u-h-x.com Open in urlscan Pro
142.44.163.33 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://u-h-x.com/Manulife/
Submission: On September 12 via manual (September 12th 2018, 7:12:24 pm UTC) from RU

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 142.44.163.33, located in Victoria, Canada and belongs to OVH, FR. The main domain is u-h-x.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 10th 2018. Valid for: 3 months.

This is the only time u-h-x.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Manulife Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
10	142.44.163.33 142.44.163.33		16276 (OVH) (OVH)
10	1

10 142.44.163.33 (Victoria, Canada)

ASN16276 (OVH, FR)
PTR: 33.ip-142-44-163.net

u-h-x.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	u-h-x.com u-h-x.com	197 KB
10	1

	Domain	Requested by
10	u-h-x.com	u-h-x.com
10	1

This site contains no links.

Subject Issuer	Validity	Valid
u-h-x.com cPanel, Inc. Certification Authority	`2018-09-10` - `2018-12-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://u-h-x.com/Manulife/
Frame ID: E7E8E2807C065657024C21187039D75B
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

197 kB
Transfer

195 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response u-h-x.com/Manulife/	13 KB 13 KB	102ms 101ms	Document text/html	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Full URL https://u-h-x.com/Manulife/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `9b41a5871931462ff1f17ece1e842d9f52d5313dfa106d9431f1c1d7afa6ea75` Request headers Host u-h-x.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id E7E8E2807C065657024C21187039D75B Response headers Date Wed, 12 Sep 2018 19:12:12 GMT Server Apache Last-Modified Thu, 28 Jun 2018 03:46:56 GMT Accept-Ranges bytes Content-Length 12816 Keep-Alive timeout=5, max=79 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	manulife_20170330.css u-h-x.com/Manulife/login_files/	6 KB 6 KB	97ms 95ms	Stylesheet text/css	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Full URL https://u-h-x.com/Manulife/login_files/manulife_20170330.css Requested by Host: u-h-x.com URL: https://u-h-x.com/Manulife/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `044239b8f5434ed72cc4d3c81217582a243ab284beb41fe8820b87303d5c99c3` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer https://u-h-x.com/Manulife/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/Manulife/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:13 GMT Last-Modified Sat, 20 Jan 2018 22:27:44 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=78 Content-Length 5651
GET H/1.1	200 OK	modal.js Show response u-h-x.com/Manulife/login_files/	14 KB 14 KB	192ms 95ms	Script application/javascript	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Full URL https://u-h-x.com/Manulife/login_files/modal.js Requested by Host: u-h-x.com URL: https://u-h-x.com/Manulife/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `3cac4b1254742ce96465863630f4eac5855ab8ae37d7a1b5f053ff9cb53a2ad0` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer https://u-h-x.com/Manulife/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/Manulife/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:13 GMT Last-Modified Sat, 20 Jan 2018 22:27:44 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=77 Content-Length 14159
GET H/1.1	200 OK	Manulife_e_W_Bank.gif u-h-x.com/Manulife/login_files/	10 KB 10 KB	188ms 95ms	Image image/gif	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/Manulife/login_files/Manulife_e_W_Bank.gif Requested by Host: u-h-x.com URL: https://u-h-x.com/Manulife/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `3f02ef79e19f751b40fe3c913e4c1670ac1ff9f6f0d1fc6bbced1afb4567ef4c` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/Manulife/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/Manulife/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:13 GMT Last-Modified Sat, 20 Jan 2018 22:27:46 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 9980
GET H/1.1	200 OK	help_icon.gif u-h-x.com/Manulife/login_files/	643 B 884 B	180ms 93ms	Image image/gif	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/Manulife/login_files/help_icon.gif Requested by Host: u-h-x.com URL: https://u-h-x.com/Manulife/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `408f07113d8d08430067b70f17a6b248ce774dbe7fbf5fefd9037ff517889fd5` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/Manulife/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/Manulife/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:13 GMT Last-Modified Sat, 20 Jan 2018 22:27:46 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 643
GET H/1.1	200 OK	CS3010EMobileAppBankloginbanner.jpg u-h-x.com/Manulife/login_files/	71 KB 71 KB	182ms 94ms	Image image/jpeg	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/Manulife/login_files/CS3010EMobileAppBankloginbanner.jpg Requested by Host: u-h-x.com URL: https://u-h-x.com/Manulife/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `b249d3f391595a20a88ea035d876fe52f0be4d17a928cd9db84fae79cacc049d` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/Manulife/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/Manulife/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:13 GMT Last-Modified Sat, 20 Jan 2018 22:27:46 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 72776
GET H/1.1	200 OK	CS2302E_Find+an+ABM+_resized_FINAL.jpg u-h-x.com/Manulife/login_files/	27 KB 27 KB	274ms 93ms	Image image/jpeg	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/Manulife/login_files/CS2302E_Find+an+ABM+_resized_FINAL.jpg Requested by Host: u-h-x.com URL: https://u-h-x.com/Manulife/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `efd15ecf85a584d7c0c2fc0cf7d96220f9a6ae01fe7e006198395924bf316654` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/Manulife/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/Manulife/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:13 GMT Last-Modified Sat, 20 Jan 2018 22:27:44 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 27898
GET H/1.1	200 OK	manulife-print_20141222.css u-h-x.com/Manulife/login_files/	3 KB 4 KB	296ms 97ms	Stylesheet text/css	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Full URL https://u-h-x.com/Manulife/login_files/manulife-print_20141222.css Requested by Host: u-h-x.com URL: https://u-h-x.com/Manulife/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `68e12ef0c5cd8d23a1031565eeac1926be7d82c4fe3dca51945e8abcb288821b` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer https://u-h-x.com/Manulife/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/Manulife/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:13 GMT Last-Modified Sat, 20 Jan 2018 22:27:44 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3391
GET H/1.1	200 OK	bg_grad.png u-h-x.com/Manulife/login_files/	51 KB 51 KB	101ms 97ms	Image image/png	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/Manulife/login_files/bg_grad.png Requested by Host: u-h-x.com URL: https://u-h-x.com/Manulife/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `99c059a50ba23f3874a58b779a7f232c54526be8e3059add4e89e5fab283d943` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/Manulife/ Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/Manulife/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:13 GMT Last-Modified Sat, 20 Jan 2018 22:27:46 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=76 Content-Length 51980
GET H/1.1	200 OK	whitehomeongreen.png u-h-x.com/Manulife/login_files/	319 B 561 B	212ms 96ms	Image image/png	142.44.163.33 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://u-h-x.com/Manulife/login_files/whitehomeongreen.png Requested by Host: u-h-x.com URL: https://u-h-x.com/Manulife/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 142.44.163.33 Victoria, Canada, ASN16276 (OVH, FR), Reverse DNS 33.ip-142-44-163.net Software Apache / Resource Hash `f106bd31010b3ad9609ee43fbae4f45927b02d05f57235c51eb433a7f7ca2ef0` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u-h-x.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://u-h-x.com/Manulife/login_files/manulife_20170330.css Connection keep-alive Cache-Control no-cache Referer https://u-h-x.com/Manulife/login_files/manulife_20170330.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 12 Sep 2018 19:12:13 GMT Last-Modified Sat, 20 Jan 2018 22:27:44 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 319

