unionbank.phcom.uber.space Open in urlscan Pro
2a00:d0c0:200:0:58fd:35ff:fe24:971d Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://unionbank.phcom.uber.space/
Effective URL:
https://unionbank.phcom.uber.space/
Submission: On March 01 via automatic, source openphish (March 1st 2023, 1:03:22 am UTC) — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 6 domains to perform 16 HTTP transactions. The main IP is 2a00:d0c0:200:0:58fd:35ff:fe24:971d, located in Germany and belongs to UBERSPACE, DE. The main domain is unionbank.phcom.uber.space.
TLS certificate: Issued by R3 on February 27th 2023. Valid for: 3 months.

This is the only time unionbank.phcom.uber.space was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Union Bank of the Philippines (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 7	2a00:d0c0:200... 2a00:d0c0:200:0:58fd:35ff:fe24:971d	205766 (UBERSPACE) (UBERSPACE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2b	20446 (STACKPATH...) (STACKPATH-CDN)
2 4	2606:4700::68... 2606:4700::6810:7caf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2.23.97.178 2.23.97.178	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	7

7 2a00:d0c0:200:0:58fd:35ff:fe24:971d (Germany) 1 redirects

ASN205766 (UBERSPACE, DE)

unionbank.phcom.uber.space	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:7caf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.23.97.178 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-23-97-178.deploy.static.akamaitechnologies.com

online.unionbankph.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	uber.space 1 redirects unionbank.phcom.uber.space	281 KB
4	unpkg.com 2 redirects unpkg.com — Cisco Umbrella Rank: 761	16 KB
3	unionbankph.com online.unionbankph.com — Cisco Umbrella Rank: 313286	449 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 788	7 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 195	14 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 693	31 KB
16	6

	Domain	Requested by
7	unionbank.phcom.uber.space	1 redirects unionbank.phcom.uber.space
4	unpkg.com	2 redirects unionbank.phcom.uber.space
3	online.unionbankph.com	unionbank.phcom.uber.space
1	maxcdn.bootstrapcdn.com	unionbank.phcom.uber.space
1	cdnjs.cloudflare.com	unionbank.phcom.uber.space
1	code.jquery.com	unionbank.phcom.uber.space
16	6

This site contains no links.

Subject Issuer	Validity	Valid
unionbank.phcom.uber.space R3	`2023-02-27` - `2023-05-28`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
online.unionbankph.com GlobalSign Extended Validation CA - SHA256 - G3	`2022-10-17` - `2023-11-18`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://unionbank.phcom.uber.space/
Frame ID: 651593F0D33B67AA798BA3F990D4A9E4
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Union Bank of the Philippines

Page URL History Show full URLs

http://unionbank.phcom.uber.space/ HTTP 301
https://unionbank.phcom.uber.space/ Page URL

Detected technologies

Alpine.js (JavaScript frameworks) Expand

Overall confidence: 75%
Detected patterns

<[^>]+[^\w-]x-data[^\w-][^<]+

Ant Design (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]*class="ant-(?:btn|col|row|layout|breadcrumb|menu|pagination|steps|select|cascader|checkbox|calendar|form|input-number|input|mention|rate|radio|slider|switch|tree-select|time-picker|transfer|upload|avatar|badge|card|carousel|collapse|list|popover|tooltip|table|tabs|tag|timeline|tree|alert|modal|message|notification|progress|popconfirm|spin|anchor|back-top|divider|drawer)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

75 %
HTTPS

83 %
IPv6

6
Domains

6
Subdomains

7
IPs

4
Countries

799 kB
Transfer

2000 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://unionbank.phcom.uber.space/ HTTP 301
https://unionbank.phcom.uber.space/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js HTTP 302
https://unpkg.com/alpinejs@3.11.1/dist/cdn.min.js

Request Chain 6

https://unpkg.com/@alpinejs/persist@3.x.x/dist/cdn.min.js HTTP 302
https://unpkg.com/@alpinejs/persist@3.11.1/dist/cdn.min.js

Request Chain 13

https://unionbank.phcom.uber.space/online-banking/4cad99e6a344e4d69fc5.ttf HTTP 302
https://online.unionbankph.com/online-banking/login

Request Chain 14

https://unionbank.phcom.uber.space/online-banking/9db8bbe1f50d6c57847c.ttf HTTP 302
https://online.unionbankph.com/online-banking/login

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
unionbank.phcom.uber.space/
Redirect Chain

http://unionbank.phcom.uber.space/
https://unionbank.phcom.uber.space/

68 KB
15 KB

195ms
70ms

Document
text/html

2a00:d0c0:200:0:58fd:35ff:fe24:971d
UBERSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://unionbank.phcom.uber.space/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:d0c0:200:0:58fd:35ff:fe24:971d , Germany, ASN205766 (UBERSPACE, DE),

