotEmpty function| trimAll function| OnUserInput function| OnSubmitHandler1 function| setEngDisplay function| setFrenchDisplay function| setGermanDisplay function| setItalianDisplay function| fix function| setLocale function| setOpened function| processKey object| b

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3dsec.cardcenter.ch
loginwt2298vub19.gbcontractors.in
3dsec.cardcenter.ch
181.174.166.56
194.126.144.122
0c9720fc707e5849cc6b1217de07ff555482302ea32236107fa643f4fe903b38
12f5b303a8e06b4da682c9c6da77e5937d65ad0eab005525868688bc7827606f
2aff7a73f46b3be0d835625a429aa7981750c0e12045c772c833553dd46d93ab
2d125e492f66572abe0f989497deadfd72e894efc6cb2a1f5a0bc7d08ce5e4c1
329a54a4d1966abb2a846911add2bbee0944c6afd17cff49f3a86cb24a2e2c37
360e24b70bf0e9feb60d6ad1b06c0e18979ccd5f8dbadc23579c798d32bb0573
63c51c4519a5544b8568054e5a18b474a6d3e54dea106a9e31a30327c5e10148
7006894f5cc6a7cca080245a51c5c7e8572f559654219cd4b0005d13b9df70a8
7865525be8e3ad6b21468201db9c78a76e2398c17a1a88363e3d3e5d3d7cdd8d