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Manulife Bank (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

u-h-x.com
142.44.163.33
044239b8f5434ed72cc4d3c81217582a243ab284beb41fe8820b87303d5c99c3
3cac4b1254742ce96465863630f4eac5855ab8ae37d7a1b5f053ff9cb53a2ad0
3f02ef79e19f751b40fe3c913e4c1670ac1ff9f6f0d1fc6bbced1afb4567ef4c
408f07113d8d08430067b70f17a6b248ce774dbe7fbf5fefd9037ff517889fd5
68e12ef0c5cd8d23a1031565eeac1926be7d82c4fe3dca51945e8abcb288821b
99c059a50ba23f3874a58b779a7f232c54526be8e3059add4e89e5fab283d943
9b41a5871931462ff1f17ece1e842d9f52d5313dfa106d9431f1c1d7afa6ea75
b249d3f391595a20a88ea035d876fe52f0be4d17a928cd9db84fae79cacc049d
efd15ecf85a584d7c0c2fc0cf7d96220f9a6ae01fe7e006198395924bf316654
f106bd31010b3ad9609ee43fbae4f45927b02d05f57235c51eb433a7f7ca2ef0

u-h-x.com Open in urlscan Pro 142.44.163.33 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

197 kBTransfer

195 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

u-h-x.com Open in urlscan Pro
142.44.163.33 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

197 kB
Transfer

195 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!