Reverse DNS

Software

nginx /

Resource Hash

7763c6b025284aa117a9eec5ac5dd41e358e7a4a2aef73e7570c5ea9c9c5942c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 01 Mar 2023 01:03:13 GMT
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Date: Wed, 01 Mar 2023 01:03:13 GMT
Location: https://unionbank.phcom.uber.space/
Server: nginx

GET
H2 200 jquery-3.6.3.min.js Show response
code.jquery.com/ 88 KB
31 KB 496ms
24ms Script
application/javascript 2001:4de0:ac18::1:a:2b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.3.min.js
Requested by: Host: unionbank.phcom.uber.space
URL: https://unionbank.phcom.uber.space/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575

Request headers

Referer: https://unionbank.phcom.uber.space/
Origin: https://unionbank.phcom.uber.space
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 01:03:14 GMT
content-encoding: gzip
last-modified: Tue, 20 Dec 2022 21:10:40 GMT
server: nginx
etag: W/"63a224d0-15f5b"
vary: Accept-Encoding
x-hw: 1677632594.dop216.fr8.t,1677632594.cds229.fr8.hn,1677632594.cds203.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 31046

GET
H2 200 fae70cfb8bad4187caae.css
unionbank.phcom.uber.space/assets/ 226 KB
45 KB 37ms
29ms Stylesheet
text/css 2a00:d0c0:200:0:58fd:35ff:fe24:971d
UBERSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://unionbank.phcom.uber.space/assets/fae70cfb8bad4187caae.css

Requested by

Host: unionbank.phcom.uber.space
URL: https://unionbank.phcom.uber.space/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:d0c0:200:0:58fd:35ff:fe24:971d , Germany, ASN205766 (UBERSPACE, DE),

Reverse DNS

Software

nginx /

Resource Hash

03d12a13fc3b1126405c0e0f7bdfdc197f8c64c1ac608c7e759228291f0c1b97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unionbank.phcom.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 01:03:13 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 27 Feb 2023 15:51:48 GMT
server: nginx
content-encoding: gzip
etag: W/"389bd-5f5b074ed4610"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-xss-protection: 1; mode=block

GET
H2 200 ef8286c6d8339f3f5050.css
unionbank.phcom.uber.space/assets/ 5 KB
2 KB 71ms
61ms Stylesheet
text/css 2a00:d0c0:200:0:58fd:35ff:fe24:971d
UBERSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://unionbank.phcom.uber.space/assets/ef8286c6d8339f3f5050.css

Requested by

Host: unionbank.phcom.uber.space
URL: https://unionbank.phcom.uber.space/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:d0c0:200:0:58fd:35ff:fe24:971d , Germany, ASN205766 (UBERSPACE, DE),

Reverse DNS

Software

nginx /

Resource Hash

b80a5858ecff354ce9df3bfa7f5b75bc041dcf36defe9af8ed3f495b6cb7acf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unionbank.phcom.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 01:03:13 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 27 Feb 2023 15:51:49 GMT
server: nginx
content-encoding: gzip
etag: W/"144d-5f5b074fa230f"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-xss-protection: 1; mode=block

GET
H2 200 0089da83917d9e4611a5.css
unionbank.phcom.uber.space/assets/ 2 KB
899 B 90ms
81ms Stylesheet
text/css 2a00:d0c0:200:0:58fd:35ff:fe24:971d
UBERSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://unionbank.phcom.uber.space/assets/0089da83917d9e4611a5.css

Requested by

Host: unionbank.phcom.uber.space
URL: https://unionbank.phcom.uber.space/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:d0c0:200:0:58fd:35ff:fe24:971d , Germany, ASN205766 (UBERSPACE, DE),

Reverse DNS

Software

nginx /

Resource Hash

6fe156a0cbf68b8e34b11079b1b4ba5f5aaf67a2f61278cb226e7ab11d5d9d1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unionbank.phcom.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 01:03:13 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 27 Feb 2023 15:52:03 GMT
server: nginx
content-encoding: gzip
etag: W/"9f3-5f5b075d0b14b"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-xss-protection: 1; mode=block

GET
H2 200 56f5b3db29ac1f3e6b94.css
unionbank.phcom.uber.space/assets/ 926 KB
168 KB 71ms
63ms Stylesheet
text/css 2a00:d0c0:200:0:58fd:35ff:fe24:971d
UBERSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://unionbank.phcom.uber.space/assets/56f5b3db29ac1f3e6b94.css

Requested by

Host: unionbank.phcom.uber.space
URL: https://unionbank.phcom.uber.space/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:d0c0:200:0:58fd:35ff:fe24:971d , Germany, ASN205766 (UBERSPACE, DE),

Reverse DNS

Software

nginx /

Resource Hash

481f237f5a19ceb4a4f2f4e7918dda78f041b492e438f46edcf9ae78b77bbfab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unionbank.phcom.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 01:03:13 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 27 Feb 2023 15:51:55 GMT
server: nginx
content-encoding: gzip
etag: W/"e77c3-5f5b0755aa263"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-xss-protection: 1; mode=block

GET
H2

200

cdn.min.js Show response
unpkg.com/alpinejs@3.11.1/dist/
Redirect Chain

https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js
https://unpkg.com/alpinejs@3.11.1/dist/cdn.min.js

40 KB
15 KB

31ms
31ms

Script
application/javascript

2606:4700::6810:7caf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/alpinejs@3.11.1/dist/cdn.min.js

Requested by

Host: unionbank.phcom.uber.space
URL: https://unionbank.phcom.uber.space/

Protocol

Server

2606:4700::6810:7caf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c832fe55fc65f709def6e7dadfb4fbe326fbe0347896bb47e2e1e629b037b66f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unionbank.phcom.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 01:03:14 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3656334
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01GQ0C58G0RJFQMRBVCQHTN043-fra
server: cloudflare
etag: W/"a189-HF5Aobd/qvljxt08i5meixNxEOw"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7a0d7aa3edce2bd1-FRA

Redirect headers

date: Wed, 01 Mar 2023 01:03:14 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01GTDB0GC5KZAWEJ7RJ9T24VNY-fra
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 107
vary: Accept, Accept-Encoding
content-type: text/html; charset=utf-8
access-control-allow-origin: *
location: /alpinejs@3.11.1/dist/cdn.min.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 7a0d7aa3bdab2bd1-FRA

GET
H2

200

cdn.min.js Show response
unpkg.com/@alpinejs/persist@3.11.1/dist/
Redirect Chain

https://unpkg.com/@alpinejs/persist@3.x.x/dist/cdn.min.js
https://unpkg.com/@alpinejs/persist@3.11.1/dist/cdn.min.js

626 B
483 B

30ms
30ms

Script
application/javascript

2606:4700::6810:7caf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/@alpinejs/persist@3.11.1/dist/cdn.min.js

Requested by

Host: unionbank.phcom.uber.space
URL: https://unionbank.phcom.uber.space/

Protocol

Server

2606:4700::6810:7caf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

addcc131568abc7aa9a29970192293be04b775523e8236884d0b7522530d8a53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unionbank.phcom.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 01:03:16 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3655789
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01GQ0CNYTX2JNNHM3QNW76VHVX-fra
server: cloudflare
etag: W/"272-26hgMvwsu72d4j/KfBklq4z7UKU"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7a0d7aad9beb2bd1-FRA

Redirect headers

date: Wed, 01 Mar 2023 01:03:16 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: EXPIRED
fly-request-id: 01GTDB3RMCETE5K9EJT44H157F-fra
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /@alpinejs/persist@3.11.1/dist/cdn.min.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 7a0d7aa40ddf2bd1-FRA

GET
H2 200 crypto-js.min.js Show response
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/ 47 KB
14 KB 495ms
27ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

Requested by

Host: unionbank.phcom.uber.space
URL: https://unionbank.phcom.uber.space/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://unionbank.phcom.uber.space
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 01:03:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 6760306
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13972
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61182885-3694"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aH%2BFakpOJX9o61Cog6%2BESxaJGvMrcCNyKTh5zNKP329NL%2BwCAeODnj8vabRezcTLhSVjbAD%2FYbwql3zCu%2BujVIwzMX6FL%2F21oRJzusS%2FcWFJqq3NCREP5iNe1pUrKdvs%2FtZta98HaTtP%2BHKkkbwFjqjJ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7a0d7aa32ed19bee-FRA
expires: Mon, 19 Feb 2024 01:03:14 GMT

GET
H/1.1 200
OK 77bcca0a353436ad0ea0.png
online.unionbankph.com/online-banking/ 82 KB
83 KB 830ms
530ms Image
image/png 2.23.97.178
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.unionbankph.com/online-banking/77bcca0a353436ad0ea0.png

Requested by

Host: unionbank.phcom.uber.space
URL: https://unionbank.phcom.uber.space/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.23.97.178 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-23-97-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

98beb0e665f5d2724b955f00a4b80a0c5db2ba5bb8830054482a75c4384eedaa

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' appdynamics.com .appdynamics.com facebook.net .facebook.net google-analytics.com .google-analytics.com cloudfront.net .cloudfront.net google.com .google.com gstatic.com .gstatic.com googleapis.com .googleapis.com images-home.com .images-home.com *.walkme.com
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unionbank.phcom.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Security-Policy: script-src 'self' appdynamics.com *.appdynamics.com facebook.net *.facebook.net google-analytics.com *.google-analytics.com cloudfront.net *.cloudfront.net google.com *.google.com gstatic.com *.gstatic.com googleapis.com *.googleapis.com images-home.com *.images-home.com *.walkme.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
Date: Wed, 01 Mar 2023 01:03:15 GMT
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 84281
X-XSS-Protection: 1; mode=block
Pragma
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 03 Feb 2023 04:24:28 GMT
X-Frame-Options: DENY
Content-Type: image/png
Cache-Control: max-age=51769
Permissions-Policy: camera=(self)
Accept-Ranges: bytes
Expires: Wed, 01 Mar 2023 15:26:04 GMT

GET
H/1.1 200
OK 58cfe04e893f01896e51.png
online.unionbankph.com/online-banking/ 7 KB
8 KB 501ms
201ms Image
image/png 2.23.97.178
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.unionbankph.com/online-banking/58cfe04e893f01896e51.png

Requested by

Host: unionbank.phcom.uber.space
URL: https://unionbank.phcom.uber.space/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.23.97.178 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-23-97-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

b9a4c593506d5e83c9f7f382c837e2174133ef51bd5729f5068c186ae4d7d559

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' appdynamics.com .appdynamics.com facebook.net .facebook.net google-analytics.com .google-analytics.com cloudfront.net .cloudfront.net google.com .google.com gstatic.com .gstatic.com googleapis.com .googleapis.com images-home.com .images-home.com *.walkme.com
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unionbank.phcom.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Security-Policy: script-src 'self' appdynamics.com *.appdynamics.com facebook.net *.facebook.net google-analytics.com *.google-analytics.com cloudfront.net *.cloudfront.net google.com *.google.com gstatic.com *.gstatic.com googleapis.com *.googleapis.com images-home.com *.images-home.com *.walkme.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
Date: Wed, 01 Mar 2023 01:03:15 GMT
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 6841
X-XSS-Protection: 1; mode=block
Pragma
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 03 Feb 2023 04:24:28 GMT
X-Frame-Options: DENY
Content-Type: image/png
Cache-Control: max-age=30275
Permissions-Policy: camera=(self)
Accept-Ranges: bytes
Expires: Wed, 01 Mar 2023 09:27:50 GMT

GET
H2 200 script.js Show response
unionbank.phcom.uber.space/assets/ 119 KB
51 KB 36ms
36ms Script
application/javascript 2a00:d0c0:200:0:58fd:35ff:fe24:971d
UBERSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://unionbank.phcom.uber.space/assets/script.js

Requested by

Host: unionbank.phcom.uber.space
URL: https://unionbank.phcom.uber.space/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:d0c0:200:0:58fd:35ff:fe24:971d , Germany, ASN205766 (UBERSPACE, DE),

Reverse DNS

Software

nginx /

Resource Hash

9365557f8f3c7581748e9a1e8d1492b04f736e9b68d7b7ad23a4f087927d80a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unionbank.phcom.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 01:03:14 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 27 Feb 2023 16:04:56 GMT
server: nginx
content-encoding: gzip
etag: W/"1dd87-5f5b0a3edcc62"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
x-xss-protection: 1; mode=block

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 81ms
26ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: unionbank.phcom.uber.space
URL: https://unionbank.phcom.uber.space/assets/56f5b3db29ac1f3e6b94.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unionbank.phcom.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 01:03:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 722
age: 2195591
cdn-cachedat: 11/18/2022 06:18:29
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: W/"269550530cc127b6aa5a35925a7de6ce"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: be050c61329891fb4ef880afd785a1b0
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 7a0d7aa3d8f39b34-FRA
cdn-requestpullsuccess: True

GET
H/1.1 200
OK 8c9480f4bf7dd79ae693.png
online.unionbankph.com/online-banking/ 358 KB
358 KB 826ms
533ms Image
image/png 2.23.97.178
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.unionbankph.com/online-banking/8c9480f4bf7dd79ae693.png

Requested by

Host: unionbank.phcom.uber.space
URL: https://unionbank.phcom.uber.space/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.23.97.178 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-23-97-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

03c1ce963c323b9254ab601832c2630da3f4607d8b8fd33bbaad36c2622292f8

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' appdynamics.com .appdynamics.com facebook.net .facebook.net google-analytics.com .google-analytics.com cloudfront.net .cloudfront.net google.com .google.com gstatic.com .gstatic.com googleapis.com .googleapis.com images-home.com .images-home.com *.walkme.com
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unionbank.phcom.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Security-Policy: script-src 'self' appdynamics.com *.appdynamics.com facebook.net *.facebook.net google-analytics.com *.google-analytics.com cloudfront.net *.cloudfront.net google.com *.google.com gstatic.com *.gstatic.com googleapis.com *.googleapis.com images-home.com *.images-home.com *.walkme.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
Date: Wed, 01 Mar 2023 01:03:15 GMT
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 366107
X-XSS-Protection: 1; mode=block
Pragma
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 03 Feb 2023 04:24:28 GMT
X-Frame-Options: DENY
Content-Type: image/png
Cache-Control: max-age=40562
Permissions-Policy: camera=(self)
Accept-Ranges: bytes
Expires: Wed, 01 Mar 2023 12:19:17 GMT

GET

https://unionbank.phcom.uber.space/online-banking/4cad99e6a344e4d69fc5.ttf
https://online.unionbankph.com/online-banking/login

0
0

GET

https://unionbank.phcom.uber.space/online-banking/9db8bbe1f50d6c57847c.ttf
https://online.unionbankph.com/online-banking/login

0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: online.unionbankph.com
URL: https://online.unionbankph.com/online-banking/login

Domain: online.unionbankph.com
URL: https://online.unionbankph.com/online-banking/login

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Union Bank of the Philippines (Banking)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://unionbank.phcom.uber.space/ Message: Access to font at 'https://online.unionbankph.com/online-banking/login#!/login' (redirected from 'https://unionbank.phcom.uber.space/online-banking/9db8bbe1f50d6c57847c.ttf') from origin 'https://unionbank.phcom.uber.space' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://online.unionbankph.com/online-banking/login#!/login Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://unionbank.phcom.uber.space/ Message: Access to font at 'https://online.unionbankph.com/online-banking/login#!/login' (redirected from 'https://unionbank.phcom.uber.space/online-banking/4cad99e6a344e4d69fc5.ttf') from origin 'https://unionbank.phcom.uber.space' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://online.unionbankph.com/online-banking/login#!/login Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
code.jquery.com
maxcdn.bootstrapcdn.com
online.unionbankph.com
unionbank.phcom.uber.space
unpkg.com
online.unionbankph.com
2.23.97.178
2001:4de0:ac18::1:a:2b
2606:4700::6810:7caf
2606:4700::6811:180e
2606:4700::6812:bcf
2a00:d0c0:200:0:58fd:35ff:fe24:971d
03c1ce963c323b9254ab601832c2630da3f4607d8b8fd33bbaad36c2622292f8
03d12a13fc3b1126405c0e0f7bdfdc197f8c64c1ac608c7e759228291f0c1b97
481f237f5a19ceb4a4f2f4e7918dda78f041b492e438f46edcf9ae78b77bbfab
6fe156a0cbf68b8e34b11079b1b4ba5f5aaf67a2f61278cb226e7ab11d5d9d1f
7763c6b025284aa117a9eec5ac5dd41e358e7a4a2aef73e7570c5ea9c9c5942c
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
9365557f8f3c7581748e9a1e8d1492b04f736e9b68d7b7ad23a4f087927d80a2
98beb0e665f5d2724b955f00a4b80a0c5db2ba5bb8830054482a75c4384eedaa
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
addcc131568abc7aa9a29970192293be04b775523e8236884d0b7522530d8a53
b80a5858ecff354ce9df3bfa7f5b75bc041dcf36defe9af8ed3f495b6cb7acf3
b9a4c593506d5e83c9f7f382c837e2174133ef51bd5729f5068c186ae4d7d559
c832fe55fc65f709def6e7dadfb4fbe326fbe0347896bb47e2e1e629b037b66f

unionbank.phcom.uber.space Open in urlscan Pro 2a00:d0c0:200:0:58fd:35ff:fe24:971d Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

75 %HTTPS

83 %IPv6

6 Domains

6 Subdomains

7 IPs

4 Countries

799 kBTransfer

2000 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

0 Cookies

4 Console Messages

Security Headers

Indicators

unionbank.phcom.uber.space Open in urlscan Pro
2a00:d0c0:200:0:58fd:35ff:fe24:971d Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

75 %
HTTPS

83 %
IPv6

6
Domains

6
Subdomains

7
IPs

4
Countries

799 kB
Transfer

2000 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!